Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
286s -
max time network
255s -
platform
windows10-1703_x64 -
resource
win10-20231220-en -
resource tags
arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system -
submitted
20/12/2023, 14:31
Behavioral task
behavioral1
Sample
main.exe
Resource
win10-20231220-en
Behavioral task
behavioral2
Sample
main.pyc
Resource
win10-20231220-en
General
-
Target
main.pyc
-
Size
7KB
-
MD5
02caa5bfe36e916418d97839c85bcfe9
-
SHA1
bf8773fd4e6598227672c17cc1dc9d9d6e960475
-
SHA256
ae9e46fdb970aed82d36a11fde3de1c59d851816cebcccb701e2fd2b2bf26769
-
SHA512
f23581eb87faab18415fc629dcd00b47b4bfb57838325485d9a3acfaf7c8d177541a105e440e5bf0c87391aac445080c19387c4f94914be2a851dbe3e6e26285
-
SSDEEP
192:wfs9acD8xAkQWdXwf4DNfOJhwtMdwhcnw:T5FWuwJK2tPhcw
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 13 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\.pyc OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\edit OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\open\command OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\.pyc\ = "pyc_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\edit\command OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\open OpenWith.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 4340 NOTEPAD.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3500 OpenWith.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeDebugPrivilege 1792 firefox.exe Token: SeDebugPrivilege 1792 firefox.exe Token: SeDebugPrivilege 1792 firefox.exe Token: SeDebugPrivilege 1792 firefox.exe Token: SeDebugPrivilege 1792 firefox.exe Token: SeDebugPrivilege 1792 firefox.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 1792 firefox.exe 1792 firefox.exe 1792 firefox.exe 1792 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 1792 firefox.exe 1792 firefox.exe 1792 firefox.exe -
Suspicious use of SetWindowsHookEx 30 IoCs
pid Process 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 3500 OpenWith.exe 1792 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3500 wrote to memory of 4340 3500 OpenWith.exe 76 PID 3500 wrote to memory of 4340 3500 OpenWith.exe 76 PID 3224 wrote to memory of 1792 3224 firefox.exe 80 PID 3224 wrote to memory of 1792 3224 firefox.exe 80 PID 3224 wrote to memory of 1792 3224 firefox.exe 80 PID 3224 wrote to memory of 1792 3224 firefox.exe 80 PID 3224 wrote to memory of 1792 3224 firefox.exe 80 PID 3224 wrote to memory of 1792 3224 firefox.exe 80 PID 3224 wrote to memory of 1792 3224 firefox.exe 80 PID 3224 wrote to memory of 1792 3224 firefox.exe 80 PID 3224 wrote to memory of 1792 3224 firefox.exe 80 PID 3224 wrote to memory of 1792 3224 firefox.exe 80 PID 3224 wrote to memory of 1792 3224 firefox.exe 80 PID 1792 wrote to memory of 4960 1792 firefox.exe 81 PID 1792 wrote to memory of 4960 1792 firefox.exe 81 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 4240 1792 firefox.exe 82 PID 1792 wrote to memory of 2344 1792 firefox.exe 83 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc1⤵
- Modifies registry class
PID:308
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3500 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\main.pyc2⤵
- Opens file in notepad (likely ransom note)
PID:4340
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3224 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.0.1264876035\854068223" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4f68be1-12d2-498b-88ad-d254aaa811c5} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 1796 2716cdd5b58 gpu3⤵PID:4960
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.1.946233559\1921056715" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d9ea292-193b-4950-83f3-8026fc4ac44d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2152 2715aa6fe58 socket3⤵PID:4240
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.2.177198332\949869850" -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 2640 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c270e0b-46e4-4889-afa1-dc48b7ed7033} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2700 27170f9fa58 tab3⤵PID:2344
