Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    286s
  • max time network
    255s
  • platform
    windows10-1703_x64
  • resource
    win10-20231220-en
  • resource tags

    arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/12/2023, 14:31

General

  • Target

    main.pyc

  • Size

    7KB

  • MD5

    02caa5bfe36e916418d97839c85bcfe9

  • SHA1

    bf8773fd4e6598227672c17cc1dc9d9d6e960475

  • SHA256

    ae9e46fdb970aed82d36a11fde3de1c59d851816cebcccb701e2fd2b2bf26769

  • SHA512

    f23581eb87faab18415fc629dcd00b47b4bfb57838325485d9a3acfaf7c8d177541a105e440e5bf0c87391aac445080c19387c4f94914be2a851dbe3e6e26285

  • SSDEEP

    192:wfs9acD8xAkQWdXwf4DNfOJhwtMdwhcnw:T5FWuwJK2tPhcw

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 13 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 30 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc
    1⤵
    • Modifies registry class
    PID:308
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3500
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\main.pyc
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:4340
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3224
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1792
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.0.1264876035\854068223" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4f68be1-12d2-498b-88ad-d254aaa811c5} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 1796 2716cdd5b58 gpu
        3⤵
          PID:4960
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.1.946233559\1921056715" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d9ea292-193b-4950-83f3-8026fc4ac44d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2152 2715aa6fe58 socket
          3⤵
            PID:4240
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.2.177198332\949869850" -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 2640 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c270e0b-46e4-4889-afa1-dc48b7ed7033} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2700 27170f9fa58 tab
            3⤵
              PID:2344
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.3.2129467575\4180218" -childID 2 -isForBrowser -prefsHandle 3328 -prefMapHandle 3324 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {738903e8-3000-4486-a815-e961335449ec} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 3352 2716f2c8c58 tab
              3⤵
                PID:3916
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.4.1500617900\1316978203" -childID 3 -isForBrowser -prefsHandle 4348 -prefMapHandle 4344 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0233718d-11ac-49d2-8c55-ade608e5039b} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4100 27172e3f258 tab
                3⤵
                  PID:1572
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.5.1564496403\645314951" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 4836 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f624178-1514-44d7-a664-8eba9882218a} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4800 27172e3ce58 tab
                  3⤵
                    PID:3636
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.7.1377320153\1100845552" -childID 6 -isForBrowser -prefsHandle 4728 -prefMapHandle 5124 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d387950a-2915-4552-8d6a-849af1389d0d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5020 271732dfb58 tab
                    3⤵
                      PID:1096
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.6.185441557\1022243424" -childID 5 -isForBrowser -prefsHandle 4924 -prefMapHandle 4928 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {275d17b6-5ae4-4283-a8cb-49683c8d72b9} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4916 271732df558 tab
                      3⤵
                        PID:2756
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.8.1474383448\101869420" -childID 7 -isForBrowser -prefsHandle 5564 -prefMapHandle 5536 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a954e9-6d39-4e47-b253-8f55f98fe49d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5592 27174b44758 tab
                        3⤵
                          PID:2276

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                      Filesize

                      4.5MB

                      MD5

                      e4e59c794f3f5d97c2ecd3c4c5974629

                      SHA1

                      ed251b5e1c09086027e5430ec84297226fdd5941

                      SHA256

                      a1d04d40931836b1f8b6996ee74fea03b9d729bbe18c111761890536e8e1debc

                      SHA512

                      ebca14198382da417347f6f929d5aa5048c6f1e3ee3c9557652a0829e544a4b9158ace6734b718fd96086cda0f5a213732b6a2781898cf3e903d1fa8eb1891df

                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                      Filesize

                      7KB

                      MD5

                      d204a3518d751d0f1523df3c38f8fafb

                      SHA1

                      c4c63c57b73da654e85e4d690a20afa508a8cb89

                      SHA256

                      f06027f700fd557c8ba90f896c29929226ab02ba6d8fabd49d9a290c140cb635

                      SHA512

                      69d676ffc0538972004c715e379bc9cbe7ae480562864b59c40a71567b615918e6a3e6099a2c4cf57e359f7c906c2777fbc5b765d1848154bee9eaa5409753b0

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\bookmarkbackups\bookmarks-2023-12-20_11_R2GCJW2HdLaIfBVPbIexVQ==.jsonlz4

