Analysis
-
max time kernel
100s -
max time network
122s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system -
submitted
28/03/2025, 19:55
Behavioral task
behavioral1
Sample
update.exe
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral2
Sample
update2.exe
Resource
win10ltsc2021-20250314-en
General
-
Target
update.exe
-
Size
1.1MB
-
MD5
a3d80c3aed0dbd2e23be4b388977618a
-
SHA1
14ea859bcca76a3ae04f5fde8b0d1dcfb4dc4592
-
SHA256
bdf029830c1486c2aab8224efe162dc64f9c1e77940033e26fcdbf68a958f0b2
-
SHA512
3f1e99d3599b83652fdf3c8a109df7cf23807206e4fbd9e15bbe41e01e96fe0e808b667f95afba4ce9a0ed6d117f41df58cc7419a60d9062e0e2c6216a432a4a
-
SSDEEP
12288:u+78guA7BSXlY7CvfHVgYRur7LHADkNGcqv9R/lQ46qP1wAmorhHc5u1jSZcRfQw:FKFsMoLq9wY/j7RfbXwLI95aDtS
Malware Config
Extracted
lumma
https://targett.top/dsANGt
https://usesccapewz.run/ANSbwqy
https://5travewlio.shop/ZNxbHi
https://touvrlane.bet/ASKwjq
https://sighbtseeing.shop/ASJnzh
https://advennture.top/GKsiio
https://holidamyup.today/AOzkns
https://triplooqp.world/APowko
Signatures
-
Lumma family
-
Downloads MZ/PE file 1 IoCs
flow pid Process 169 4756 firefox.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 6100 set thread context of 5740 6100 update.exe 84 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MSBuild.exe -
Checks processor information in registry 2 TTPs 22 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2067557190-3677960511-2209622391-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5740 MSBuild.exe 5740 MSBuild.exe 5740 MSBuild.exe 5740 MSBuild.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 4756 firefox.exe Token: SeDebugPrivilege 4756 firefox.exe -
Suspicious use of FindShellTrayWindow 20 IoCs
pid Process 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe 4756 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 6100 wrote to memory of 5740 6100 update.exe 84 PID 6100 wrote to memory of 5740 6100 update.exe 84 PID 6100 wrote to memory of 5740 6100 update.exe 84 PID 6100 wrote to memory of 5740 6100 update.exe 84 PID 6100 wrote to memory of 5740 6100 update.exe 84 PID 6100 wrote to memory of 5740 6100 update.exe 84 PID 6100 wrote to memory of 5740 6100 update.exe 84 PID 6100 wrote to memory of 5740 6100 update.exe 84 PID 6100 wrote to memory of 5740 6100 update.exe 84 PID 3176 wrote to memory of 4756 3176 firefox.exe 92 PID 3176 wrote to memory of 4756 3176 firefox.exe 92 PID 3176 wrote to memory of 4756 3176 firefox.exe 92 PID 3176 wrote to memory of 4756 3176 firefox.exe 92 PID 3176 wrote to memory of 4756 3176 firefox.exe 92 PID 3176 wrote to memory of 4756 3176 firefox.exe 92 PID 3176 wrote to memory of 4756 3176 firefox.exe 92 PID 3176 wrote to memory of 4756 3176 firefox.exe 92 PID 3176 wrote to memory of 4756 3176 firefox.exe 92 PID 3176 wrote to memory of 4756 3176 firefox.exe 92 PID 3176 wrote to memory of 4756 3176 firefox.exe 92 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 PID 4756 wrote to memory of 5404 4756 firefox.exe 93 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\update.exe"C:\Users\Admin\AppData\Local\Temp\update.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:6100 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5740
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3176 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Downloads MZ/PE file
