Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

a.bat

windows10-1703-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25/06/2024, 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a.bat

  • Size

    9B

  • MD5

    b0001c00a961b45a4d467ff7b0db34f9

  • SHA1

    93bb6b09c9007ac568b39a77f4aa10d5dfc59fb9

  • SHA256

    abb30b0a70e39de39ce0790c6c157fd04bcfb998705ec1672fe8070ff2d34573

  • SHA512

    3930bbe5b8936800736cb965e98f54eaf1e18218e865441f2ceff9002b23210c35867acef6a97f7491765701cede7ef82182410931cecd83fa5d7b121918c500

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\a.bat"
    1⤵
      PID:2692
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:220
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4736
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.0.1196418764\1981959081" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d128753-4bdf-4af3-a147-f8a2c38d1a59} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 1828 2c66a9f6658 gpu
          3⤵
            PID:1672
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.1.768695853\950229691" -parentBuildID 20221007134813 -prefsHandle 2168 -prefMapHandle 2164 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {412835ba-0645-42ed-8bb5-43b5eb3ec199} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 2180 2c66a7f9e58 socket
            3⤵
              PID:1476
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.2.1458298480\934897553" -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 2844 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65735833-f3fb-4257-876b-92d8e001049f} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 2828 2c66eb9ea58 tab
              3⤵
                PID:4420
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.3.1029434382\2043000741" -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 3448 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {199c129c-532d-428d-90b9-cde6fce810aa} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 1576 2c658662858 tab
                3⤵
                  PID:3268
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.4.1982551146\1714354338" -childID 3 -isForBrowser -prefsHandle 4240 -prefMapHandle 4236 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3643250a-7a83-491d-a63d-867e4b573629} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 4252 2c6709c4258 tab
                  3⤵
                    PID:2140
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.5.1781994746\787841381" -childID 4 -isForBrowser -prefsHandle 4688 -prefMapHandle 4704 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b1f912e-4f0a-49a1-8d57-991f2a97ed93} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 4692 2c6710a2058 tab
                    3⤵
                      PID:1332
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.6.18126499\805934694" -childID 5 -isForBrowser -prefsHandle 4848 -prefMapHandle 4852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdfc21fd-c252-46f0-ab65-674c46c63262} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 4840 2c6710a0b58 tab
                      3⤵
                        PID:3028
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.7.1624063024\1859969737" -childID 6 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c441ff7-99d4-4d97-a4e4-2c374223b6e7} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 5032 2c671785858 tab
                        3⤵
                          PID:4440
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.8.542667423\1915502438" -childID 7 -isForBrowser -prefsHandle 5608 -prefMapHandle 5604 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92824efd-b1a9-42c4-84f1-df856097836c} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 5620 2c66d058658 tab
                          3⤵
                            PID:2724
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.9.1958454867\1893577661" -childID 8 -isForBrowser -prefsHandle 4772 -prefMapHandle 4768 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd88fcb4-c405-4426-b900-7b26c3089886} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 4760 2c66dda8c58 tab
                            3⤵
                              PID:1308
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.10.772886195\410749798" -childID 9 -isForBrowser -prefsHandle 2912 -prefMapHandle 2928 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58d10e3b-299f-4080-b4c7-a36e7c32a442} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 4184 2c670c33958 tab
                              3⤵
                                PID:2900
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.11.1258576429\381494470" -childID 10 -isForBrowser -prefsHandle 9620 -prefMapHandle 5568 -prefsLen 27202 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {579d538b-f24d-4c66-8e01-4641ae8c43a7} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 5440 2c670eb9e58 tab
                                3⤵
                                  PID:5076
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.12.263409906\1567889434" -childID 11 -isForBrowser -prefsHandle 5688 -prefMapHandle 5704 -prefsLen 27202 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63f3a5e1-226f-4773-be6d-d13f10acd1e5} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 5740 2c65865c758 tab
                                  3⤵
                                    PID:764
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4736.13.1987126181\1251054718" -childID 12 -isForBrowser -prefsHandle 6060 -prefMapHandle 6072 -prefsLen 27202 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b25342c-1e49-4d3f-8321-f0d8df51055d} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" 6064 2c670c33358 tab
                                    3⤵
                                      PID:4988

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25137
                                  Filesize

