Analysis

  • max time kernel
    100s
  • max time network
    122s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    28/03/2025, 19:55

General

  • Target

    update.exe

  • Size

    1.1MB

  • MD5

    a3d80c3aed0dbd2e23be4b388977618a

  • SHA1

    14ea859bcca76a3ae04f5fde8b0d1dcfb4dc4592

  • SHA256

    bdf029830c1486c2aab8224efe162dc64f9c1e77940033e26fcdbf68a958f0b2

  • SHA512

    3f1e99d3599b83652fdf3c8a109df7cf23807206e4fbd9e15bbe41e01e96fe0e808b667f95afba4ce9a0ed6d117f41df58cc7419a60d9062e0e2c6216a432a4a

  • SSDEEP

    12288:u+78guA7BSXlY7CvfHVgYRur7LHADkNGcqv9R/lQ46qP1wAmorhHc5u1jSZcRfQw:FKFsMoLq9wY/j7RfbXwLI95aDtS

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://targett.top/dsANGt

https://usesccapewz.run/ANSbwqy

https://5travewlio.shop/ZNxbHi

https://touvrlane.bet/ASKwjq

https://sighbtseeing.shop/ASJnzh

https://advennture.top/GKsiio

https://holidamyup.today/AOzkns

https://triplooqp.world/APowko

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Downloads MZ/PE file 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 22 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 20 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\update.exe
    "C:\Users\Admin\AppData\Local\Temp\update.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:6100
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:5740
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3176
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Downloads MZ/PE file
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4756
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2008 -prefsLen 27101 -prefMapHandle 2012 -prefMapSize 270279 -ipcHandle 2088 -initialChannelId {0759827f-5429-44de-a309-d356cefb082a} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
        3⤵
          PID:5404
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2468 -prefsLen 27137 -prefMapHandle 2472 -prefMapSize 270279 -ipcHandle 2480 -initialChannelId {6f16928d-6623-411c-822b-36d62062e19c} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
          3⤵
            PID:3608
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3804 -prefsLen 27277 -prefMapHandle 3808 -prefMapSize 270279 -jsInitHandle 3812 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3820 -initialChannelId {a5c0cc07-72d6-4a5f-98aa-cf00506da882} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
            3⤵
            • Checks processor information in registry
            PID:2216
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4000 -prefsLen 27277 -prefMapHandle 4004 -prefMapSize 270279 -ipcHandle 4084 -initialChannelId {2f1e1feb-9277-4be1-8cd7-9059691ae800} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
            3⤵
              PID:1012
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2964 -prefsLen 34776 -prefMapHandle 3232 -prefMapSize 270279 -jsInitHandle 3236 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3196 -initialChannelId {90253170-2abf-466c-833c-008febeabb07} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
              3⤵
              • Checks processor information in registry
              PID:4376
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5028 -prefsLen 35013 -prefMapHandle 5032 -prefMapSize 270279 -ipcHandle 5040 -initialChannelId {6d28e43a-0559-4f83-a383-4c1798dffc22} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
              3⤵
              • Checks processor information in registry
              PID:5364
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5292 -prefsLen 32952 -prefMapHandle 5296 -prefMapSize 270279 -jsInitHandle 5300 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5308 -initialChannelId {f42833a3-7ffd-4194-a38f-774b91ebd8ee} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
              3⤵
              • Checks processor information in registry
              PID:4320
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5504 -prefsLen 32952 -prefMapHandle 5508 -prefMapSize 270279 -jsInitHandle 5512 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5516 -initialChannelId {f51c08e6-632f-4460-a596-edd79bc42481} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
              3⤵
              • Checks processor information in registry
              PID:2172
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5688 -prefsLen 32952 -prefMapHandle 5692 -prefMapSize 270279 -jsInitHandle 5696 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5704 -initialChannelId {4a8a92b7-4471-463f-bf6c-62fe96f7e7df} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
              3⤵
              • Checks processor information in registry
              PID:2788
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6380 -prefsLen 33071 -prefMapHandle 6384 -prefMapSize 270279 -jsInitHandle 6388 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6396 -initialChannelId {bdfa0de1-5a3f-43ce-b450-0fdaa0bedfc7} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
              3⤵
              • Checks processor information in registry
              PID:5172
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4408 -prefsLen 33071 -prefMapHandle 6192 -prefMapSize 270279 -jsInitHandle 6208 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6468 -initialChannelId {d6848ce5-85f0-42a3-8cc5-e0f3a26d8c5d} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
              3⤵
              • Checks processor information in registry
              PID:4012
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
          1⤵
            PID:1800

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h550saij.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

            Filesize

            13KB

            MD5

            15691d3aad41a63383e392ed8e39c6f5

            SHA1

            a387e7881bbad0eb2790a31b235f358bda431eb7

            SHA256

            000a79525e4defdfa72fc9c068d8104c81124e43552d02fc84522a09fecf0cb2

            SHA512

            0ce1cc78ce6cfdb80ad1f4bfe781f6293f79d1372d6ae37b7e5fda0bc7bd0f741af2b2ccb96f5470d155e38ed4c44e593397f8359e6616e8a867a09a7c18d55a

          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h550saij.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD

