Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    1197s
  • max time network
    1200s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    27/01/2025, 17:00

General

  • Target

    wallpaper.jpg

  • Size

    706KB

  • MD5

    c65150c033fdc25a206c5063f3975806

  • SHA1

    31fe535ecac94a02d78157133736596d9d264039

  • SHA256

    facbe2969600f7dc612edf2d0ab85317eb6f3cfd2da416a2ead7953bc4a13677

  • SHA512

    149d51f885658bd18670f63bdfaeca08f45b86fabfbf35580222adfbb097a3dfc19045a2c57f62ca1c89cb9fe777f22c3d92f855c6ebb2a7256087aaac7304f3

  • SSDEEP

    12288:EXlhYltolf/E/7Cdpou7aZa/K8LKuDQvawgKrTVDsuX0AheQPuPZ+cHTNW:EVhYltoZ/E/J38L7QvXr5wWhxPUFHTNW

Malware Config

Signatures

  • Detected google phishing page 1 IoCs
  • A potential corporate email address has been identified in the URL: [email protected]
  • Detected potential entity reuse from brand GOOGLE. 6 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\wallpaper.jpg"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:4296
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
    1⤵
      PID:1508
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1072
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Detected google phishing page
        • Detected potential entity reuse from brand GOOGLE.
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4804
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1872 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d605b9-713e-4601-91c7-f51775ac679f} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" gpu
          3⤵
            PID:3208
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {549b6dc0-7b1f-43aa-852b-e61886175468} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" socket
            3⤵
              PID:2208
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1064 -childID 1 -isForBrowser -prefsHandle 1436 -prefMapHandle 2732 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2442376b-ab7c-428f-82a0-4dfd4764c1cd} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
              3⤵
                PID:4780
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebcfe6ca-b725-4b54-9eae-87a17dc7be22} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                3⤵
                  PID:4216
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4620 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4616 -prefMapHandle 4612 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {229981f6-c2fa-41ef-bfae-15127dc9074f} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" utility
                  3⤵
                  • Checks processor information in registry
                  PID:5300
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 4824 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ca0ebad-7e74-4fe0-95f3-bdae7fc627f7} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                  3⤵
                    PID:3292
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 4 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dde72b27-94f8-44a9-b02f-39099024c392} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                    3⤵
                      PID:1316
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5624 -prefMapHandle 5440 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f995e6b-f7c3-41ef-8674-0c4e6202be41} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                      3⤵
                        PID:4328
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3324 -childID 6 -isForBrowser -prefsHandle 3952 -prefMapHandle 3948 -prefsLen 33043 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10642caf-9e06-4d4e-9ee3-89ce002456b8} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                        3⤵
                          PID:3016
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6620 -childID 7 -isForBrowser -prefsHandle 6428 -prefMapHandle 6596 -prefsLen 27552 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d0cf29e-8e1b-496d-91d2-90c3a7b72a0e} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                          3⤵
                            PID:6136
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7024 -childID 8 -isForBrowser -prefsHandle 7048 -prefMapHandle 7044 -prefsLen 27602 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {661beb05-2df2-49f1-9375-da51709e8666} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                            3⤵
                              PID:5212
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7048 -childID 9 -isForBrowser -prefsHandle 7240 -prefMapHandle 7244 -prefsLen 27602 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ba791a5-115b-4939-8d4a-c06b3fb67b91} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                              3⤵
                                PID:5244
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7340 -parentBuildID 20240401114208 -prefsHandle 7212 -prefMapHandle 7332 -prefsLen 33419 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7989ceae-bef3-4a06-a93b-0445bdbc2d7d} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" rdd
                                3⤵
                                  PID:5936
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7408 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7400 -prefMapHandle 6060 -prefsLen 33419 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a86be04-e59f-49c9-9e32-9be66a54397f} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" utility
                                  3⤵
                                  • Checks processor information in registry
                                  PID:5956
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 10 -isForBrowser -prefsHandle 5820 -prefMapHandle 5836 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2973a6d2-ac72-4d0b-a9a9-52050201fedb} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                                  3⤵
                                    PID:5600
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1288 -childID 11 -isForBrowser -prefsHandle 6676 -prefMapHandle 6864 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {622943bd-9a87-4ac6-93dc-6834208741f0} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                                    3⤵
                                      PID:4416
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 12 -isForBrowser -prefsHandle 5716 -prefMapHandle 5704 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c672ffc5-cb2c-4e5e-9e46-06e1631c1da3} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                                      3⤵
                                        PID:2968
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6028 -childID 13 -isForBrowser -prefsHandle 5684 -prefMapHandle 5680 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcfb77e1-9a39-4885-a919-a61e40583b98} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                                        3⤵
                                          PID:2804
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6756 -childID 14 -isForBrowser -prefsHandle 6880 -prefMapHandle 6668 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e31bf80-6d8c-4ba6-bc7c-bbb6ca7f5ae7} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                                          3⤵
                                            PID:5088
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6220 -childID 15 -isForBrowser -prefsHandle 3036 -prefMapHandle 7752 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {832fb6e2-36d1-43fe-9f57-23d34e0d180a} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                                            3⤵
                                              PID:5960
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7852 -childID 16 -isForBrowser -prefsHandle 6756 -prefMapHandle 7868 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9db2b58-03c9-4b3a-9874-fecc8b05e38a} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                                              3⤵
                                                PID:1384
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2560 -childID 17 -isForBrowser -prefsHandle 7140 -prefMapHandle 7012 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69be4d1b-f3a4-4714-9457-42a31f8dfe0e} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
                                                3⤵
                                                  PID:1412