                                  9KB

                                  MD5

                                  97a640d3c9bed3e86148132ba429dcb6

                                  SHA1

                                  6cd576a7c10dc11b53a223e6fafe4244a60753a9

                                  SHA256

                                  879e81a3633898cba91011f0efa4191d4dfb2b0e57f85c3dd3b1266f7d24cfeb

                                  SHA512

                                  69d0485755cbc6121c0293391739972def5afcc86a0e6164cf04054dc817e60f0b941272020300ad0b6f57a068603a6de3eba890d4ba246ae7b68ac095722213

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\tmp-ol3.xpi
                                  Filesize

                                  3.7MB

                                  MD5

                                  b6288be590f88cd73bcd73040ea7f71d

                                  SHA1

                                  d18b2c2594f89a079aded8c67c3a674836bff268

                                  SHA256

                                  470c56994a7174db21578adce598b158a5dc0970c87c5cfe889ac632bd3085ea

                                  SHA512

                                  9f3788e4824ed259d6a92ce235c0f952b6db49dd0bf49e46607000ff73e0300ae31281095414311eac014125c472d910da85eca904bbacba7c732b9aca340dff

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\addonStartup.json.lz4.tmp
                                  Filesize

                                  5KB

                                  MD5

                                  5bc4e601800af4296acb65c3d64257d7

                                  SHA1

                                  c98bf687933c11cff731e7d0400a18b041ba3516

                                  SHA256

                                  4c44caa63c922628e6435ae4de17e33c927e3f4d67cc12335d83ce5c0f3239a7

                                  SHA512

                                  d6973e11f14352cdbaf1b617126fece5443124bdc50f2dc21fd10767735885d3cdae00f02f6f0fda1a696e3e904e82e2b1de52cb705e19efc4c17469a4a690ee

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                                  Filesize

                                  2KB

                                  MD5

                                  7eee53be0f7b109d7b9cd9f304dd5997

                                  SHA1

                                  0939c7cff72c493aca1d7162c030671c3cbbb525

                                  SHA256

                                  219565c005cf6d5373af8f193b3d080fe07a11075ae533f905978f9daa034299

                                  SHA512

                                  b7cb30a682b431c67ab1a9f826fd39135954cc110662c131961eb62782702f5eda13f58a788ab5f0c41a871b85dfcc00430db0608e704975580af4e860b6953d

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\82d741b3-3d67-45de-8451-7a7fde130898
                                  Filesize

                                  11KB

                                  MD5

                                  9a2de8660e692cd210be85306c4f22e5

                                  SHA1

                                  ecb22381e751eafbe750dfbc7fb48c465d4c2b04

                                  SHA256

                                  85b1aaa0c5d0b28492c57b732e0052ad0a5060adef63b2fd0d4a8211221575f9

                                  SHA512

                                  3b35eb99e0d76f5471c6ba75ded63a23421a0b4be4189ef64ca6815276d51b88b770a32e332cec36bc6c66669bcc618d9429ab68a4d1a858c6f1b27504aae332

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\9a900d7f-e0e1-4f45-a137-44925851c53b
                                  Filesize

                                  746B

                                  MD5

                                  b5f000ff202d0b8f8a79c2c769df85bf

                                  SHA1

                                  c1c1f9efc338fe9f213b26ae20e302abec1d7669

                                  SHA256

                                  85471ebf67958d4a6ca7eebad177995ca1007e85f76a16de9988271497cede6f

                                  SHA512

                                  1366e58f8b3590d91b5d7fd6049f96624640864c7b2b7223274f23f4da53d4f9be67b8b5d7b8728d06b5bc554ea837257821355fe86e1e7c2661d016a586759f

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\extensions.json.tmp
                                  Filesize

                                  57KB

                                  MD5

                                  06f04efbd9f6691645eb4df8886178f7

                                  SHA1

                                  5d67de8eb8b02d1d7c59651bde74ca457b0dd16d

                                  SHA256

                                  957ebb41365f952382eee855c4b5a6e99ac62d809681d5eb44de1d14a8514a47

                                  SHA512

                                  3a3b8ad26ce4e850c4a217899d81e78b8de76e2e7db9c19852dcc30b27d5694101a7384192323711b24d5ae6ea89701b9e89f693fbbf2838f1eec1949ca629c7

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                                  Filesize