                      Filesize

                      947B

                      MD5

                      0393fcd716a9cca2e366c1f6501fb52a

                      SHA1

                      886d657e057864c6ca12b4614df2473dc982c890

                      SHA256

                      6b6b3e30941a6c9d5aa9489429cd7e850e59b576352336d1ccfd3646d4668711

                      SHA512

                      65cd124b101dbc20e3d08c9d0627b97a15d227e2142c1c0760015518f9e6eb25b2c06da46619aa9312b2812e0a2707fdf39ca74f6c87d3526cd42ad7f7a83181

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\broadcast-listeners.json

                      Filesize

                      204B

                      MD5

                      72c95709e1a3b27919e13d28bbe8e8a2

                      SHA1

                      00892decbee63d627057730bfc0c6a4f13099ee4

                      SHA256

                      9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                      SHA512

                      613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin

                      Filesize

                      9KB

                      MD5

                      7471ab394fe720a959e9f4822b42343f

                      SHA1

                      66948fbb24a4c2ea3ad769361edbde2395a33181

                      SHA256

                      02b89e19fd52adf49b9577bf88d27c2b5ccf922c24e93cb077ace757b28e1212

                      SHA512

                      0143335f1cf6b7357a2abbafdf1625f47b082f8cd47a38842d3fe11cd1deb2673e04309fc0b66fafa244849a23e84d7f7dd06289d7163d3798226dfcfe0e021e

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\139867fd-46d1-4464-b234-d9d3dcc85a71

                      Filesize

                      734B

                      MD5

                      412219c2754d8a1354e99e5d0fc1eaa1

                      SHA1

                      68c02ae793560685c91003e84301832c2c79faa4

                      SHA256

                      beca972324701713818f8de7209e1c091f575c056e0d8cf6109b5471a1995462

                      SHA512

                      62c49ba72b7a2af08e65b218420c8f6cb3ef7afa5542aaa2a5cd47fff124e4b4798a09cc0e4d93cc126c01d1749c9840a89bc5a7018f9e46884997f7e29999e0

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                      Filesize

                      5.4MB

                      MD5

                      173036d542db4fe1020c93c5471236ca

                      SHA1

                      1e8c7c5b8d206bf00f1a56b11db29b59c5ab38f3

                      SHA256

                      5de55777b2b26588752b0b57f5146b34c74eddb97e640b79c3662d86c707e335

                      SHA512

                      f8f1b8199d482d7d8bb1b0d3cbf349a809e90c03b037271e431392a5c51a8a3da180942bbe1b866f754bb5ad20a53023e2c7809412d30fbe32311a34f7996232

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

                      Filesize

                      7KB

                      MD5

                      73d2f4880a14ed03a4d63ce6f3df86bd

                      SHA1

                      bd53750ed7dfea72d9589dd15b1616c4dc283ab4

                      SHA256

                      f1b3790962d50887a033fa0ca79cf8a20907f633d840acec3dca8b19551938c1

                      SHA512

                      8dc4d030df2e4d0984e1ccbb3fce971a6644c6e2f9893f8bb532cf5f40e4e0ff05b9d4839dd60e89f83571c0153fcbf23f5e3bc1e4ce03ae4ef5a0e4ef306ec9

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

                      Filesize

                      6KB

                      MD5

                      7ead0278c699d366ef216b8258bf0d4a

                      SHA1

                      8aff905ed956f541e15f7d5f6365c41959c91ff8

                      SHA256

                      65e160ca1ea1e7fb3c460ad35982b336870291a187e93044010771f169e6407b

                      SHA512

                      6d4531b8fba949b6047e363e06980c7c2f866f5ab44e3f37b27f06e07a226c9ac2af2342f153b8aeeb3a10d176c0bc319138de02091e20c0f6f16da570fca3a7

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

                      Filesize

                      6KB

                      MD5

                      9cc6fabedb2459d1d85076acf02ec82a

                      SHA1

                      6a27a3caca49d362b87cf8766532d88ea54415f1

                      SHA256

                      c04c9177b2af67184a15fe3d59689652791f24f396de3e6154e7f414a80d2787

                      SHA512

                      d611e1362d8490477ceb998ee12abd802bd4805c05fdde65c4e14f2bfe198ddf311411e10c53da06f576f0b97612f9d10912ae84b864c6307d52cd2f2782ef25

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionCheckpoints.json

                      Filesize

                      90B

                      MD5

                      c4ab2ee59ca41b6d6a6ea911f35bdc00

                      SHA1

                      5942cd6505fc8a9daba403b082067e1cdefdfbc4

                      SHA256

                      00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                      SHA512

