Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

03/02/2025, 04:32

250203-e6ebbszpfx 5

03/02/2025, 04:32

250203-e5383aslam 3

03/02/2025, 04:28

250203-e32bpaskeq 3

Analysis

  • max time kernel
    84s
  • max time network
    86s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250128-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    03/02/2025, 04:32

General

  • Target

    Nezur_External.zip

  • Size

    6.0MB

  • MD5

    66a4279526448b5732710b454881ce72

  • SHA1

    0f4839b749475d58486ab7056837d6e240d26060

  • SHA256

    da3e8288c6a92b776a56fdd71b436ff8621c9cc7967b64a425425044833c8d6c

  • SHA512

    29ad72935de08a40bbd77b23dd19a4930f8f3e42d6f04928f267fd6367a710e07873cd1966b525575882128c98bebc72d6dcc38445df9a245409a1a9bd9faf6f

  • SSDEEP

    98304:kwTxEiF/Ai+9pHom5LEFzBc3PsCACVy8siIHDEP2FBWY2tQHvoYlbg3cd+yeV5Ah:1E8Ii+7Ho2EFUsCLtTIwPtCAObgEeTAh

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand GOOGLE. 1 IoCs
  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 48 IoCs
  • Suspicious use of SendNotifyMessage 46 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Nezur_External.zip
    1⤵
      PID:4884
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4004
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2216
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Detected potential entity reuse from brand GOOGLE.
          • Checks processor information in registry
          • Modifies registry class
          • NTFS ADS
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3920
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 27175 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8e0a0d5-51b0-477f-8537-5b1e012d42b2} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" gpu
            3⤵
              PID:3996
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 27053 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a6aba8c-0fa6-4a40-abed-623fd921319e} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" socket
              3⤵
              • Checks processor information in registry
              PID:4056
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2956 -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3160 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3352b39e-1e3d-4095-be68-af8f8ba36195} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
              3⤵
                PID:3576
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4068 -childID 2 -isForBrowser -prefsHandle 4060 -prefMapHandle 4056 -prefsLen 32427 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91417e12-2992-4875-85c3-f6fe1ad7d96a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
                3⤵
                  PID:1868
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4800 -prefMapHandle 4768 -prefsLen 32558 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c995d06-69ea-4010-aeb2-f9764e6b44ca} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" utility
                  3⤵
                  • Checks processor information in registry
                  PID:5264
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 3 -isForBrowser -prefsHandle 3516 -prefMapHandle 3496 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {602f7f32-97a8-4182-b7cc-1430b99e67bb} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
                  3⤵
                    PID:5980
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 4 -isForBrowser -prefsHandle 5612 -prefMapHandle 5608 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee1791fc-0d11-4908-99b0-75724046066a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
                    3⤵
                      PID:6036
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 3496 -prefMapHandle 5816 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {098cbdee-39fc-4897-a2e5-77bc2e7a0915} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
                      3⤵
                        PID:6100
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6192 -childID 6 -isForBrowser -prefsHandle 6184 -prefMapHandle 6180 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c6c6529-8bb2-453a-94e6-4396f1743d7a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
                        3⤵
                          PID:2188
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4072 -childID 7 -isForBrowser -prefsHandle 4644 -prefMapHandle 4656 -prefsLen 27823 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce521162-b8fe-481d-98e5-2d86169a1da2} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
                          3⤵
                            PID:6020
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4552 -childID 8 -isForBrowser -prefsHandle 5448 -prefMapHandle 5528 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe38f34b-5875-48e0-a719-bc158ca04add} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
                            3⤵
                              PID:5312
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3076 -childID 9 -isForBrowser -prefsHandle 3012 -prefMapHandle 3280 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {907f1457-49cb-40c2-bab0-0c007b6be323} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
                              3⤵
                                PID:3724
                          • C:\Program Files\7-Zip\7zG.exe
                            "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Nezur-Executor-2024-main\" -spe -an -ai#7zMap32116:110:7zEvent15415
                            1⤵
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            PID:5896

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oit9jcbf.default-release\activity-stream.discovery_stream.json.tmp

                            Filesize

                            22KB

                            MD5

                            e1220c1529a441fa19934f1b94f484d5

                            SHA1

                            bd364e1168efdfb428f7f59693cae0d8edfeea2a

                            SHA256

                            cee5137f622cc908e015005ac152fd04a267aae871da5a5b461a7c55fce3b42b

                            SHA512

                            ae3520f31513beeeb366c724bf6978a790b275d79a583021e7822430e7232a2475933c24c5b2b115ca512ffe17299c79520f2fcb650683de2e15436343b0172c

