Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1197s -
max time network
1200s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
27/01/2025, 17:00
Static task
static1
General
-
Target
wallpaper.jpg
-
Size
706KB
-
MD5
c65150c033fdc25a206c5063f3975806
-
SHA1
31fe535ecac94a02d78157133736596d9d264039
-
SHA256
facbe2969600f7dc612edf2d0ab85317eb6f3cfd2da416a2ead7953bc4a13677
-
SHA512
149d51f885658bd18670f63bdfaeca08f45b86fabfbf35580222adfbb097a3dfc19045a2c57f62ca1c89cb9fe777f22c3d92f855c6ebb2a7256087aaac7304f3
-
SSDEEP
12288:EXlhYltolf/E/7Cdpou7aZa/K8LKuDQvawgKrTVDsuX0AheQPuPZ+cHTNW:EVhYltoZ/E/J38L7QvXr5wWhxPUFHTNW
Malware Config
Signatures
-
flow pid Process 93 4804 firefox.exe -
A potential corporate email address has been identified in the URL: [email protected]
-
flow pid Process 99 4804 firefox.exe 99 4804 firefox.exe 99 4804 firefox.exe 99 4804 firefox.exe 99 4804 firefox.exe 99 4804 firefox.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe -
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2449540194-3226363261-2578591490-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4296 mspaint.exe 4296 mspaint.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
description pid Process Token: SeDebugPrivilege 4804 firefox.exe Token: SeDebugPrivilege 4804 firefox.exe Token: SeDebugPrivilege 4804 firefox.exe Token: SeDebugPrivilege 4804 firefox.exe Token: SeDebugPrivilege 4804 firefox.exe Token: SeDebugPrivilege 4804 firefox.exe Token: SeDebugPrivilege 4804 firefox.exe Token: SeDebugPrivilege 4804 firefox.exe -
Suspicious use of FindShellTrayWindow 21 IoCs
pid Process 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe -
Suspicious use of SendNotifyMessage 20 IoCs
pid Process 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe -
Suspicious use of SetWindowsHookEx 32 IoCs
pid Process 4296 mspaint.exe 4296 mspaint.exe 4296 mspaint.exe 4296 mspaint.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe 4804 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1072 wrote to memory of 4804 1072 firefox.exe 98 PID 1072 wrote to memory of 4804 1072 firefox.exe 98 PID 1072 wrote to memory of 4804 1072 firefox.exe 98 PID 1072 wrote to memory of 4804 1072 firefox.exe 98 PID 1072 wrote to memory of 4804 1072 firefox.exe 98 PID 1072 wrote to memory of 4804 1072 firefox.exe 98 PID 1072 wrote to memory of 4804 1072 firefox.exe 98 PID 1072 wrote to memory of 4804 1072 firefox.exe 98 PID 1072 wrote to memory of 4804 1072 firefox.exe 98 PID 1072 wrote to memory of 4804 1072 firefox.exe 98 PID 1072 wrote to memory of 4804 1072 firefox.exe 98 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 3208 4804 firefox.exe 99 PID 4804 wrote to memory of 2208 4804 firefox.exe 100 PID 4804 wrote to memory of 2208 4804 firefox.exe 100 PID 4804 wrote to memory of 2208 4804 firefox.exe 100 PID 4804 wrote to memory of 2208 4804 firefox.exe 100 PID 4804 wrote to memory of 2208 4804 firefox.exe 100 PID 4804 wrote to memory of 2208 4804 firefox.exe 100 PID 4804 wrote to memory of 2208 4804 firefox.exe 100 PID 4804 wrote to memory of 2208 4804 firefox.exe 100 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\wallpaper.jpg"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4296
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵PID:1508
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1072 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Detected google phishing page
- Detected potential entity reuse from brand GOOGLE.
