Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
03/02/2025, 04:32
250203-e6ebbszpfx 503/02/2025, 04:32
250203-e5383aslam 303/02/2025, 04:28
250203-e32bpaskeq 3Analysis
-
max time kernel
84s -
max time network
86s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250128-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
03/02/2025, 04:32
Static task
static1
Behavioral task
behavioral1
Sample
Nezur_External.zip
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral2
Sample
Nezur.exe
Resource
win10ltsc2021-20250128-en
General
-
Target
Nezur_External.zip
-
Size
6.0MB
-
MD5
66a4279526448b5732710b454881ce72
-
SHA1
0f4839b749475d58486ab7056837d6e240d26060
-
SHA256
da3e8288c6a92b776a56fdd71b436ff8621c9cc7967b64a425425044833c8d6c
-
SHA512
29ad72935de08a40bbd77b23dd19a4930f8f3e42d6f04928f267fd6367a710e07873cd1966b525575882128c98bebc72d6dcc38445df9a245409a1a9bd9faf6f
-
SSDEEP
98304:kwTxEiF/Ai+9pHom5LEFzBc3PsCACVy8siIHDEP2FBWY2tQHvoYlbg3cd+yeV5Ah:1E8Ii+7Ho2EFUsCLtTIwPtCAObgEeTAh
Malware Config
Signatures
-
flow pid Process 152 3920 firefox.exe -
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-950679536-2019665560-1662069516-1000_Classes\Local Settings firefox.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\Downloads\Nezur-Executor-2024-main.zip:Zone.Identifier firefox.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeDebugPrivilege 3920 firefox.exe Token: SeDebugPrivilege 3920 firefox.exe Token: SeDebugPrivilege 3920 firefox.exe Token: SeRestorePrivilege 5896 7zG.exe Token: 35 5896 7zG.exe Token: SeSecurityPrivilege 5896 7zG.exe Token: SeSecurityPrivilege 5896 7zG.exe -
Suspicious use of FindShellTrayWindow 48 IoCs
pid Process 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 5896 7zG.exe -
Suspicious use of SendNotifyMessage 46 IoCs
pid Process 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe 3920 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2216 wrote to memory of 3920 2216 firefox.exe 89 PID 2216 wrote to memory of 3920 2216 firefox.exe 89 PID 2216 wrote to memory of 3920 2216 firefox.exe 89 PID 2216 wrote to memory of 3920 2216 firefox.exe 89 PID 2216 wrote to memory of 3920 2216 firefox.exe 89 PID 2216 wrote to memory of 3920 2216 firefox.exe 89 PID 2216 wrote to memory of 3920 2216 firefox.exe 89 PID 2216 wrote to memory of 3920 2216 firefox.exe 89 PID 2216 wrote to memory of 3920 2216 firefox.exe 89 PID 2216 wrote to memory of 3920 2216 firefox.exe 89 PID 2216 wrote to memory of 3920 2216 firefox.exe 89 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 3996 3920 firefox.exe 90 PID 3920 wrote to memory of 4056 3920 firefox.exe 91 PID 3920 wrote to memory of 4056 3920 firefox.exe 91 PID 3920 wrote to memory of 4056 3920 firefox.exe 91 PID 3920 wrote to memory of 4056 3920 firefox.exe 91 PID 3920 wrote to memory of 4056 3920 firefox.exe 91 PID 3920 wrote to memory of 4056 3920 firefox.exe 91 PID 3920 wrote to memory of 4056 3920 firefox.exe 91 PID 3920 wrote to memory of 4056 3920 firefox.exe 91 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Nezur_External.zip1⤵PID:4884
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4004
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Detected potential entity reuse from brand GOOGLE.