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4756 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2008 -prefsLen 27101 -prefMapHandle 2012 -prefMapSize 270279 -ipcHandle 2088 -initialChannelId {0759827f-5429-44de-a309-d356cefb082a} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu3⤵PID:5404
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2468 -prefsLen 27137 -prefMapHandle 2472 -prefMapSize 270279 -ipcHandle 2480 -initialChannelId {6f16928d-6623-411c-822b-36d62062e19c} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket3⤵PID:3608
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3804 -prefsLen 27277 -prefMapHandle 3808 -prefMapSize 270279 -jsInitHandle 3812 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3820 -initialChannelId {a5c0cc07-72d6-4a5f-98aa-cf00506da882} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab3⤵
- Checks processor information in registry
PID:2216
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4000 -prefsLen 27277 -prefMapHandle 4004 -prefMapSize 270279 -ipcHandle 4084 -initialChannelId {2f1e1feb-9277-4be1-8cd7-9059691ae800} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd3⤵PID:1012
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2964 -prefsLen 34776 -prefMapHandle 3232 -prefMapSize 270279 -jsInitHandle 3236 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3196 -initialChannelId {90253170-2abf-466c-833c-008febeabb07} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab3⤵
- Checks processor information in registry
PID:4376
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5028 -prefsLen 35013 -prefMapHandle 5032 -prefMapSize 270279 -ipcHandle 5040 -initialChannelId {6d28e43a-0559-4f83-a383-4c1798dffc22} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility3⤵
- Checks processor information in registry
PID:5364
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5292 -prefsLen 32952 -prefMapHandle 5296 -prefMapSize 270279 -jsInitHandle 5300 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5308 -initialChannelId {f42833a3-7ffd-4194-a38f-774b91ebd8ee} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab3⤵
- Checks processor information in registry
PID:4320
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5504 -prefsLen 32952 -prefMapHandle 5508 -prefMapSize 270279 -jsInitHandle 5512 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5516 -initialChannelId {f51c08e6-632f-4460-a596-edd79bc42481} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab3⤵
- Checks processor information in registry
PID:2172
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5688 -prefsLen 32952 -prefMapHandle 5692 -prefMapSize 270279 -jsInitHandle 5696 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5704 -initialChannelId {4a8a92b7-4471-463f-bf6c-62fe96f7e7df} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab3⤵
- Checks processor information in registry
PID:2788
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6380 -prefsLen 33071 -prefMapHandle 6384 -prefMapSize 270279 -jsInitHandle 6388 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6396 -initialChannelId {bdfa0de1-5a3f-43ce-b450-0fdaa0bedfc7} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab3⤵
- Checks processor information in registry
PID:5172