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\activity-stream.discovery_stream.json

                                              Filesize

                                              21KB

                                              MD5

                                              8f103cd52f284ce1e77bc8760c140b31

                                              SHA1

                                              a0d22cb00bc6ce132e520b3fc790db8d5fb7ff2d

                                              SHA256

                                              517149c893924868e07eac2fc522e038552ed237977402ce9edcad36412e27ba

                                              SHA512

                                              c2ee8b7dd61a83b688b4585ccbb36b95bf2519a20156049e59dba413c645c47b003ef98a9c6790946404e981e6c870ddf5ef9d49b04f864bf02e3e1b4cf98c2d

                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\cache2\doomed\28969

                                              Filesize

                                              13KB

                                              MD5

                                              a5c372849537af0598be8dd48f7a8b37

                                              SHA1

                                              28280101824be39f14f641e1448f85f9c48be2ab

                                              SHA256

                                              f3a2dbf1e0dcbba6b554596419c1a3e5cb4680c5587d64e8e67e60349bc8ed66

                                              SHA512

                                              a47a5a13d15bd530c4bd8708aa762ae8cf05afd7bfbae78f241fe8c3ed884c152a01ddc61808a3d4897da42d8ab9fbf1a8cf858fa90da87a4f6b74c1955d0175

                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\cache2\entries\9101746EA8258A5B97B04A344FC767B0D7D65A64

                                              Filesize

                                              59KB

                                              MD5

                                              d7858cadf931e1cc8778ce5ab3e1cf77

                                              SHA1

                                              abed47a7625acf9f1711e647b20884b1e231d687

                                              SHA256

                                              d8af935ce1755d74d5abdc42f7ae87c9880b8af109a7d92a2f63fc988d369091

                                              SHA512

                                              986e6d313edcc1adce76afcb06ec6393cf4087b3a2be3d1b2b7f6cec75fb5e20a1f31009b59dac55e2966e7ce22646b521d63700ce9eaa92b3e1bb781ea186f0

                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\jumpListCache\k5IAd5bmbBeGvGVjASMRd4I1kROajJV1HK8HHQSXS7k=.ico

                                              Filesize

                                              691B

                                              MD5

                                              42ed60b3ba4df36716ca7633794b1735

                                              SHA1

                                              c33aa40eed3608369e964e22c935d640e38aa768

                                              SHA256

                                              6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

                                              SHA512

                                              4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\thumbnails\94352378ea009f591bc74551cfdc01b1.png