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oit9jcbf.default-release\cache2\entries\D947845403205EA7F2B4DF066D1698C80C704952

                            Filesize

                            190KB

                            MD5

                            5cbebcabae8bb21a3c282252456b7104

                            SHA1

                            b2269fe337a77bdb527ba07df848070d6c4e5cec

                            SHA256

                            a0a03f626f86652250c9785ecd3ef9b6663ac17169109dac37fcdaa501316874

                            SHA512

                            724d8ca5950e394cb9667e9f26b85130badd57fec238de5aec4d0a18d9972e957d4adcdacd1d3b4ec334b68e355fda9e86974f4854dab06c0be713da0f684d64

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                            Filesize

                            479KB

                            MD5

                            09372174e83dbbf696ee732fd2e875bb

                            SHA1

                            ba360186ba650a769f9303f48b7200fb5eaccee1

                            SHA256

                            c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                            SHA512

                            b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                            Filesize

                            13.8MB

                            MD5

                            0a8747a2ac9ac08ae9508f36c6d75692

                            SHA1

                            b287a96fd6cc12433adb42193dfe06111c38eaf0

                            SHA256

                            32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                            SHA512

                            59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\AlternateServices.bin

                            Filesize

                            8KB

                            MD5

                            42f79599c36913f10b304641cb101ffd

                            SHA1

                            23d46402f0de1d56929109e700d7c190b329e5cb

                            SHA256

                            66dd0aa95a97ce0c7431e6472f6766e6d27b0c5db74832a283aec83426ebbe6d

                            SHA512

                            f28afc788f3b2c6c24007a7a797c9c24521d1fd45e07ab8842d47519dc9d90a67e1eaca467e545cb1cd420dd5d921193e1f42e715b82233090edfe03559caef7

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\AlternateServices.bin

                            Filesize

                            12KB

                            MD5

                            f459b009d2a97da43f3664f945df9913

                            SHA1

                            f06f99bc6d68fcb3d59cd966decda58e27820049

                            SHA256

                            3dcc6cd8b1ffb7ecaff304734b736fe39e655ce45ba4678fbe97e8fbe9545cf2

                            SHA512

                            d3bc9a72cad8f4e0703a051933fdb35d7e81ed6c646d4927e943aac61b562599d1d392174e7333ce1a3b57903a5042d1cfbe6d5539d49243ceca749020b3de1a

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\db\data.safe.tmp

                            Filesize

                            6KB

                            MD5

                            fb40bc48d0431355f2ee4d6b55a5db41

                            SHA1

                            6a0673838aab99a5c93564b42ffe63f658f4e320

                            SHA256

                            2c47239acdd87ca39e1c5a70f380f3996fe917f6047d0b819ed2f04a6660ca05

                            SHA512

                            7248ba5c357e6fdca285de7b37498b5f3bc6c4045c224f9c9b80b6517b117eaf2d17c143138606cd635a3470a91d60f88fbd73c6b67d8f3923d049f9f30f8b9e

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\db\data.safe.tmp

                            Filesize

                            5KB

                            MD5

                            9304ae6fd0a669fdac165e65236cdd46

                            SHA1

                            5ca1260868124dd56a988a15c3fa01b600cff997

                            SHA256

                            ca3aaca2ba9cf5b92a9d4696619acfd3c7e5ea8eb94aafb4d440768ed327b1d3

                            SHA512

                            15a959427987ef5bda08e38fbe0a086e03d8c962f6c577538108cf9687244396ff0a3dcad019d7fe47972e4273799fde83c38bce733af386d96c986ede12054d

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\db\data.safe.tmp

                            Filesize

                            7KB

                            MD5

                            ae1f41de21d418231ffea098bbd051d5

                            SHA1

                            1d5228c071267e331cb64f56c261bbef9c5b2727

                            SHA256

                            01e74efa22368c680fbb80134d62ec1ee1a48d3975333a467b28bc97fd3a9a2f

                            SHA512

                            c53b067a16da467c2e1b0b78cf7b295c14d66b2ad1e86c742f1dcf257fd51e67ac8f7fe9e6923662f7b2d06d5f758b6fb8b56d811fba8398931ceed3d66457dc