                                  6KB

                                  MD5

                                  5a7fc2283fc96d46eb2bb935b4691c60

                                  SHA1

                                  8077b6f71e7eabfe19d166613b03f5153e7c1ed9

                                  SHA256

                                  f89a8357df79cb05d79d0f7981614bb0553041f2c40117027588f0f1a91ae1eb

                                  SHA512

                                  3be096e6659c579c882f29edd61fadceb043f1c49ddc60f2b1933571bcc1787383593ec3a85c508280333262e29c457a039bf8822613a4042130c6b51d819e0d

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                                  Filesize

                                  7KB

                                  MD5

                                  c02845e70fd4ec00fc341a1bedf7c6a8

                                  SHA1

                                  3ce70357afa604347730dc4c58da4372fc55e070

                                  SHA256

                                  bf40c2a158c764e69d3eeb6e4c137f38e98afd1d3bcdd6a781e9fe531271c141

                                  SHA512

                                  3a3d67caa4da47bd237ba83c684f8e44b709284a66e6c8c44c0ae7d8c4b114fd15698985842f5f34527982217b835c21ea122acee19d17d49efbe50253d42880

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                                  Filesize

                                  6KB

                                  MD5

                                  b083b77ccb134bc79d3466a7cb9d963e

                                  SHA1

                                  631df621ab58afb44469ac1ccf2eee406cf2a608

                                  SHA256

                                  781ac14e5e0071367ffd7302b33a27003a9fab5fca6b26049b3e747b1cce3e31

                                  SHA512

                                  3a243e3c876a76adc6fdc47b357803040c7298612bfaecab77e470068dfb20625595ea2de9a3d207627c03fd69ad62ebae8f7c7e1798aa2007489b9ba26050f8

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  3KB

                                  MD5

                                  555b3bd4403e3f2a611dae11a964a569

                                  SHA1

                                  af37e2ce9f288f6049e30d448e5fa4c8e5335088

                                  SHA256

                                  5252c4604ee1a747a0c87568af469bf5ea185451284cae2e9d68aa83768fe456

                                  SHA512

                                  e4b1b00a127db51ada8a7609f7bebe4aac2c8253609ef6b2ed3ba7c67b55418b14d2883171144f52c222724db41086d90bec3d44059d7785d9c80a3ef4ebb1df

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  4KB

                                  MD5

                                  f989ab89c3b3f409bb3cb422b0b94d71

                                  SHA1

                                  8e58714e4b6d1fa91f0a124718f9bf557b7eefdf

                                  SHA256

                                  6df1bfa342b9165af92134f6373fd47dc09210cfcceef9e8d2a5dc5e842797e2

                                  SHA512

                                  16c202507ea6a88cbda3b0762190cfbab06d9fe5b89828369afab29e0149be05445c28aece71ecee21320b0b00e245fd14b2d4e9b8cf94916bf88927869d8f15

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  5KB

                                  MD5

                                  be58817ca0088b1129ab1dcf0a3f36a4

                                  SHA1

                                  e75ed1e37461b1d4fae5c7a2754d5a2570826d08

                                  SHA256

                                  0a4a39d54b6a1291eccb899b37e83f1524a027b5b6d550048c39f4aee23f85ec

                                  SHA512

                                  1b7fc3f200b5e25a6fb792148a01c8ac8c5e2c3b7308c26f5a42874f8ba70a8328fadf7c080214f3122e684a00266eda863f92b8795834dea8a297542c8783e2

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  8KB

                                  MD5

                                  1d1bef6195b5a6de67cbb5760feaa178

                                  SHA1

                                  9f53f938acf2968c1f24ff3345b348d485411f23

                                  SHA256

                                  64fb4e0c1b909afa9603afb82c8bae93515437bfb312e856fdb7f5dca3303f0d

                                  SHA512

                                  ff6c259d0fbbc99a03560e75835ed6fd05e7ffde20d572841f6d282e60d8709478db650f27e0a5e2ae0d2d628da75e106aa33d3dac1a3d452c06eb1929f7d097

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  12KB

                                  MD5

                                  1741af75b8ecabaf5a2d0e55d424b426

                                  SHA1

                                  75a5d0cbbbf01355398330471c939ea6ea3e0eef

                                  SHA256

                                  0f3983e08aa4c013b04f0e723c155b9a9c64df23da04dbdf440d98be8ff1abb4

                                  SHA512

                                  163e9d194b401b110b8f930dd56767dbb6a811c2287fbdde57dfe53849c42ce3ad5c7f5cf701b5575d3ed3314f401b386002b437a6cb2563518a267e8a6b04f0