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4408 -prefsLen 33071 -prefMapHandle 6192 -prefMapSize 270279 -jsInitHandle 6208 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6468 -initialChannelId {d6848ce5-85f0-42a3-8cc5-e0f3a26d8c5d} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab3⤵
- Checks processor information in registry
PID:4012
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵PID:1800
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h550saij.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9
Filesize13KB
MD515691d3aad41a63383e392ed8e39c6f5
SHA1a387e7881bbad0eb2790a31b235f358bda431eb7
SHA256000a79525e4defdfa72fc9c068d8104c81124e43552d02fc84522a09fecf0cb2
SHA5120ce1cc78ce6cfdb80ad1f4bfe781f6293f79d1372d6ae37b7e5fda0bc7bd0f741af2b2ccb96f5470d155e38ed4c44e593397f8359e6616e8a867a09a7c18d55a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h550saij.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD
Filesize13KB
MD59e4c49599f4fa9fb116b0270c3b2d58b
SHA1b5abd2b777a9657cd1349a4d41c391dd96a65dcd
SHA256638a6e924433673458e4ba78b97fa0a6617d50e5a3bb4c93bbe9e7b70c5b1567
SHA512bcca809ef7f748a15dbeacb74f632a73797f016a4126e2e454921cf544d33ca316acc440bcc5583a005062a8f02427f828e7b094ae8df8e034b3b2491209bf28
-
Filesize
11KB
MD525e8156b7f7ca8dad999ee2b93a32b71
SHA1db587e9e9559b433cee57435cb97a83963659430
SHA256ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986
SHA5121211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56
-
Filesize
502KB
MD5e690f995973164fe425f76589b1be2d9
SHA1e947c4dad203aab37a003194dddc7980c74fa712
SHA25687862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171
SHA51277991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2
-
Filesize
14.0MB
MD5bcceccab13375513a6e8ab48e7b63496
SHA163d8a68cf562424d3fc3be1297d83f8247e24142
SHA256a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9
SHA512d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\AlternateServices.bin
Filesize8KB
MD5c0d301020cc8174a642dddeaef0a1704
SHA1e944bf107650962a26b762423488faa88227a2b2
SHA256430a903ff6565dbaa3217598c23c22e85949f628878b629a79fc5691e9e03d02
SHA5121a2f2340758f9abcb0947b6fa73f1c9c939503a076927b2d646f65357702e92858ae8de1eb548e40c854d633afa40fdcb0e7b6a2408c5609d0e25565c7852979
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD53abae33e464fe9b6d1c6f138b93891da
SHA1d5646de37069602f047d44d1401fb5a96e38ee9a
SHA2568eca25385fd7ceb519ff7925278d3590db792e27d30991a252f7c43614e6e688
SHA512fe91242d25fa8a6e5377793d10ccbd4860f60e43f61d2612656c3a1494cd55972c6adc322748ddb2cf8d54735e94298d59b2b50da8436229458d671478125cab
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\db\data.safe.tmp
Filesize3KB
MD5ee52b659ca92462dbcfa508edf5e4d2b
SHA1c553d66ccc93cce2f1f6134c786b16073eaeb7e3
SHA2561b1c87817922aa6878698814d6e1b2914fd3e04cc291ba237da7c76b36733e2b
SHA51202a20d92a071b03ab52a6b13ee300dcac6e15c7cd4cb231f286ac96f54256d0486cbc41074e66daba4986ada0d661ecb479791653816f4041880b211f0db202e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\events\events
Filesize1KB
MD5a341da9d5f920934abd74b44ff77c010
SHA190e3e95b21fc98030fa4038f85a869d4a186990c
SHA25688a2616eca18de4d4a57dfda52bf15be488d5c99d728a58919e45b82b977ec5f
SHA5123441be917529eac0d3910df94fd59d52896af5bf8070febfd35ad91b79258e3b84dd7f2e4db07d2aa090b6de4cbadc298ba71e43b651ee5f04d91ab2ef043907