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\096e1b30-9697-482c-8a53-5a47b49e9ce2

                            Filesize

                            982B

                            MD5

                            12db0af0cdb8e288e448efe8c17faa23

                            SHA1

                            50d35170fd300874878135095e4237968844c71e

                            SHA256

                            63aae523e05fa60e6b40ad6cc1535010d9cb50c3382d9091ada2c88592fdcbf9

                            SHA512

                            aa0a175fa6013937cc36b28f190ec557ba2f855246b6248258afde513555701c2c755055bc9c13dd510636aac06a41921b521f553509040b334482f9df11ef48

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\097c7cb3-6f19-46b3-a345-268e228d3448

                            Filesize

                            671B

                            MD5

                            00c470a64365d6e83811b33927c6c78b

                            SHA1

                            b2a9a3df22b5013425b28cddd1b152876dee65ea

                            SHA256

                            d2ee7832a40bdf9ba51d96c9611200f9e3704559656c0bb2cece8cedc90cdcb3

                            SHA512

                            7ebe939e7c8b548039bd4ea1ea3b66204d2fa1b1ff1230fcd4e23489a65cc4e07303068ef986bd63fce81a762ec93264b0b3239a579a84c58deb36984475316d

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\2f62478a-267d-4d75-ac4c-b9e09880ba09

                            Filesize

                            18KB

                            MD5

                            7f57dc0aca51a327e7eb47fa51477457

                            SHA1

                            4c80cc255468f6571a8017a4495ec88f43903e08

                            SHA256

                            41ec1f378c31c5d882e7a2b1aa5b88f03c1199e10bd64f16a468327d5942532e

                            SHA512

                            6ec1cd06b56db19e5c5625f260c7ff82196f8b13a54831af472f4269f1258fa598a4bd98ed95391a441413d8e28707c3937994f10e1d895ce0458c63d8415bb5

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\da7f955f-5951-420c-9017-3141ce2ae589

                            Filesize

                            25KB

                            MD5

                            1dfb0c31fef22df42a171d9b2741e8a8

                            SHA1

                            c7bd8ed101950a9b0d3fb82b885c4312c0f381b7

                            SHA256

                            276d3b63c16116da081ba3a1d67daf13aa17c05089d1cd7b1029acdeb8e98d17

                            SHA512

                            71a8f434f2a42a9cdda7aeeeec58a5f3eb9eeb7fba778de62de88909675bcb83bb624ba68990ccd4b4637dd95e57f4dd6547c2396883fbabd16e64d6601ad362

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                            Filesize

                            1.1MB

                            MD5

                            842039753bf41fa5e11b3a1383061a87

                            SHA1

                            3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                            SHA256

                            d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                            SHA512

                            d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                            Filesize

                            116B

                            MD5

                            2a461e9eb87fd1955cea740a3444ee7a

                            SHA1

                            b10755914c713f5a4677494dbe8a686ed458c3c5

                            SHA256

                            4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                            SHA512

                            34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                            Filesize

                            372B

                            MD5

                            bf957ad58b55f64219ab3f793e374316

                            SHA1

                            a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                            SHA256

                            bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                            SHA512

                            79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                            Filesize

                            17.8MB

                            MD5

                            daf7ef3acccab478aaa7d6dc1c60f865

                            SHA1

                            f8246162b97ce4a945feced27b6ea114366ff2ad

                            SHA256

                            bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                            SHA512

                            5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\prefs-1.js

                            Filesize

                            10KB

                            MD5

                            bcaa31512128893991697ede8712751f

                            SHA1

                            c955d426f1da2b32b755bac80edd013df45a993d

                            SHA256

                            57c49ad412811af9450a930bb0182f2740a0e8c2682236bba5f5b02def433daf

                            SHA512

                            fd8c4e21243b060a1cca672d4611e2c1bedd51b3ece9c1c879efb1caff4385f26e15089aa76c25b295bb84dea199ac1279b5e24a68f3890d5b43ca4f2d715cde

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\prefs-1.js

                            Filesize

                            11KB

                            MD5

                            6b431ad7338ca4765e9a75d7dae1243e

                            SHA1

                            abda97c5467a0f5d85d05050eb5df0926dee75e9

                            SHA256

                            b9ec3c98b386cab3d9418007889c32833f4bdb32d3ab13f6d4512a563cc0162c

                            SHA512

                            d41a6fe2eb0269c5dce58bb668c6339921918d4d02348105689f6eda6e08d3dcf68fc7003087f3e6d75503f410da52cc9a2fc637f020152efc0c0c5eb77c7c26