                                              Filesize

                                              6KB

                                              MD5

                                              11893fe8163fba916a5cc4190640105f

                                              SHA1

                                              118149e6602f9fbccf06b7c39381cb8793ab45a1

                                              SHA256

                                              ab619ba96835159f27998cab9cda06abd67e678fc8ca301b2425295cdaa1a8f8

                                              SHA512

                                              9513c7abb01b8cefa4281794f143e8f4a7328bee9f5fba6c74770281aff562ceaa5dd5fc9fdf5bd80e5238b9ba70461bf2dfbb5b8b7b2a8c02284c7862636244

                                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                              Filesize

                                              479KB

                                              MD5

                                              09372174e83dbbf696ee732fd2e875bb

                                              SHA1

                                              ba360186ba650a769f9303f48b7200fb5eaccee1

                                              SHA256

                                              c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                              SHA512

                                              b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                              Filesize

                                              13.8MB

                                              MD5

                                              0a8747a2ac9ac08ae9508f36c6d75692

                                              SHA1

                                              b287a96fd6cc12433adb42193dfe06111c38eaf0

                                              SHA256

                                              32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                              SHA512

                                              59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                                              Filesize

                                              23KB

                                              MD5

                                              b26abd3a3c164d036dd5a028278959f6

                                              SHA1

                                              637fcc20dc722a10c915fe11d6295db2b2c14610

                                              SHA256

                                              ff47515ed99cdd02e2e7bf1510701390b1b31d017927a9a085d00fca90f41602

                                              SHA512

                                              3c60a92412e20d0bc85f13ebfa3ae1af30a199bc235cba0fb84893f3bf8e8c87f966bc4febb712696e1ca70c149e1a42608613129c52284c943a7b972396b35e

                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                                              Filesize

                                              23KB

                                              MD5

                                              751acecbabefb16186dff2c047f94cb9

                                              SHA1

                                              6a14a7cf464730ea1597c59395f3aecad480bbe4

                                              SHA256

                                              a08f958f2a087063bc9f2f3fe08f2892c0ab32c7cf649651cad934ef7de9505a

                                              SHA512

                                              72e6fd949d6f52a0b6b2a16244ad25105ddbd14e74fe1ee6b565af17b9d8b3c7b4b4df72c2b690c4b9d42eecad038a1ed275de3cee68109e5b8e7136fcb1751b

                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                                              Filesize

                                              24KB

                                              MD5

                                              0e44b9eefc46331fed1e75ea097f2c66

                                              SHA1

                                              217613ab734b1df064b100bbfaf32b8fafd9aef0

                                              SHA256

                                              17fdc23e260586ed0e3e3d853188b584e61d02297fcfd64b360de1714c79b803

                                              SHA512

                                              0fe8c81ce480a7c9845ff310494579de0dd0ac405a434c19768c0cf997743b497d36f49c42800695987ef4d4213cd635f19587064207d714afe00efd632fa890

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\AlternateServices.bin

                                              Filesize

                                              21KB

                                              MD5

                                              5792385bcf9d3dfaaddb89227e6b586b

                                              SHA1

                                              d6f9e047eb4a73ddaf4d3a8fd761790170ae7e2a

                                              SHA256

                                              1a0f967dde09f6bfd7ef38ae68f101441bac3e0fd16a1b901bd41464cc0b6a09

                                              SHA512

                                              75ce0c92eb022045459ed4a0fd8fa7e6b346e48b4b73f5e6fe4b3fd9c468150eab722050fcd7c1ab7a16c037cb3364e1ca87692f24a37ab5e03ace148d30f221

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\AlternateServices.bin

                                              Filesize

                                              7KB

                                              MD5

                                              aa627985f69faf6b5c8938db94062347

                                              SHA1

                                              628c7beb4614afa1afa340a926d20b7c45a3c89d

                                              SHA256

                                              7d4148e5d1174fd9e7971f6eb066b294b83ecd413f2bf57f2af026046659e4de

                                              SHA512

                                              94c2a7c2322397335c9fbcc69f6f53ccbd150449d68c6771b957f3b3ea0eaefc4098ef628994aa6b297c45d6f396b6f63bd413cd9e4e0fbdb872c4f4af865bac