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.3.2129467575\4180218" -childID 2 -isForBrowser -prefsHandle 3328 -prefMapHandle 3324 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {738903e8-3000-4486-a815-e961335449ec} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 3352 2716f2c8c58 tab3⤵PID:3916
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.4.1500617900\1316978203" -childID 3 -isForBrowser -prefsHandle 4348 -prefMapHandle 4344 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0233718d-11ac-49d2-8c55-ade608e5039b} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4100 27172e3f258 tab3⤵PID:1572
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.5.1564496403\645314951" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 4836 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f624178-1514-44d7-a664-8eba9882218a} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4800 27172e3ce58 tab3⤵PID:3636
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.7.1377320153\1100845552" -childID 6 -isForBrowser -prefsHandle 4728 -prefMapHandle 5124 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d387950a-2915-4552-8d6a-849af1389d0d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5020 271732dfb58 tab3⤵PID:1096
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.6.185441557\1022243424" -childID 5 -isForBrowser -prefsHandle 4924 -prefMapHandle 4928 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {275d17b6-5ae4-4283-a8cb-49683c8d72b9} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4916 271732df558 tab3⤵PID:2756
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.8.1474383448\101869420" -childID 7 -isForBrowser -prefsHandle 5564 -prefMapHandle 5536 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a954e9-6d39-4e47-b253-8f55f98fe49d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5592 27174b44758 tab3⤵PID:2276
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
4.5MB
MD5e4e59c794f3f5d97c2ecd3c4c5974629
SHA1ed251b5e1c09086027e5430ec84297226fdd5941
SHA256a1d04d40931836b1f8b6996ee74fea03b9d729bbe18c111761890536e8e1debc
SHA512ebca14198382da417347f6f929d5aa5048c6f1e3ee3c9557652a0829e544a4b9158ace6734b718fd96086cda0f5a213732b6a2781898cf3e903d1fa8eb1891df
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize7KB
MD5d204a3518d751d0f1523df3c38f8fafb
SHA1c4c63c57b73da654e85e4d690a20afa508a8cb89
SHA256f06027f700fd557c8ba90f896c29929226ab02ba6d8fabd49d9a290c140cb635
SHA51269d676ffc0538972004c715e379bc9cbe7ae480562864b59c40a71567b615918e6a3e6099a2c4cf57e359f7c906c2777fbc5b765d1848154bee9eaa5409753b0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\bookmarkbackups\bookmarks-2023-12-20_11_R2GCJW2HdLaIfBVPbIexVQ==.jsonlz4
Filesize947B
MD50393fcd716a9cca2e366c1f6501fb52a
SHA1886d657e057864c6ca12b4614df2473dc982c890
SHA2566b6b3e30941a6c9d5aa9489429cd7e850e59b576352336d1ccfd3646d4668711
SHA51265cd124b101dbc20e3d08c9d0627b97a15d227e2142c1c0760015518f9e6eb25b2c06da46619aa9312b2812e0a2707fdf39ca74f6c87d3526cd42ad7f7a83181
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\broadcast-listeners.json
Filesize204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin
Filesize9KB
MD57471ab394fe720a959e9f4822b42343f
SHA166948fbb24a4c2ea3ad769361edbde2395a33181
SHA25602b89e19fd52adf49b9577bf88d27c2b5ccf922c24e93cb077ace757b28e1212
SHA5120143335f1cf6b7357a2abbafdf1625f47b082f8cd47a38842d3fe11cd1deb2673e04309fc0b66fafa244849a23e84d7f7dd06289d7163d3798226dfcfe0e021e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\139867fd-46d1-4464-b234-d9d3dcc85a71
Filesize734B
MD5412219c2754d8a1354e99e5d0fc1eaa1
SHA168c02ae793560685c91003e84301832c2c79faa4
SHA256beca972324701713818f8de7209e1c091f575c056e0d8cf6109b5471a1995462
SHA51262c49ba72b7a2af08e65b218420c8f6cb3ef7afa5542aaa2a5cd47fff124e4b4798a09cc0e4d93cc126c01d1749c9840a89bc5a7018f9e46884997f7e29999e0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize5.4MB
MD5173036d542db4fe1020c93c5471236ca