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4804 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1872 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d605b9-713e-4601-91c7-f51775ac679f} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" gpu3⤵PID:3208
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {549b6dc0-7b1f-43aa-852b-e61886175468} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" socket3⤵PID:2208
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1064 -childID 1 -isForBrowser -prefsHandle 1436 -prefMapHandle 2732 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2442376b-ab7c-428f-82a0-4dfd4764c1cd} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:4780
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebcfe6ca-b725-4b54-9eae-87a17dc7be22} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:4216
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4620 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4616 -prefMapHandle 4612 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {229981f6-c2fa-41ef-bfae-15127dc9074f} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" utility3⤵
- Checks processor information in registry
PID:5300
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 4824 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ca0ebad-7e74-4fe0-95f3-bdae7fc627f7} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:3292
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 4 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dde72b27-94f8-44a9-b02f-39099024c392} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:1316
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5624 -prefMapHandle 5440 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f995e6b-f7c3-41ef-8674-0c4e6202be41} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:4328
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3324 -childID 6 -isForBrowser -prefsHandle 3952 -prefMapHandle 3948 -prefsLen 33043 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10642caf-9e06-4d4e-9ee3-89ce002456b8} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:3016
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6620 -childID 7 -isForBrowser -prefsHandle 6428 -prefMapHandle 6596 -prefsLen 27552 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d0cf29e-8e1b-496d-91d2-90c3a7b72a0e} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:6136
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7024 -childID 8 -isForBrowser -prefsHandle 7048 -prefMapHandle 7044 -prefsLen 27602 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {661beb05-2df2-49f1-9375-da51709e8666} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:5212
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7048 -childID 9 -isForBrowser -prefsHandle 7240 -prefMapHandle 7244 -prefsLen 27602 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ba791a5-115b-4939-8d4a-c06b3fb67b91} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:5244
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7340 -parentBuildID 20240401114208 -prefsHandle 7212 -prefMapHandle 7332 -prefsLen 33419 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7989ceae-bef3-4a06-a93b-0445bdbc2d7d} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" rdd3⤵PID:5936
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7408 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7400 -prefMapHandle 6060 -prefsLen 33419 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a86be04-e59f-49c9-9e32-9be66a54397f} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" utility3⤵
- Checks processor information in registry
PID:5956