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\AlternateServices.bin

                                              Filesize

                                              16KB

                                              MD5

                                              5307998aeff01c0e36f8c57f28318b60

                                              SHA1

                                              e18a00529bd6ba398e363be4ae997d33c07dcc1d

                                              SHA256

                                              eff3f38427c0302e1621f05e6ffc8d386c96ca2e09b9b3564a7e79e8ef51b117

                                              SHA512

                                              ff5bfab500b6dc003579d64f3cc4891db5643d8d4840f8615bcc12277d7efa105c84fc18efcc72aa8b9fc2882c8e939ebd8271958222804673ea78106d20e6e4

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\bookmarkbackups\bookmarks-2025-01-27_11_k9c4cHCwDm-06SJ8j2XzNg==.jsonlz4

                                              Filesize

                                              1017B

                                              MD5

                                              77094adb05c103038609be1864bb6059

                                              SHA1

                                              fee44263833f63ce2f7684c944b6c9840809171d

                                              SHA256

                                              87e598a9a78d43c6d1be02b0849e73cb584468a05f43a7d49fbc9153e9482b4a

                                              SHA512

                                              b6abf7ad1b1abe8390f6421efeacd823a506dd461b68e710ef9ac900b599872f76c5fac20d483c1032b8392b676a707b677c58069590c2bb3e09956210ec098f

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp

                                              Filesize

                                              5KB

                                              MD5

                                              f3905ae6219cfb2bf4a9291d3088c126

                                              SHA1

                                              3a64fbaddb4b8b61c044e3f313fca04b06ea88a7

                                              SHA256

                                              36583df7ed5474d484c4f538ef981070fb74583fd9c98cad895421ba652003f5

                                              SHA512

                                              7cc0a35f3cbd5be33d13ff9797a53182efb2342fca5a78b388fefc94fb4425f6ae5f6e681853f528d1e55e5815249218f218023b770c3efc5decd3278a85c20f

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp

                                              Filesize

                                              6KB

                                              MD5

                                              b6344be864a1530a4f41edb1b2ff16f5

                                              SHA1

                                              7fca8046c01828ed0351e91a83a80ffd8f723d12

                                              SHA256

                                              5956de3fa4a54428fa3a9991eb537c8554fd4241bb9ff3575cb934ddcb592547

                                              SHA512

                                              a57a96d2fd1da64327d70b35701e811142a1dafd431f6fa229a0221e4f3933f73841602431cc49756ffefa5a9acfb9bb0caf28358686b9d4098b11be31f8a885

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp

                                              Filesize

                                              7KB

                                              MD5

                                              d0563c85048734ada7d2ce7d0415707c

                                              SHA1

                                              71e613d25aaf96acfc6345d6305a77a3a0490f16

                                              SHA256

                                              f6afbd2f0c37e3e20036370c0924cbf2fe244cb58768d9f71b37905378d30bc1

                                              SHA512

                                              bfc67f22c46ab82ebbe0121709d8c45597511946d44031bd9771f1ae57e1aa7b35808dea92abc6032519a0eefd9c304392cf27993cc9fb15e2bdecd5a45587b5

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp

                                              Filesize

                                              81KB

                                              MD5

                                              2d0ca8a213daaeb978ab48bdb9ca892b

                                              SHA1

                                              a47dc2eda7e43915e3e605ddf66eae1eb39e51b7

                                              SHA256

                                              b6900c44318f5e8bc517dbe2d8a624987c5b6c8684e5eda5303f262415151be9

                                              SHA512

                                              0b08cfbed1a2c86105f9ade8d9423f08fdb8fe34510b5e5c751ae5e2a7294c0e767dfc1cd1b8099ace78c3f620714db9f94279a48281875eec8124b574a383aa

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp

                                              Filesize

                                              81KB

                                              MD5

                                              c23302fc378c28cd1904911a6349b65a

                                              SHA1

                                              ff47d05f5d4f67a7df2218c8941b5b2965aeed0a

                                              SHA256

                                              556f47ea02274efd65beeb570845a00199c5f2b439a54dd9fa1aae6e226212ca

                                              SHA512

                                              68079b0bb3c72111fabb1a49257be832fea24c932067b134f794db5e52bd159279a1a6d999bea5410c0c54c7842c2251ce47bffd163d196b028f6f744c48744c

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\pending_pings\206ffe01-be48-498a-b420-d5ca07a75eba