                      71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      3KB

                      MD5

                      8672758d0648a052ac5dc7d96c4c2178

                      SHA1

                      2b939fd0ae287be579a10fbb9e178386729eae47

                      SHA256

                      3355a399151cca6fa68a2fa1b8c11a51d64829db31b127fff3a8efeb1dd5a45a

                      SHA512

                      51a22a7313bede1d77d97c987e13aadd3564192d6f1b2cc5a897208e5f82939e8554b50a7a00766dbdd941433053080495d27bb00df8c02ee44081f9837eaf29

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      4KB

                      MD5

                      27dd1168dc6ca27551626a6021f5f177

                      SHA1

                      4f8e24dda061cf32f671668e7842cdb67db40ec4

                      SHA256

                      4b05d61fa7a6993b49ff124f292b88dab620ecb86f2abb930b037e9e1bef933c

                      SHA512

                      830edb5e2ecf55f437716b158295c3fe640422f790e097f0cc30d30906ffc94165687904eed1b763b11063c6c7e2e2aba0f70d5519fb3f93fa878725d97107fa

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      4KB

                      MD5

                      f48136b739c0a817ffad0e0b39d80d6d

                      SHA1

                      14f4b075eb8b656e5739a5a4f639f901f15f288c

                      SHA256

                      90c24a7e02c844ac796a430d0b1ff37b9cd1d209621c642b884f208981f7092b

                      SHA512

                      db370a841948df4bed766ab3a907539dc219cc0a1f175cd1f866fc77ec3f8aad55b7fbe23f348eb3ef1adf400b8f75a76b45a365ddeb9349823682de36045988

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      4KB

                      MD5

                      660b75288ce86fc36a330c270a8d1346

                      SHA1

                      6e0db2fe04ee8c35cba69a5864195d0643702bd0

                      SHA256

                      8c0a49f444fae74aacc2c1b7195e5024c4ac8a2e11d73accf96cefb7c2717a53

                      SHA512

                      c4bc735c0f75bfc297acf05227e66b84c675d38a42136b26669f5dfd7d824f4499774c76f67ca37bb7992cc1a13f927d80767b56790f43bb86115525f98b76b4

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      4KB

                      MD5

                      5168e5f7dc05a5c3834461f6a5bcb91f

                      SHA1

                      44d6be386b31228d5269335ca2da72773bae6ebc

                      SHA256

                      8064cbf23bd29ea71d6c3a76d54a72316f125f230bce4fa637c18dd4fdd6a5cc

                      SHA512

                      0dd7eb019fa501e66343ff15b7aec97d19d51a0646bfdb39204294fdbfaf99a4044cd68d338f08787c50516a11728530d9be924289a4a9ad3402a492eb7e22ce

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      4KB

                      MD5

                      31e774e63fbe4e380a2a10e5586beb7d

                      SHA1

                      eb15f5d7b5ad11e7607190c57410edb3d9df5b7a

                      SHA256

                      31a32abbaf2a560c82520966d4f2cc3c9b7a7e7c927182a33e15207a054696e8

                      SHA512

                      73db5d963a19142253756d5ca90daa31f7de45807684be58f88865743d5cbbfed22c2ab21a58b5f5d5f4f768cd9fd3d8811903b9b8759458c1e3587f70c0b5df

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      4KB

                      MD5

                      275480b0c72697fa80579257d513968b

                      SHA1

                      4aad8865d8a6cb8884ce34f1a6c589567d4ce33d

                      SHA256

                      3049a0da918e1af6e8d666fe798b1db8cf1159b1948b581b373204130b273e40

                      SHA512

                      70ee8db6aff612f6cffd4f5f28d169120cbef9e4bd44b36a13b5164692e7acaa93b206685442fcd0caab8f1a9284d2bdcc2e9dab1bf3e11b44d2272799e1ddb3

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\targeting.snapshot.json

                      Filesize

                      3KB

                      MD5

                      cc6e954a1c32d17e07228e070630a3fb

                      SHA1

                      148bfe510a2c2f697fb861cb364b9e96849337de

                      SHA256

                      527697daf259f6cd8869c090615983521dd8bc974c513db5186378785b7fe709

                      SHA512

                      525ed2e5783af9efb93ca2f722bd4cd67da2de8718f6bdb464bcd864cec3ab83fb27fdf1b345b55509108ad809bfd03e75faff3c58275cf231cb802b184b6e5e