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 10 -isForBrowser -prefsHandle 5820 -prefMapHandle 5836 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2973a6d2-ac72-4d0b-a9a9-52050201fedb} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:5600
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1288 -childID 11 -isForBrowser -prefsHandle 6676 -prefMapHandle 6864 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {622943bd-9a87-4ac6-93dc-6834208741f0} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:4416
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 12 -isForBrowser -prefsHandle 5716 -prefMapHandle 5704 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c672ffc5-cb2c-4e5e-9e46-06e1631c1da3} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:2968
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6028 -childID 13 -isForBrowser -prefsHandle 5684 -prefMapHandle 5680 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcfb77e1-9a39-4885-a919-a61e40583b98} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:2804
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6756 -childID 14 -isForBrowser -prefsHandle 6880 -prefMapHandle 6668 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e31bf80-6d8c-4ba6-bc7c-bbb6ca7f5ae7} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:5088
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6220 -childID 15 -isForBrowser -prefsHandle 3036 -prefMapHandle 7752 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {832fb6e2-36d1-43fe-9f57-23d34e0d180a} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:5960
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7852 -childID 16 -isForBrowser -prefsHandle 6756 -prefMapHandle 7868 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9db2b58-03c9-4b3a-9874-fecc8b05e38a} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:1384
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2560 -childID 17 -isForBrowser -prefsHandle 7140 -prefMapHandle 7012 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69be4d1b-f3a4-4714-9457-42a31f8dfe0e} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab3⤵PID:1412
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\activity-stream.discovery_stream.json
Filesize21KB
MD58f103cd52f284ce1e77bc8760c140b31
SHA1a0d22cb00bc6ce132e520b3fc790db8d5fb7ff2d
SHA256517149c893924868e07eac2fc522e038552ed237977402ce9edcad36412e27ba
SHA512c2ee8b7dd61a83b688b4585ccbb36b95bf2519a20156049e59dba413c645c47b003ef98a9c6790946404e981e6c870ddf5ef9d49b04f864bf02e3e1b4cf98c2d
-
Filesize
13KB
MD5a5c372849537af0598be8dd48f7a8b37
SHA128280101824be39f14f641e1448f85f9c48be2ab
SHA256f3a2dbf1e0dcbba6b554596419c1a3e5cb4680c5587d64e8e67e60349bc8ed66
SHA512a47a5a13d15bd530c4bd8708aa762ae8cf05afd7bfbae78f241fe8c3ed884c152a01ddc61808a3d4897da42d8ab9fbf1a8cf858fa90da87a4f6b74c1955d0175
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\cache2\entries\9101746EA8258A5B97B04A344FC767B0D7D65A64
Filesize59KB
MD5d7858cadf931e1cc8778ce5ab3e1cf77
SHA1abed47a7625acf9f1711e647b20884b1e231d687
SHA256d8af935ce1755d74d5abdc42f7ae87c9880b8af109a7d92a2f63fc988d369091
SHA512986e6d313edcc1adce76afcb06ec6393cf4087b3a2be3d1b2b7f6cec75fb5e20a1f31009b59dac55e2966e7ce22646b521d63700ce9eaa92b3e1bb781ea186f0
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\jumpListCache\k5IAd5bmbBeGvGVjASMRd4I1kROajJV1HK8HHQSXS7k=.ico
Filesize691B
MD542ed60b3ba4df36716ca7633794b1735
SHA1c33aa40eed3608369e964e22c935d640e38aa768
SHA2566574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA5124247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\thumbnails\94352378ea009f591bc74551cfdc01b1.png
Filesize6KB
MD511893fe8163fba916a5cc4190640105f
SHA1118149e6602f9fbccf06b7c39381cb8793ab45a1
SHA256ab619ba96835159f27998cab9cda06abd67e678fc8ca301b2425295cdaa1a8f8