                                              Filesize

                                              982B

                                              MD5

                                              2b43b4c0ccfe9c30a4589d67ffc31a4c

                                              SHA1

                                              fbdd091091266104993513c21d69a0bf7805c08e

                                              SHA256

                                              bd9524d9e74b2ddfdd8b06ad8f36e8dd57d4dce2f22d135ac348f5a5ec5ee63b

                                              SHA512

                                              61c18c342d01a46aa20e3b23206bccf20399a732f6d2fdc56de9c60c76e629f482c59fadaeb18f0f8f2e8ee4285a3a142d85e331b5800fb4a34f5703d3af1ebf

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\pending_pings\3f61160f-1fd3-4ad6-bf1e-8ff90e0567a5

                                              Filesize

                                              671B

                                              MD5

                                              0a5433918c704cdd48bd2cf6a68c9305

                                              SHA1

                                              9e6568f9a017be79290fdbf9367aeaae40911cf5

                                              SHA256

                                              1addc1529946a70f854acf686008d9822682fd255540144e519785346268205b

                                              SHA512

                                              a69d7b2b7cc057cd3f7dd0b4f4454437b284d4198fa09cae2fdc284cf835c2f4bc9fd2d4bd95514afa292841256e7cae60d47649fa88a93b6f21a6245709ad17

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\pending_pings\7f1c9dc1-7448-40d9-807a-a82f6b2cc2e9

                                              Filesize

                                              26KB

                                              MD5

                                              342c909019f7074f83d456ec58d1a765

                                              SHA1

                                              2001fb11be51c6b86b3f71551a74e655c70a664c

                                              SHA256

                                              fbfa0e5f8143472385edd838c46b72eb5e707f30d51ab24c38a3d7d22c8a837d

                                              SHA512

                                              53573084c27050af7a2fdb40689e55ad9f0d4e212771be4618e8c7ef00a17a35de5d45323c0bdf047178c399af7137374a5e20cb7c773db05712021bcdfc00f8

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                              Filesize

                                              1.1MB

                                              MD5

                                              842039753bf41fa5e11b3a1383061a87

                                              SHA1

                                              3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                              SHA256

                                              d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                              SHA512

                                              d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                              Filesize

                                              116B

                                              MD5

                                              2a461e9eb87fd1955cea740a3444ee7a

                                              SHA1

                                              b10755914c713f5a4677494dbe8a686ed458c3c5

                                              SHA256

                                              4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                              SHA512

                                              34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                              Filesize

                                              372B

                                              MD5

                                              bf957ad58b55f64219ab3f793e374316

                                              SHA1

                                              a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                              SHA256

                                              bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                              SHA512

                                              79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                              Filesize

                                              17.8MB

                                              MD5

                                              daf7ef3acccab478aaa7d6dc1c60f865

                                              SHA1

                                              f8246162b97ce4a945feced27b6ea114366ff2ad

                                              SHA256

                                              bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                              SHA512

                                              5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\prefs-1.js

                                              Filesize

                                              10KB

                                              MD5

                                              2cbf52b17753f68b530af482344cd5c8

                                              SHA1

                                              1e3025577fa925dc6cd1b2c7924ecfe09b806b4f

                                              SHA256

                                              e85c0d17b7dc7ba13a7a459ef8799f70b11bcc9c93a7409fff7cf02c5b5f2e9a

                                              SHA512

                                              d60951aacbb456d496006a2c4d1fd77bb3877c0250880ac6434e31b3d99e20d4ea1b690f75ace8efcb18f6b2f98244a4f78bff13b0d2d1f6bf89f364cd8481d7

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\prefs-1.js

                                              Filesize

                                              9KB

                                              MD5

                                              6d0f45e38d36b533b2a5d9837c54cbf2

                                              SHA1

                                              e8b133c104eb11e0f23612665b99de18a9f0184d

                                              SHA256

                                              da064c4e0dd6f30ba922d2fb831929c43f1bbb63296802a5734f81654426fbd0

                                              SHA512

                                              7a5b79e10c1dfd98955c53987f7a43b6fa8cc43080e6ac1533e4c6d9b7e904873b62d9c407f981ee5c79823b3e018af518e8a344ca098dacd42cff32c2844d55