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\prefs-1.js

                            Filesize

                            9KB

                            MD5

                            f475241362814a5233d8b8740c6bd155

                            SHA1

                            988538c82d396228ccda60cd345cfa520a7a1009

                            SHA256

                            627fdd64908a449eebeccc343cfa8cc9abf9ac86093dbb242ec4afd06c376e76

                            SHA512

                            ada38f487d97de472b4140cdeb914ee89fc5fde1cf336b45a0fa64549469b81de26ec2f504e03e5dead3855d9060f7209e40c7a99061c2d85837d5e5ed258ef0

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\prefs.js

                            Filesize

                            9KB

                            MD5

                            cab9922a742f8aefb21d7c90eb42a59b

                            SHA1

                            03a4b3363716cf169d56513a7f045f40dc6e23a9

                            SHA256

                            dbb987053b5bfe0aa08373d926237ccdcc4de0e9fa6c7cd42a567894aebb6a7d

                            SHA512

                            1304ccc01489aef992d9c0c9e5b9f679335b475ba1124a83d08ab630e52c0b5833e58bfda6cc9f65ac4465203f60d098be3ac6de05aceb75d8b66cae04d5b334

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4

                            Filesize

                            4KB

                            MD5

                            965ffbffdee8bf8629f522526bfa03cb

                            SHA1

                            dc1b6539a5c75b6bc1b6350804224acc2b5ffdde

                            SHA256

                            51ec519451afba85382db3e0651025d6fdfad23e77544d309c2a2ee6394d5bb5

                            SHA512

                            7bf2fd34e799ac195deaa47dad1d4d8f012bc8f2ca390ace51bce493a23c367ff62d65de283bffeab06ffc18b7c52ef952c965f6993f74d0f6ff762a5f30beb7

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4

                            Filesize

                            1KB

                            MD5

                            931848e1edc5f4b887ca2b2194320850

                            SHA1

                            9af8f6e5ef8120dd2562a23d81ea6bb42a04114b

                            SHA256

                            17a60cd01dbd9c6911bef83fc682df9211b8653f3f19c4aec3ec314b934c468f

                            SHA512

                            312a2bec10b2497c0312c1bf4b9023bfd831213d19a804f65fe2e310dea85d071e25f90ec57da94ecffd3623f1f5662a1e80f85513582081cabdb0287b7026b0

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4

                            Filesize

                            6KB

                            MD5

                            b491b7def149ad2700f87d57f63e3fb1

                            SHA1

                            9cbe87c1034683b1e78750ef89980739c71d94d6

                            SHA256

                            dc3810a1fa865810ef8a4204c076fdc09e85a6d0eb3295f9c582899559f72026

                            SHA512

                            b6bff23fe6c84b2240a0dd8faef3f74d1e12db7d3ffc7cf27668c00a2118c2eb601aff3be5b9c2412c3d6ca0b43ac95f2e4fd4400accf3cebab0d86c45de64ca

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4

                            Filesize

                            4KB

                            MD5

                            b7ca17465470eee0302fb57aca73bb0d

                            SHA1

                            42539a64c56d2d6121bee5bb324a029f4101b4ee

                            SHA256

                            304f567ac9ac4327c0a7319b3c3df88414d7f0430fab11216243161cf28e8853

                            SHA512

                            6ffb77bac734ce0d0505adea77af3a2efb2c6fd053c29df27e5e8212261adfb1c5d58e7f888b61fe4b4ea525d101e035be4a327f58a99ada5f7d64a9f27d18d8

                          • C:\Users\Admin\Downloads\77bt0U4K.zip.part

                            Filesize

                            5KB

                            MD5

                            ec4664390448337d71769194af639955

                            SHA1

                            4d8a4f28ec06e40cd2fd8b640e5dc0c11a49bc49

                            SHA256

                            b86ea670802afdf90e83214e6c8867d52729771cf1a71520c6470ebe2d1976ae

                            SHA512

                            f883472bd94a4ebdc89d10e30ce9bc3411f5f13cb6f35dab959574342e6bdeff7de0c7bc3a7c9887310bdbbd6aab534a831f7773804a37c840b165755b4612b1