SHA5129513c7abb01b8cefa4281794f143e8f4a7328bee9f5fba6c74770281aff562ceaa5dd5fc9fdf5bd80e5238b9ba70461bf2dfbb5b8b7b2a8c02284c7862636244
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize23KB
MD5b26abd3a3c164d036dd5a028278959f6
SHA1637fcc20dc722a10c915fe11d6295db2b2c14610
SHA256ff47515ed99cdd02e2e7bf1510701390b1b31d017927a9a085d00fca90f41602
SHA5123c60a92412e20d0bc85f13ebfa3ae1af30a199bc235cba0fb84893f3bf8e8c87f966bc4febb712696e1ca70c149e1a42608613129c52284c943a7b972396b35e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize23KB
MD5751acecbabefb16186dff2c047f94cb9
SHA16a14a7cf464730ea1597c59395f3aecad480bbe4
SHA256a08f958f2a087063bc9f2f3fe08f2892c0ab32c7cf649651cad934ef7de9505a
SHA51272e6fd949d6f52a0b6b2a16244ad25105ddbd14e74fe1ee6b565af17b9d8b3c7b4b4df72c2b690c4b9d42eecad038a1ed275de3cee68109e5b8e7136fcb1751b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize24KB
MD50e44b9eefc46331fed1e75ea097f2c66
SHA1217613ab734b1df064b100bbfaf32b8fafd9aef0
SHA25617fdc23e260586ed0e3e3d853188b584e61d02297fcfd64b360de1714c79b803
SHA5120fe8c81ce480a7c9845ff310494579de0dd0ac405a434c19768c0cf997743b497d36f49c42800695987ef4d4213cd635f19587064207d714afe00efd632fa890
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\AlternateServices.bin
Filesize21KB
MD55792385bcf9d3dfaaddb89227e6b586b
SHA1d6f9e047eb4a73ddaf4d3a8fd761790170ae7e2a
SHA2561a0f967dde09f6bfd7ef38ae68f101441bac3e0fd16a1b901bd41464cc0b6a09
SHA51275ce0c92eb022045459ed4a0fd8fa7e6b346e48b4b73f5e6fe4b3fd9c468150eab722050fcd7c1ab7a16c037cb3364e1ca87692f24a37ab5e03ace148d30f221
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\AlternateServices.bin
Filesize7KB
MD5aa627985f69faf6b5c8938db94062347
SHA1628c7beb4614afa1afa340a926d20b7c45a3c89d
SHA2567d4148e5d1174fd9e7971f6eb066b294b83ecd413f2bf57f2af026046659e4de
SHA51294c2a7c2322397335c9fbcc69f6f53ccbd150449d68c6771b957f3b3ea0eaefc4098ef628994aa6b297c45d6f396b6f63bd413cd9e4e0fbdb872c4f4af865bac
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\AlternateServices.bin
Filesize16KB
MD55307998aeff01c0e36f8c57f28318b60
SHA1e18a00529bd6ba398e363be4ae997d33c07dcc1d
SHA256eff3f38427c0302e1621f05e6ffc8d386c96ca2e09b9b3564a7e79e8ef51b117
SHA512ff5bfab500b6dc003579d64f3cc4891db5643d8d4840f8615bcc12277d7efa105c84fc18efcc72aa8b9fc2882c8e939ebd8271958222804673ea78106d20e6e4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\bookmarkbackups\bookmarks-2025-01-27_11_k9c4cHCwDm-06SJ8j2XzNg==.jsonlz4
Filesize1017B
MD577094adb05c103038609be1864bb6059
SHA1fee44263833f63ce2f7684c944b6c9840809171d
SHA25687e598a9a78d43c6d1be02b0849e73cb584468a05f43a7d49fbc9153e9482b4a
SHA512b6abf7ad1b1abe8390f6421efeacd823a506dd461b68e710ef9ac900b599872f76c5fac20d483c1032b8392b676a707b677c58069590c2bb3e09956210ec098f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5f3905ae6219cfb2bf4a9291d3088c126
SHA13a64fbaddb4b8b61c044e3f313fca04b06ea88a7
SHA25636583df7ed5474d484c4f538ef981070fb74583fd9c98cad895421ba652003f5
SHA5127cc0a35f3cbd5be33d13ff9797a53182efb2342fca5a78b388fefc94fb4425f6ae5f6e681853f528d1e55e5815249218f218023b770c3efc5decd3278a85c20f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5b6344be864a1530a4f41edb1b2ff16f5
SHA17fca8046c01828ed0351e91a83a80ffd8f723d12
SHA2565956de3fa4a54428fa3a9991eb537c8554fd4241bb9ff3575cb934ddcb592547
SHA512a57a96d2fd1da64327d70b35701e811142a1dafd431f6fa229a0221e4f3933f73841602431cc49756ffefa5a9acfb9bb0caf28358686b9d4098b11be31f8a885
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp
Filesize7KB
MD5d0563c85048734ada7d2ce7d0415707c
SHA171e613d25aaf96acfc6345d6305a77a3a0490f16
SHA256f6afbd2f0c37e3e20036370c0924cbf2fe244cb58768d9f71b37905378d30bc1