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\events\events
Filesize4KB
MD5ea6dc0c51d2efd7c6a4b0b28ccf3659a
SHA1677cafc14d763943ff311e2317fb2f33aec2282e
SHA256a617d1486d32e5830d0ecfc40e4d9efc55e4ff94e1cce0b38b199df526c4935d
SHA51255cb3e70aba3cf235d59083f880e216f1fb55665c55a97ce40b93a3496ba1d9fac3e3ad3ff5db5f54cc640e60de43492879a288a129900e30b509419e9c99267
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\3f419930-89de-44e1-910b-4204d528bb86
Filesize235B
MD5c0f264e50271d412fe32c45f0365bff9
SHA1172138bb17c0c917137817adcccf8841707d9b7c
SHA256f58a4e332f9a2157ab2a3722ba127546e1393af240deb87ff0c7c86c50b82384
SHA5128df94fc5d82f14aa7b336d161bb08afb304a9d00509ff24aa797eec7604753c589049430041e43cfec6160984515f472a312ac7e803c712734e6b1f6dd4bda9b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\55031e43-ada1-4b1c-8d71-28ea53a2773a
Filesize15KB
MD5c2f1c0ce0441fcf6cb7cf96a3acb9480
SHA1b2150cddbd64d4e5c3fd0be89f28b582a16e65ab
SHA256dafd680192a2bd7c752085660a162165f7d0de98d4c431b232be5978f73ff524
SHA51272e87f87c7d911d42d946a03aef6685e4c65140c06869e8b03ab714717717eb5add1396004be9157772e15c23545de7644c9d78c28f02e064f11888a3ae810ba
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\7b2d7780-9f62-4d1e-9324-c007265faa9e
Filesize2KB
MD591d26fd9302bb809e6061c48c14381b7
SHA1585ef3d9b796dbb35286d05b181cfcfbabb8dc8a
SHA25607f0a9d1354a3259e903f39488a60c1577a1dd609f0bb9232caa4ea76a9f1734
SHA5129f3d506418e699e84f2d025001dd7c2c0bd041922c418fd315324314d6c2a86605d9de3514360537efc458a3e86c71d16d7256b2c2179e7189cb970ac65ffbbf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\a84b6b78-4cb2-484c-8009-663f382fda39
Filesize883B
MD57d37278ad859034d63997fa9a6487b49
SHA10d4290af06e652e9214f4477cd11e5397b258942
SHA25639c00db8e0d458d60bab7cec3b9b2260d0e73dc625cefb538ba64119f9818802
SHA5121157413570f445c20cc95940f2e7e65d7a22d10ade5d3cc42076f09a78bceb9c4419453b83e5a5e01b4d58a927b1c466812034b5571ceaf04be4dba744209cd4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\a90c84fb-74c1-44eb-8ab6-e0ebdac2817a
Filesize886B
MD5db301f8cf3ad0c3b05980538901db6af
SHA1ab064c1f4912939f61caf32ba7cd365603576dc0
SHA256b8860e3a876973b64614f45b367a2efa3b98c9744b250eb95694bd444998f793
SHA512912dffea94d6d3e64def1220333fb14048d83b3826131130d7c158371dc370c38edaa892b86a7a743adf7c579c947b073afc1be4de4297be763405a0166dfd85
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\f1a8bd37-68e2-4d64-960c-744628f5e56f
Filesize235B
MD5f4fd2e2385325f978e6af41aa17c7738
SHA1fb56dd0a3888088176cda80d07421aef1367678b
SHA25667da86948912b99c1f40175dbfaced1a40ad1d479f56b6b8540aaa6c9d084826
SHA512772f7cb764c9f4d2cbb839ecaacff28243d5849f4f0ba686b5dbf2fb04caacb10f4bf30f2739a1aa791b15581a9c83c25dc99035cb19d334a0eab2867a5aa154
-
Filesize
16KB
MD5c31f181449765e010ce6b49c3fc970d9
SHA194a5d4462d36454d5b1e1a0ec115e07c6f057bb9
SHA256da8454d4faffc24a56124882a82983cfbb860899b97eb279397d51da601c4179
SHA512f1ef39f634a8e5dcfeda7c884801b658d21a26910191fadd56edad9586d9bd671480901d3a21b2aff8ecddb2216e4cf7baef7ac1fb828f2d6667feae4b85d239
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll
Filesize1.1MB
MD5626073e8dcf656ac4130e3283c51cbba
SHA17e3197e5792e34a67bfef9727ce1dd7dc151284c
SHA25637c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651
SHA512eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info