SHA11e8c7c5b8d206bf00f1a56b11db29b59c5ab38f3
SHA2565de55777b2b26588752b0b57f5146b34c74eddb97e640b79c3662d86c707e335
SHA512f8f1b8199d482d7d8bb1b0d3cbf349a809e90c03b037271e431392a5c51a8a3da180942bbe1b866f754bb5ad20a53023e2c7809412d30fbe32311a34f7996232
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
7KB
MD573d2f4880a14ed03a4d63ce6f3df86bd
SHA1bd53750ed7dfea72d9589dd15b1616c4dc283ab4
SHA256f1b3790962d50887a033fa0ca79cf8a20907f633d840acec3dca8b19551938c1
SHA5128dc4d030df2e4d0984e1ccbb3fce971a6644c6e2f9893f8bb532cf5f40e4e0ff05b9d4839dd60e89f83571c0153fcbf23f5e3bc1e4ce03ae4ef5a0e4ef306ec9
-
Filesize
6KB
MD57ead0278c699d366ef216b8258bf0d4a
SHA18aff905ed956f541e15f7d5f6365c41959c91ff8
SHA25665e160ca1ea1e7fb3c460ad35982b336870291a187e93044010771f169e6407b
SHA5126d4531b8fba949b6047e363e06980c7c2f866f5ab44e3f37b27f06e07a226c9ac2af2342f153b8aeeb3a10d176c0bc319138de02091e20c0f6f16da570fca3a7
-
Filesize
6KB
MD59cc6fabedb2459d1d85076acf02ec82a
SHA16a27a3caca49d362b87cf8766532d88ea54415f1
SHA256c04c9177b2af67184a15fe3d59689652791f24f396de3e6154e7f414a80d2787
SHA512d611e1362d8490477ceb998ee12abd802bd4805c05fdde65c4e14f2bfe198ddf311411e10c53da06f576f0b97612f9d10912ae84b864c6307d52cd2f2782ef25
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionCheckpoints.json
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD58672758d0648a052ac5dc7d96c4c2178
SHA12b939fd0ae287be579a10fbb9e178386729eae47
SHA2563355a399151cca6fa68a2fa1b8c11a51d64829db31b127fff3a8efeb1dd5a45a
SHA51251a22a7313bede1d77d97c987e13aadd3564192d6f1b2cc5a897208e5f82939e8554b50a7a00766dbdd941433053080495d27bb00df8c02ee44081f9837eaf29
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD527dd1168dc6ca27551626a6021f5f177
SHA14f8e24dda061cf32f671668e7842cdb67db40ec4
SHA2564b05d61fa7a6993b49ff124f292b88dab620ecb86f2abb930b037e9e1bef933c
SHA512830edb5e2ecf55f437716b158295c3fe640422f790e097f0cc30d30906ffc94165687904eed1b763b11063c6c7e2e2aba0f70d5519fb3f93fa878725d97107fa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5f48136b739c0a817ffad0e0b39d80d6d
SHA114f4b075eb8b656e5739a5a4f639f901f15f288c
SHA25690c24a7e02c844ac796a430d0b1ff37b9cd1d209621c642b884f208981f7092b
SHA512db370a841948df4bed766ab3a907539dc219cc0a1f175cd1f866fc77ec3f8aad55b7fbe23f348eb3ef1adf400b8f75a76b45a365ddeb9349823682de36045988
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5660b75288ce86fc36a330c270a8d1346
SHA16e0db2fe04ee8c35cba69a5864195d0643702bd0
SHA2568c0a49f444fae74aacc2c1b7195e5024c4ac8a2e11d73accf96cefb7c2717a53
SHA512c4bc735c0f75bfc297acf05227e66b84c675d38a42136b26669f5dfd7d824f4499774c76f67ca37bb7992cc1a13f927d80767b56790f43bb86115525f98b76b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD55168e5f7dc05a5c3834461f6a5bcb91f
SHA144d6be386b31228d5269335ca2da72773bae6ebc
SHA2568064cbf23bd29ea71d6c3a76d54a72316f125f230bce4fa637c18dd4fdd6a5cc
SHA5120dd7eb019fa501e66343ff15b7aec97d19d51a0646bfdb39204294fdbfaf99a4044cd68d338f08787c50516a11728530d9be924289a4a9ad3402a492eb7e22ce
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD531e774e63fbe4e380a2a10e5586beb7d
SHA1eb15f5d7b5ad11e7607190c57410edb3d9df5b7a
SHA25631a32abbaf2a560c82520966d4f2cc3c9b7a7e7c927182a33e15207a054696e8
SHA51273db5d963a19142253756d5ca90daa31f7de45807684be58f88865743d5cbbfed22c2ab21a58b5f5d5f4f768cd9fd3d8811903b9b8759458c1e3587f70c0b5df
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5275480b0c72697fa80579257d513968b
SHA14aad8865d8a6cb8884ce34f1a6c589567d4ce33d
SHA2563049a0da918e1af6e8d666fe798b1db8cf1159b1948b581b373204130b273e40
SHA51270ee8db6aff612f6cffd4f5f28d169120cbef9e4bd44b36a13b5164692e7acaa93b206685442fcd0caab8f1a9284d2bdcc2e9dab1bf3e11b44d2272799e1ddb3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\targeting.snapshot.json
Filesize3KB
MD5cc6e954a1c32d17e07228e070630a3fb
SHA1148bfe510a2c2f697fb861cb364b9e96849337de
SHA256527697daf259f6cd8869c090615983521dd8bc974c513db5186378785b7fe709
SHA512525ed2e5783af9efb93ca2f722bd4cd67da2de8718f6bdb464bcd864cec3ab83fb27fdf1b345b55509108ad809bfd03e75faff3c58275cf231cb802b184b6e5e