SHA512bfc67f22c46ab82ebbe0121709d8c45597511946d44031bd9771f1ae57e1aa7b35808dea92abc6032519a0eefd9c304392cf27993cc9fb15e2bdecd5a45587b5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp
Filesize81KB
MD52d0ca8a213daaeb978ab48bdb9ca892b
SHA1a47dc2eda7e43915e3e605ddf66eae1eb39e51b7
SHA256b6900c44318f5e8bc517dbe2d8a624987c5b6c8684e5eda5303f262415151be9
SHA5120b08cfbed1a2c86105f9ade8d9423f08fdb8fe34510b5e5c751ae5e2a7294c0e767dfc1cd1b8099ace78c3f620714db9f94279a48281875eec8124b574a383aa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp
Filesize81KB
MD5c23302fc378c28cd1904911a6349b65a
SHA1ff47d05f5d4f67a7df2218c8941b5b2965aeed0a
SHA256556f47ea02274efd65beeb570845a00199c5f2b439a54dd9fa1aae6e226212ca
SHA51268079b0bb3c72111fabb1a49257be832fea24c932067b134f794db5e52bd159279a1a6d999bea5410c0c54c7842c2251ce47bffd163d196b028f6f744c48744c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\pending_pings\206ffe01-be48-498a-b420-d5ca07a75eba
Filesize982B
MD52b43b4c0ccfe9c30a4589d67ffc31a4c
SHA1fbdd091091266104993513c21d69a0bf7805c08e
SHA256bd9524d9e74b2ddfdd8b06ad8f36e8dd57d4dce2f22d135ac348f5a5ec5ee63b
SHA51261c18c342d01a46aa20e3b23206bccf20399a732f6d2fdc56de9c60c76e629f482c59fadaeb18f0f8f2e8ee4285a3a142d85e331b5800fb4a34f5703d3af1ebf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\pending_pings\3f61160f-1fd3-4ad6-bf1e-8ff90e0567a5
Filesize671B
MD50a5433918c704cdd48bd2cf6a68c9305
SHA19e6568f9a017be79290fdbf9367aeaae40911cf5
SHA2561addc1529946a70f854acf686008d9822682fd255540144e519785346268205b
SHA512a69d7b2b7cc057cd3f7dd0b4f4454437b284d4198fa09cae2fdc284cf835c2f4bc9fd2d4bd95514afa292841256e7cae60d47649fa88a93b6f21a6245709ad17
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\pending_pings\7f1c9dc1-7448-40d9-807a-a82f6b2cc2e9
Filesize26KB
MD5342c909019f7074f83d456ec58d1a765
SHA12001fb11be51c6b86b3f71551a74e655c70a664c
SHA256fbfa0e5f8143472385edd838c46b72eb5e707f30d51ab24c38a3d7d22c8a837d
SHA51253573084c27050af7a2fdb40689e55ad9f0d4e212771be4618e8c7ef00a17a35de5d45323c0bdf047178c399af7137374a5e20cb7c773db05712021bcdfc00f8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD52cbf52b17753f68b530af482344cd5c8
SHA11e3025577fa925dc6cd1b2c7924ecfe09b806b4f
SHA256e85c0d17b7dc7ba13a7a459ef8799f70b11bcc9c93a7409fff7cf02c5b5f2e9a
SHA512d60951aacbb456d496006a2c4d1fd77bb3877c0250880ac6434e31b3d99e20d4ea1b690f75ace8efcb18f6b2f98244a4f78bff13b0d2d1f6bf89f364cd8481d7
-
Filesize
9KB
MD56d0f45e38d36b533b2a5d9837c54cbf2
SHA1e8b133c104eb11e0f23612665b99de18a9f0184d
SHA256da064c4e0dd6f30ba922d2fb831929c43f1bbb63296802a5734f81654426fbd0
SHA5127a5b79e10c1dfd98955c53987f7a43b6fa8cc43080e6ac1533e4c6d9b7e904873b62d9c407f981ee5c79823b3e018af518e8a344ca098dacd42cff32c2844d55
-
Filesize
11KB
MD5178c1a619d28b30cf3785774f8dbf0ba
SHA1a3f03d5e76703b0d4f4b0b63d40e7b52fdb48b6b
SHA2560c0f22475ea2d1425eb9f5b646a1c9fd07d386e534b4a95556404c28744abe6d
SHA512ef8d50eedf69461303a52d34c89be3e4895290144ec3b8c2bb7cf6871e77c0557c08e9cb77683224908d8748ad950f6a5e10bac0b049a25040b8d0ffff2fb4d8
-
Filesize
10KB
MD5110a220aa1517ca1bcde0dd8039bc53d
SHA12b1f0f5df7b8b9ed69831b1b728262ffdbe18137
SHA256c440af30ce247bb4a0ea229f6d924c40c4967c4e6032f10439f3c88670e9c77b
SHA512058e6abcc038abd5113ddf9c20def8191bd6ad01cb31624a8d305fac6377e7504e43790a9f29b87d50c7b55d245de8816919ffed41215650b62253a688f99054
-
Filesize
9KB
MD5df109fd86daa94571003e1b77576c2fe
SHA1856974f62cf956153bd204a2b5e8ddbef92b7f52
SHA2563b3452214a9c5a5a1dde2c3e183f5b41adf3d44c19e7ba039b2bcab4df5bf1e3
SHA5124a531d5de8670f3a3108d18ca1c861ac133fbf611c73b42b79185d16766530a48e8cc0c4ac9e2c0b7e8345e7f8ce5c16e35923337c38b8958456ce8693b4acf0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD56bc209741cba678f8fe2be70518e5a07
SHA1ed0fd2edafb46bf27b72ec8e65595d4d2023232f