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\prefs-1.js

                                              Filesize

                                              11KB

                                              MD5

                                              178c1a619d28b30cf3785774f8dbf0ba

                                              SHA1

                                              a3f03d5e76703b0d4f4b0b63d40e7b52fdb48b6b

                                              SHA256

                                              0c0f22475ea2d1425eb9f5b646a1c9fd07d386e534b4a95556404c28744abe6d

                                              SHA512

                                              ef8d50eedf69461303a52d34c89be3e4895290144ec3b8c2bb7cf6871e77c0557c08e9cb77683224908d8748ad950f6a5e10bac0b049a25040b8d0ffff2fb4d8

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\prefs-1.js

                                              Filesize

                                              10KB

                                              MD5

                                              110a220aa1517ca1bcde0dd8039bc53d

                                              SHA1

                                              2b1f0f5df7b8b9ed69831b1b728262ffdbe18137

                                              SHA256

                                              c440af30ce247bb4a0ea229f6d924c40c4967c4e6032f10439f3c88670e9c77b

                                              SHA512

                                              058e6abcc038abd5113ddf9c20def8191bd6ad01cb31624a8d305fac6377e7504e43790a9f29b87d50c7b55d245de8816919ffed41215650b62253a688f99054

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\prefs.js

                                              Filesize

                                              9KB

                                              MD5

                                              df109fd86daa94571003e1b77576c2fe

                                              SHA1

                                              856974f62cf956153bd204a2b5e8ddbef92b7f52

                                              SHA256

                                              3b3452214a9c5a5a1dde2c3e183f5b41adf3d44c19e7ba039b2bcab4df5bf1e3

                                              SHA512

                                              4a531d5de8670f3a3108d18ca1c861ac133fbf611c73b42b79185d16766530a48e8cc0c4ac9e2c0b7e8345e7f8ce5c16e35923337c38b8958456ce8693b4acf0

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4

                                              Filesize

                                              1KB

                                              MD5

                                              6bc209741cba678f8fe2be70518e5a07

                                              SHA1

                                              ed0fd2edafb46bf27b72ec8e65595d4d2023232f

                                              SHA256

                                              d1dff420af789bccf43b91b694002efa3f1beea5c4c9e6418577e218f8f81cf7

                                              SHA512

                                              6deebe77d2d433def3790d5c919afd7186c23a8d76aaadff71e57d85f4ff515cb86c14fd67e42ea08bfc5cebdd26fa68939b481af3c91fd72e05626fe7b33c9f

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4

                                              Filesize

                                              23KB

                                              MD5

                                              8bc28e5e3ebfa3beaea6dd282405b2f7

                                              SHA1

                                              5a10827fcca8c379cee9d82d19bc4d50466addba

                                              SHA256

                                              f4882b9ea6c15bba08922180725255e263494d14a1ab9124724a5991f0ff82f0

                                              SHA512

                                              f6ecbd26fbdcb4247bf4aad0d801cd10ea0342361d975d16c7e2fc5d3e96a68728dd0a1bd24ce67dd4940516030720f282aee01bb54e7caca2b1f6f9f9655ce1

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4

                                              Filesize

                                              19KB

                                              MD5

                                              e9c3d31ef7286ec4cc443b26a9ef4703

                                              SHA1

                                              cf75f3fa390cd753d960347e513da4825b164879

                                              SHA256

                                              6940fd535ab4e7db945aea70b9a8913e1f176a229e74f90cf6d32199a938c2d0

                                              SHA512

                                              b54d2add1425f087fdde9da571ecd1154a6f8c536aa8320059f27c2cc1f1a6052dab693db231cd1e65b9765613954051610ffe54fc8fe123787a52c6b893e289

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4

                                              Filesize

                                              23KB

                                              MD5

                                              a9c7d41865024015295a310058af820f

                                              SHA1

                                              398725b7a7cdd2fba6cf318dcf2be0958da138d6

                                              SHA256

                                              7aa16ea46e59aa17d9a9b4213c83eb4c210e21ee28b6d9d9d38e0e32ccb2531d

                                              SHA512

                                              e1a8d0f60219e9c1633393e1593ecc52a7d020d0a86678c1078ffd062390a8adedce25dd0e5909af14a1a387b49299bc0fbfcc6afe05613d28fc9775fdbe410d