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3920 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 27175 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8e0a0d5-51b0-477f-8537-5b1e012d42b2} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" gpu3⤵PID:3996
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 27053 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a6aba8c-0fa6-4a40-abed-623fd921319e} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" socket3⤵
- Checks processor information in registry
PID:4056
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2956 -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3160 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3352b39e-1e3d-4095-be68-af8f8ba36195} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab3⤵PID:3576
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4068 -childID 2 -isForBrowser -prefsHandle 4060 -prefMapHandle 4056 -prefsLen 32427 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91417e12-2992-4875-85c3-f6fe1ad7d96a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab3⤵PID:1868
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4800 -prefMapHandle 4768 -prefsLen 32558 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c995d06-69ea-4010-aeb2-f9764e6b44ca} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" utility3⤵
- Checks processor information in registry
PID:5264
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 3 -isForBrowser -prefsHandle 3516 -prefMapHandle 3496 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {602f7f32-97a8-4182-b7cc-1430b99e67bb} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab3⤵PID:5980
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 4 -isForBrowser -prefsHandle 5612 -prefMapHandle 5608 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee1791fc-0d11-4908-99b0-75724046066a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab3⤵PID:6036
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 3496 -prefMapHandle 5816 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {098cbdee-39fc-4897-a2e5-77bc2e7a0915} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab3⤵PID:6100
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6192 -childID 6 -isForBrowser -prefsHandle 6184 -prefMapHandle 6180 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c6c6529-8bb2-453a-94e6-4396f1743d7a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab3⤵PID:2188
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4072 -childID 7 -isForBrowser -prefsHandle 4644 -prefMapHandle 4656 -prefsLen 27823 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce521162-b8fe-481d-98e5-2d86169a1da2} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab3⤵PID:6020
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4552 -childID 8 -isForBrowser -prefsHandle 5448 -prefMapHandle 5528 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe38f34b-5875-48e0-a719-bc158ca04add} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab3⤵PID:5312
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3076 -childID 9 -isForBrowser -prefsHandle 3012 -prefMapHandle 3280 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {907f1457-49cb-40c2-bab0-0c007b6be323} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab3⤵PID:3724
-
-
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Nezur-Executor-2024-main\" -spe -an -ai#7zMap32116:110:7zEvent154151⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5896