SHA256d1dff420af789bccf43b91b694002efa3f1beea5c4c9e6418577e218f8f81cf7
SHA5126deebe77d2d433def3790d5c919afd7186c23a8d76aaadff71e57d85f4ff515cb86c14fd67e42ea08bfc5cebdd26fa68939b481af3c91fd72e05626fe7b33c9f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
Filesize23KB
MD58bc28e5e3ebfa3beaea6dd282405b2f7
SHA15a10827fcca8c379cee9d82d19bc4d50466addba
SHA256f4882b9ea6c15bba08922180725255e263494d14a1ab9124724a5991f0ff82f0
SHA512f6ecbd26fbdcb4247bf4aad0d801cd10ea0342361d975d16c7e2fc5d3e96a68728dd0a1bd24ce67dd4940516030720f282aee01bb54e7caca2b1f6f9f9655ce1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
Filesize19KB
MD5e9c3d31ef7286ec4cc443b26a9ef4703
SHA1cf75f3fa390cd753d960347e513da4825b164879
SHA2566940fd535ab4e7db945aea70b9a8913e1f176a229e74f90cf6d32199a938c2d0
SHA512b54d2add1425f087fdde9da571ecd1154a6f8c536aa8320059f27c2cc1f1a6052dab693db231cd1e65b9765613954051610ffe54fc8fe123787a52c6b893e289
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
Filesize23KB
MD5a9c7d41865024015295a310058af820f
SHA1398725b7a7cdd2fba6cf318dcf2be0958da138d6
SHA2567aa16ea46e59aa17d9a9b4213c83eb4c210e21ee28b6d9d9d38e0e32ccb2531d
SHA512e1a8d0f60219e9c1633393e1593ecc52a7d020d0a86678c1078ffd062390a8adedce25dd0e5909af14a1a387b49299bc0fbfcc6afe05613d28fc9775fdbe410d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
Filesize18KB
MD5766c293d9ccd17263679d4887233ca7f
SHA1cf3275da0d9f65c2a0907ab929d9cb5bcd56dceb
SHA25684c82c2e8d829f04f6635aa80e3809fc3f4defab12253bf34f108212e176add0
SHA512f783d9c7cc77250bfeb2935970980a61adf40c2b521f06873ed018c03c585ab49a6f976e96e5cbbaa26358aac3cb94e0f68fd1c7cfb01d7e376cded648f2c7f7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
Filesize23KB
MD57b10ba9c560d10156bda4e4193daaafd
SHA15a055aa7f198b4a039846aba87540e4a6a8eb2a2
SHA25663293d33be62ccccfe53cac3b3b823c313df40e2297923e43c838048b4403832
SHA5123cf74f72742a2b22fd31225e9bbf406986f53b9965c8f5f53222fb7fa6f95a2ef7fd5dce85ef694f3e86dcf57ddb265a925650c0e3436a1e30f3c049560da5b0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
Filesize27KB
MD58416a47f3c5801a68d242d552166cf76
SHA1babab20ab7a70aa57dee939c568fea23629262e5
SHA2565dd597c3188b958cae7937d2cd5e04509e072084481fa438dabb90916705680d
SHA512a4748ed85587d83c97cae1dcaada0ee39ce091483aa0bed2f81a1d630849b49037f8ebd67562d456e006e29265eeb75f33b3267194b574d2fe557f43658aacbe
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
Filesize23KB
MD553041baf4b7573c6db53078bb230f7a9
SHA10220b5b846ff66a8fa981bc6f80845cf0d79dc9d
SHA256595badd3cc8b3031e08528c6f34904aa38599cca9bb8e2f3fdc8309b28aff2e8
SHA512d553ef756c883a57a58e808187b3e9ddbd3fb5e0df72961082cec90e146b1ffa749bf927f261d85a015c84fc4efb712303193d112063b13442fb82fa1775a90c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
Filesize15KB
MD5a95d067d4ce4911054a1188c7ace92fc
SHA15243d62b42763d63dcdf2ac0aacc969fbd7f30ce
SHA2565c678db4d2e708f61ac12756c7adff3cbf3c86af1ad4f818308268e07742fded
SHA51223074b882f184766f5ecac73a613f7386b48cc2b0419756c48722ad1506ef5a5c612d5941bf43ea946fea6b746e79c024bba6a211e94ad41bee7a055dc21dd3b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
Filesize23KB
MD535d7c60565eee7024c381d42912628b2
SHA10415aef10795ebfa3121713a3d58cc6b7ab74663
SHA2569bc9354e9ed2a6a266e321ccaf2cd6b713be2e06f3dcc574b0e58af896879260
SHA5126e3903611ea9f2159b01d8ac954f8b9757c1a1feb38feaa02e719b206ebfaaab45d7c5e7143741370ec65ea4347b78104743c9041d09e8e34ef427aaf317d794
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize640KB
MD59630c10111caafb1453c388790a435fa
SHA166a7f4b78042d2e7394e4e4dd9d3c2d287e6e3a9
SHA2567bc920504c1f4fe0423d10d98e8a8cea0d6454fa46860415389c9299bbc78140
SHA5127f385c6a3a22eec085979cd03fe7bd1e4b7a17404824647d05db29d073533b456ed1f97f43400c7f2a206f6896399d83a275a49fd2ab23b3e661f0d493fa90c6