Filesize116B
MD5ae29912407dfadf0d683982d4fb57293
SHA10542053f5a6ce07dc206f69230109be4a5e25775
SHA256fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6
SHA5126f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json
Filesize1001B
MD532aeacedce82bafbcba8d1ade9e88d5a
SHA1a9b4858d2ae0b6595705634fd024f7e076426a24
SHA2564ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce
SHA51267dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll
Filesize18.5MB
MD51b32d1ec35a7ead1671efc0782b7edf0
SHA18e3274b9f2938ff2252ed74779dd6322c601a0c8
SHA2563ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648
SHA512ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499
-
Filesize
8KB
MD5c8eeb6d8d124dd579b45c9e2c9413c66
SHA1f80d9262e17c194a82f8610f1bfb26121bdb0ad0
SHA25649c1c8c5ca56fa14b7e872f3865da0f93417ae1451094a56d0d801b574451dc4
SHA512f44eeb011469ebe3213584c2ccf5a9966bd8bd478e5b2fc34f01d043f2b2f1ccb338b261a5228963b63e9f9d48414e619f9da85f5bc2ef62d658f4b4a151cf5e
-
Filesize
6KB
MD5faa4fca8163656557f37fe09232f4126
SHA1e25b797e5cb6b369a040c8c5751d385f17ca5b93
SHA2568e6b94a551ded75982d68fcfc72f3e380ada48212910c4b32358c23fd93ed205
SHA5129a3f8039b8809c5273f79878c325caeaf8d8e1e30a6c7fcc1fcd4e36e1e1667db3b887bc20b20315ef63093517313f984d52a2305ad4c77988c3045973336b70
-
Filesize
6KB
MD56679a4cf25399ce2b5799b0a7e2d92aa
SHA1cb6beecad11ec9d50f045de08aecadcba2215f30
SHA25671bb1a42d12daa9355faebcb4d7ee920aa609ec5add035ca3c9e83bb74df1b76
SHA51209f3afe2cfebadfd22a5c4457aa36d0cb2e5fbf37cf9f8a4597870f5c390eff3fd310c9014f2e270ef1c2b4b589e1ca6df9112ebf6cf5c5e87e652e848a2df3c
-
Filesize
6KB
MD50c97ac5311672ac560c4462da31406fe
SHA10eb4ca829b0a345ded9cb12ddfe813d0e2e7e50d
SHA256a0837590436f5232c595e5301b27b4bceadcbe015d73dd211a7ea85e96455707
SHA512eda15d1a4b640424ea503c736e63c8997a0e59a2b555a6a0e39f823fbc05933a3c28d66d7572d11d8f1804d4f698cc1b07cfd31f90fa8364509025f39ab8cead
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD5a69730d953b2965498b6a2d44216cfc0
SHA1a6fe37863baaf037b50dbb0d280705e87b42c800
SHA256354cbe9d41e9933dd6b2f725733406bdc7ec20a04ef88bf7d536ad654b401a87
SHA5128c14afcbaed0e85cd77cccbe65eb32a3d3cf2b0adfba0ecbd1b1e75fa96113db0669758993a1912eaded94345722c78551eb5d9ae26643fd2896e588b92e8d29
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\sessionstore-backups\recovery.baklz4
Filesize7KB
MD5d074cb6992efcb5656d0010ccda3b81b
SHA1571208b96fac83c3e00c33c594c860d66496d8bb
SHA2565ff740f37431799c15de843d623064b6c23f07103c1e89f3a57f43ee0669ad93
SHA5120c2b4ed0f55363af0da06c357c0056e1ffd2386cc8654483648c5111e4cf27fc0549fce9295cb98e1feec4151d9edbe9dd1439bf3b338a861754bdc79a946973
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize1.9MB
MD5adff013685375f0e8c2c78b535ab0c10
SHA198995131b145ba783bbe203cbcaf9669b34bacad
SHA256b25ee99c40f83a397e6a91d7d9504403cc55e30591425468509871d28947f8e9
SHA51281df19fbaa80c8358b1beade9c2427224211f98d3171bb2ac9cf6bb2b484c1ce974c0eb3cd74100ac34219d61e34be8f6f161b0bfcab962f86f2b00896d52dea
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize3.5MB
MD5957131458f7ffb2345e80e4e2a549074
SHA16ed4ca36cdf2ed98678f16e2a9d9397d32af9a85
SHA2566aa9dd09c2503ee755962028e56a5e733600a5f0a0232ee21d64458866506d01
SHA512dfee69385abff9d39756ded9ce8b9326a9d4cbfd7d712bda339bd4a8c2a0e56993359ff128a7ecab4ffe2c9e18e19698c26eb8706798456ff0d4bf139f7fa187