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oit9jcbf.default-release\activity-stream.discovery_stream.json.tmp
Filesize22KB
MD5e1220c1529a441fa19934f1b94f484d5
SHA1bd364e1168efdfb428f7f59693cae0d8edfeea2a
SHA256cee5137f622cc908e015005ac152fd04a267aae871da5a5b461a7c55fce3b42b
SHA512ae3520f31513beeeb366c724bf6978a790b275d79a583021e7822430e7232a2475933c24c5b2b115ca512ffe17299c79520f2fcb650683de2e15436343b0172c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oit9jcbf.default-release\cache2\entries\D947845403205EA7F2B4DF066D1698C80C704952
Filesize190KB
MD55cbebcabae8bb21a3c282252456b7104
SHA1b2269fe337a77bdb527ba07df848070d6c4e5cec
SHA256a0a03f626f86652250c9785ecd3ef9b6663ac17169109dac37fcdaa501316874
SHA512724d8ca5950e394cb9667e9f26b85130badd57fec238de5aec4d0a18d9972e957d4adcdacd1d3b4ec334b68e355fda9e86974f4854dab06c0be713da0f684d64
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\AlternateServices.bin
Filesize8KB
MD542f79599c36913f10b304641cb101ffd
SHA123d46402f0de1d56929109e700d7c190b329e5cb
SHA25666dd0aa95a97ce0c7431e6472f6766e6d27b0c5db74832a283aec83426ebbe6d
SHA512f28afc788f3b2c6c24007a7a797c9c24521d1fd45e07ab8842d47519dc9d90a67e1eaca467e545cb1cd420dd5d921193e1f42e715b82233090edfe03559caef7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\AlternateServices.bin
Filesize12KB
MD5f459b009d2a97da43f3664f945df9913
SHA1f06f99bc6d68fcb3d59cd966decda58e27820049
SHA2563dcc6cd8b1ffb7ecaff304734b736fe39e655ce45ba4678fbe97e8fbe9545cf2
SHA512d3bc9a72cad8f4e0703a051933fdb35d7e81ed6c646d4927e943aac61b562599d1d392174e7333ce1a3b57903a5042d1cfbe6d5539d49243ceca749020b3de1a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5fb40bc48d0431355f2ee4d6b55a5db41
SHA16a0673838aab99a5c93564b42ffe63f658f4e320
SHA2562c47239acdd87ca39e1c5a70f380f3996fe917f6047d0b819ed2f04a6660ca05
SHA5127248ba5c357e6fdca285de7b37498b5f3bc6c4045c224f9c9b80b6517b117eaf2d17c143138606cd635a3470a91d60f88fbd73c6b67d8f3923d049f9f30f8b9e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD59304ae6fd0a669fdac165e65236cdd46
SHA15ca1260868124dd56a988a15c3fa01b600cff997
SHA256ca3aaca2ba9cf5b92a9d4696619acfd3c7e5ea8eb94aafb4d440768ed327b1d3
SHA51215a959427987ef5bda08e38fbe0a086e03d8c962f6c577538108cf9687244396ff0a3dcad019d7fe47972e4273799fde83c38bce733af386d96c986ede12054d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\db\data.safe.tmp
Filesize7KB
MD5ae1f41de21d418231ffea098bbd051d5
SHA11d5228c071267e331cb64f56c261bbef9c5b2727
SHA25601e74efa22368c680fbb80134d62ec1ee1a48d3975333a467b28bc97fd3a9a2f
SHA512c53b067a16da467c2e1b0b78cf7b295c14d66b2ad1e86c742f1dcf257fd51e67ac8f7fe9e6923662f7b2d06d5f758b6fb8b56d811fba8398931ceed3d66457dc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\096e1b30-9697-482c-8a53-5a47b49e9ce2
Filesize982B
MD512db0af0cdb8e288e448efe8c17faa23
SHA150d35170fd300874878135095e4237968844c71e
SHA25663aae523e05fa60e6b40ad6cc1535010d9cb50c3382d9091ada2c88592fdcbf9
SHA512aa0a175fa6013937cc36b28f190ec557ba2f855246b6248258afde513555701c2c755055bc9c13dd510636aac06a41921b521f553509040b334482f9df11ef48
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\097c7cb3-6f19-46b3-a345-268e228d3448
Filesize671B
MD500c470a64365d6e83811b33927c6c78b
SHA1b2a9a3df22b5013425b28cddd1b152876dee65ea
SHA256d2ee7832a40bdf9ba51d96c9611200f9e3704559656c0bb2cece8cedc90cdcb3
SHA5127ebe939e7c8b548039bd4ea1ea3b66204d2fa1b1ff1230fcd4e23489a65cc4e07303068ef986bd63fce81a762ec93264b0b3239a579a84c58deb36984475316d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\2f62478a-267d-4d75-ac4c-b9e09880ba09
Filesize18KB
MD57f57dc0aca51a327e7eb47fa51477457
SHA14c80cc255468f6571a8017a4495ec88f43903e08