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  4KB

                                  MD5

                                  742ce83a1406bbd87403beec7b9c496c

                                  SHA1

                                  16efa7c28ffe232003292ff9e5a7bb9925435c6a

                                  SHA256

                                  591f08dca8bcb90d33dd985cdf3ae906d2d5c200d50f962b5f8b34bd0cec6abf

                                  SHA512

                                  805e4db7634f3971afed91542546f41490deb528e8c31c632eb60cb9df089468bca0c0e4b3338caa31d38ee06a5ec75c98326dcd4e56656d5134b4ca7855e65b

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  5KB

                                  MD5

                                  4367bb260fb7fcc748ff314c29b7fbc5

                                  SHA1

                                  aba7b7a54fc7e7bb6d8917bf89f9f277d3b69612

                                  SHA256

                                  333bba6354039bb458953004d5e2118c243785e138242b74909ba334367c5adc

                                  SHA512

                                  115a485208f1558421035ebc7031f6b3993fd6eb22223cbefdf2b1e44ca973bcf5e2768cb152feacf6204c039b214a7a0995bd1bc3cea340e8ac8ac41d097b91

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  8KB

                                  MD5

                                  85b22598661e857b02fa597e6cfa9ea0

                                  SHA1

                                  73792d00937916f01b6e2fe03436d95ad32d3c6c

                                  SHA256

                                  8ae0b9e2458fb23cc9fa94fb4a6074c8a1d90a196c498ca08c0fe8d266c674fe

                                  SHA512

                                  689195aad7b4aac87c461b2da3fada0f7b9454e735b156cc915bad66783c77c5ec7aa288198f6920c2345e7ad63364e02dcf2bc19eb5bb5c6810a2a1a85bf224

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  12KB

                                  MD5

                                  d06c77fe2e48101fb16a2cd51b172a6b

                                  SHA1

                                  f4bed96e8f06c3cc580e32fa8c0635d32c052b73

                                  SHA256

                                  7bc9654fa1da000b8d40bb3c0c1f35c6adb945a347d9bd4623ef3e4b8eb2f192

                                  SHA512

                                  7091351ebcd8af7a77180b4ca0aa880ccb35415a0c70a37f12bddc93718dc28f79cf0cee9be28bfa6b43684719a6f824b7db92d66d1e03243d09074285fca6d3

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\moz-extension+++bb1aa688-dc0f-406f-a794-5d845ef871f2\idb\1671402671ueBglaorcokt0SCeahc.sqlite
                                  Filesize

                                  568KB

                                  MD5

                                  6416367095911ec3911e3efef54427e3

                                  SHA1

                                  d5b67f29aec943b3f3299a18f0469f63c4a5fd4e

                                  SHA256

                                  ebe75e0a0c42db0c91f160fc219e337a49be11807a16cfe406587a49a1ed6c9e

                                  SHA512

                                  01e50e73b2bbb19a49cc3922c4b937a7cabff9ef157c6362c5ed2ecfd4c4fec5e44047b7f1ebde32e51a63a73642037bcfa279e1626b12571ed980bcbca428ea

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\moz-extension+++bb1aa688-dc0f-406f-a794-5d845ef871f2^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
                                  Filesize

                                  1.7MB

                                  MD5

                                  dbd345571de4d6e326870b9aefce4a95

                                  SHA1

                                  a5a3dc7e263db1502f2047a13ca81c579881e7be

                                  SHA256

                                  767c4e5c7c0292f7f7277b29b9fb16d3906df006b4ad09ebbfbac8770e92ac79

                                  SHA512

                                  0a4cb007fd0fa9cab0b914ea90e043e123f29d1ab354be3352754572cfaf242afe3d26e936415b714384786f97f79968d88a469e6476a6e18f5c8e15aad45e7a

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                  Filesize

                                  184KB

                                  MD5

                                  7f868e557b098795d645df9ea302427f

                                  SHA1

                                  001f3306144559b4049a8ab139b4139f51e59c0e

                                  SHA256

                                  b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5

                                  SHA512

                                  56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

                                  Download Submit