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4

                                              Filesize

                                              18KB

                                              MD5

                                              766c293d9ccd17263679d4887233ca7f

                                              SHA1

                                              cf3275da0d9f65c2a0907ab929d9cb5bcd56dceb

                                              SHA256

                                              84c82c2e8d829f04f6635aa80e3809fc3f4defab12253bf34f108212e176add0

                                              SHA512

                                              f783d9c7cc77250bfeb2935970980a61adf40c2b521f06873ed018c03c585ab49a6f976e96e5cbbaa26358aac3cb94e0f68fd1c7cfb01d7e376cded648f2c7f7

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4

                                              Filesize

                                              23KB

                                              MD5

                                              7b10ba9c560d10156bda4e4193daaafd

                                              SHA1

                                              5a055aa7f198b4a039846aba87540e4a6a8eb2a2

                                              SHA256

                                              63293d33be62ccccfe53cac3b3b823c313df40e2297923e43c838048b4403832

                                              SHA512

                                              3cf74f72742a2b22fd31225e9bbf406986f53b9965c8f5f53222fb7fa6f95a2ef7fd5dce85ef694f3e86dcf57ddb265a925650c0e3436a1e30f3c049560da5b0

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4

                                              Filesize

                                              27KB

                                              MD5

                                              8416a47f3c5801a68d242d552166cf76

                                              SHA1

                                              babab20ab7a70aa57dee939c568fea23629262e5

                                              SHA256

                                              5dd597c3188b958cae7937d2cd5e04509e072084481fa438dabb90916705680d

                                              SHA512

                                              a4748ed85587d83c97cae1dcaada0ee39ce091483aa0bed2f81a1d630849b49037f8ebd67562d456e006e29265eeb75f33b3267194b574d2fe557f43658aacbe

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4

                                              Filesize

                                              23KB

                                              MD5

                                              53041baf4b7573c6db53078bb230f7a9

                                              SHA1

                                              0220b5b846ff66a8fa981bc6f80845cf0d79dc9d

                                              SHA256

                                              595badd3cc8b3031e08528c6f34904aa38599cca9bb8e2f3fdc8309b28aff2e8

                                              SHA512

                                              d553ef756c883a57a58e808187b3e9ddbd3fb5e0df72961082cec90e146b1ffa749bf927f261d85a015c84fc4efb712303193d112063b13442fb82fa1775a90c

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4

                                              Filesize

                                              15KB

                                              MD5

                                              a95d067d4ce4911054a1188c7ace92fc

                                              SHA1

                                              5243d62b42763d63dcdf2ac0aacc969fbd7f30ce

                                              SHA256

                                              5c678db4d2e708f61ac12756c7adff3cbf3c86af1ad4f818308268e07742fded

                                              SHA512

                                              23074b882f184766f5ecac73a613f7386b48cc2b0419756c48722ad1506ef5a5c612d5941bf43ea946fea6b746e79c024bba6a211e94ad41bee7a055dc21dd3b

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4

                                              Filesize

                                              23KB

                                              MD5

                                              35d7c60565eee7024c381d42912628b2

                                              SHA1

                                              0415aef10795ebfa3121713a3d58cc6b7ab74663

                                              SHA256

                                              9bc9354e9ed2a6a266e321ccaf2cd6b713be2e06f3dcc574b0e58af896879260

                                              SHA512

                                              6e3903611ea9f2159b01d8ac954f8b9757c1a1feb38feaa02e719b206ebfaaab45d7c5e7143741370ec65ea4347b78104743c9041d09e8e34ef427aaf317d794

                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                              Filesize

                                              640KB

                                              MD5

                                              9630c10111caafb1453c388790a435fa

                                              SHA1

                                              66a7f4b78042d2e7394e4e4dd9d3c2d287e6e3a9

                                              SHA256

                                              7bc920504c1f4fe0423d10d98e8a8cea0d6454fa46860415389c9299bbc78140

                                              SHA512

                                              7f385c6a3a22eec085979cd03fe7bd1e4b7a17404824647d05db29d073533b456ed1f97f43400c7f2a206f6896399d83a275a49fd2ab23b3e661f0d493fa90c6