SHA25641ec1f378c31c5d882e7a2b1aa5b88f03c1199e10bd64f16a468327d5942532e
SHA5126ec1cd06b56db19e5c5625f260c7ff82196f8b13a54831af472f4269f1258fa598a4bd98ed95391a441413d8e28707c3937994f10e1d895ce0458c63d8415bb5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\da7f955f-5951-420c-9017-3141ce2ae589
Filesize25KB
MD51dfb0c31fef22df42a171d9b2741e8a8
SHA1c7bd8ed101950a9b0d3fb82b885c4312c0f381b7
SHA256276d3b63c16116da081ba3a1d67daf13aa17c05089d1cd7b1029acdeb8e98d17
SHA51271a8f434f2a42a9cdda7aeeeec58a5f3eb9eeb7fba778de62de88909675bcb83bb624ba68990ccd4b4637dd95e57f4dd6547c2396883fbabd16e64d6601ad362
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD5bcaa31512128893991697ede8712751f
SHA1c955d426f1da2b32b755bac80edd013df45a993d
SHA25657c49ad412811af9450a930bb0182f2740a0e8c2682236bba5f5b02def433daf
SHA512fd8c4e21243b060a1cca672d4611e2c1bedd51b3ece9c1c879efb1caff4385f26e15089aa76c25b295bb84dea199ac1279b5e24a68f3890d5b43ca4f2d715cde
-
Filesize
11KB
MD56b431ad7338ca4765e9a75d7dae1243e
SHA1abda97c5467a0f5d85d05050eb5df0926dee75e9
SHA256b9ec3c98b386cab3d9418007889c32833f4bdb32d3ab13f6d4512a563cc0162c
SHA512d41a6fe2eb0269c5dce58bb668c6339921918d4d02348105689f6eda6e08d3dcf68fc7003087f3e6d75503f410da52cc9a2fc637f020152efc0c0c5eb77c7c26
-
Filesize
9KB
MD5f475241362814a5233d8b8740c6bd155
SHA1988538c82d396228ccda60cd345cfa520a7a1009
SHA256627fdd64908a449eebeccc343cfa8cc9abf9ac86093dbb242ec4afd06c376e76
SHA512ada38f487d97de472b4140cdeb914ee89fc5fde1cf336b45a0fa64549469b81de26ec2f504e03e5dead3855d9060f7209e40c7a99061c2d85837d5e5ed258ef0
-
Filesize
9KB
MD5cab9922a742f8aefb21d7c90eb42a59b
SHA103a4b3363716cf169d56513a7f045f40dc6e23a9
SHA256dbb987053b5bfe0aa08373d926237ccdcc4de0e9fa6c7cd42a567894aebb6a7d
SHA5121304ccc01489aef992d9c0c9e5b9f679335b475ba1124a83d08ab630e52c0b5833e58bfda6cc9f65ac4465203f60d098be3ac6de05aceb75d8b66cae04d5b334
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD5965ffbffdee8bf8629f522526bfa03cb
SHA1dc1b6539a5c75b6bc1b6350804224acc2b5ffdde
SHA25651ec519451afba85382db3e0651025d6fdfad23e77544d309c2a2ee6394d5bb5
SHA5127bf2fd34e799ac195deaa47dad1d4d8f012bc8f2ca390ace51bce493a23c367ff62d65de283bffeab06ffc18b7c52ef952c965f6993f74d0f6ff762a5f30beb7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD5931848e1edc5f4b887ca2b2194320850
SHA19af8f6e5ef8120dd2562a23d81ea6bb42a04114b
SHA25617a60cd01dbd9c6911bef83fc682df9211b8653f3f19c4aec3ec314b934c468f
SHA512312a2bec10b2497c0312c1bf4b9023bfd831213d19a804f65fe2e310dea85d071e25f90ec57da94ecffd3623f1f5662a1e80f85513582081cabdb0287b7026b0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4
Filesize6KB
MD5b491b7def149ad2700f87d57f63e3fb1
SHA19cbe87c1034683b1e78750ef89980739c71d94d6
SHA256dc3810a1fa865810ef8a4204c076fdc09e85a6d0eb3295f9c582899559f72026
SHA512b6bff23fe6c84b2240a0dd8faef3f74d1e12db7d3ffc7cf27668c00a2118c2eb601aff3be5b9c2412c3d6ca0b43ac95f2e4fd4400accf3cebab0d86c45de64ca
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD5b7ca17465470eee0302fb57aca73bb0d
SHA142539a64c56d2d6121bee5bb324a029f4101b4ee
SHA256304f567ac9ac4327c0a7319b3c3df88414d7f0430fab11216243161cf28e8853
SHA5126ffb77bac734ce0d0505adea77af3a2efb2c6fd053c29df27e5e8212261adfb1c5d58e7f888b61fe4b4ea525d101e035be4a327f58a99ada5f7d64a9f27d18d8
-
Filesize
5KB
MD5ec4664390448337d71769194af639955
SHA14d8a4f28ec06e40cd2fd8b640e5dc0c11a49bc49
SHA256b86ea670802afdf90e83214e6c8867d52729771cf1a71520c6470ebe2d1976ae
SHA512f883472bd94a4ebdc89d10e30ce9bc3411f5f13cb6f35dab959574342e6bdeff7de0c7bc3a7c9887310bdbbd6aab534a831f7773804a37c840b165755b4612b1