            Filesize

            13KB

            MD5

            9e4c49599f4fa9fb116b0270c3b2d58b

            SHA1

            b5abd2b777a9657cd1349a4d41c391dd96a65dcd

            SHA256

            638a6e924433673458e4ba78b97fa0a6617d50e5a3bb4c93bbe9e7b70c5b1567

            SHA512

            bcca809ef7f748a15dbeacb74f632a73797f016a4126e2e454921cf544d33ca316acc440bcc5583a005062a8f02427f828e7b094ae8df8e034b3b2491209bf28

          • C:\Users\Admin\AppData\Local\Temp\tmpaddon

            Filesize

            11KB

            MD5

            25e8156b7f7ca8dad999ee2b93a32b71

            SHA1

            db587e9e9559b433cee57435cb97a83963659430

            SHA256

            ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

            SHA512

            1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

          • C:\Users\Admin\AppData\Local\Temp\tmpaddon

            Filesize

            502KB

            MD5

            e690f995973164fe425f76589b1be2d9

            SHA1

            e947c4dad203aab37a003194dddc7980c74fa712

            SHA256

            87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

            SHA512

            77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

          • C:\Users\Admin\AppData\Local\Temp\tmpaddon

            Filesize

            14.0MB

            MD5

            bcceccab13375513a6e8ab48e7b63496

            SHA1

            63d8a68cf562424d3fc3be1297d83f8247e24142

            SHA256

            a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

            SHA512

            d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\AlternateServices.bin

            Filesize

            8KB

            MD5

            c0d301020cc8174a642dddeaef0a1704

            SHA1

            e944bf107650962a26b762423488faa88227a2b2

            SHA256

            430a903ff6565dbaa3217598c23c22e85949f628878b629a79fc5691e9e03d02

            SHA512

            1a2f2340758f9abcb0947b6fa73f1c9c939503a076927b2d646f65357702e92858ae8de1eb548e40c854d633afa40fdcb0e7b6a2408c5609d0e25565c7852979

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\db\data.safe.tmp

            Filesize

            6KB

            MD5

            3abae33e464fe9b6d1c6f138b93891da

            SHA1

            d5646de37069602f047d44d1401fb5a96e38ee9a

            SHA256

            8eca25385fd7ceb519ff7925278d3590db792e27d30991a252f7c43614e6e688

            SHA512

            fe91242d25fa8a6e5377793d10ccbd4860f60e43f61d2612656c3a1494cd55972c6adc322748ddb2cf8d54735e94298d59b2b50da8436229458d671478125cab

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\db\data.safe.tmp

            Filesize

            3KB

            MD5

            ee52b659ca92462dbcfa508edf5e4d2b

            SHA1

            c553d66ccc93cce2f1f6134c786b16073eaeb7e3

            SHA256

            1b1c87817922aa6878698814d6e1b2914fd3e04cc291ba237da7c76b36733e2b

            SHA512

            02a20d92a071b03ab52a6b13ee300dcac6e15c7cd4cb231f286ac96f54256d0486cbc41074e66daba4986ada0d661ecb479791653816f4041880b211f0db202e

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\events\events

            Filesize

            1KB

            MD5

            a341da9d5f920934abd74b44ff77c010

            SHA1

            90e3e95b21fc98030fa4038f85a869d4a186990c

            SHA256

            88a2616eca18de4d4a57dfda52bf15be488d5c99d728a58919e45b82b977ec5f

            SHA512

            3441be917529eac0d3910df94fd59d52896af5bf8070febfd35ad91b79258e3b84dd7f2e4db07d2aa090b6de4cbadc298ba71e43b651ee5f04d91ab2ef043907

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\events\events

            Filesize

            4KB

            MD5

            ea6dc0c51d2efd7c6a4b0b28ccf3659a

            SHA1

            677cafc14d763943ff311e2317fb2f33aec2282e

            SHA256

            a617d1486d32e5830d0ecfc40e4d9efc55e4ff94e1cce0b38b199df526c4935d

            SHA512

            55cb3e70aba3cf235d59083f880e216f1fb55665c55a97ce40b93a3496ba1d9fac3e3ad3ff5db5f54cc640e60de43492879a288a129900e30b509419e9c99267

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\3f419930-89de-44e1-910b-4204d528bb86

            Filesize

            235B

            MD5

            c0f264e50271d412fe32c45f0365bff9

            SHA1

            172138bb17c0c917137817adcccf8841707d9b7c

            SHA256

            f58a4e332f9a2157ab2a3722ba127546e1393af240deb87ff0c7c86c50b82384

            SHA512

            8df94fc5d82f14aa7b336d161bb08afb304a9d00509ff24aa797eec7604753c589049430041e43cfec6160984515f472a312ac7e803c712734e6b1f6dd4bda9b

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\55031e43-ada1-4b1c-8d71-28ea53a2773a

            Filesize

            15KB

            MD5

            c2f1c0ce0441fcf6cb7cf96a3acb9480

            SHA1

            b2150cddbd64d4e5c3fd0be89f28b582a16e65ab

            SHA256

            dafd680192a2bd7c752085660a162165f7d0de98d4c431b232be5978f73ff524

            SHA512

            72e87f87c7d911d42d946a03aef6685e4c65140c06869e8b03ab714717717eb5add1396004be9157772e15c23545de7644c9d78c28f02e064f11888a3ae810ba

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\7b2d7780-9f62-4d1e-9324-c007265faa9e

            Filesize

            2KB

            MD5

            91d26fd9302bb809e6061c48c14381b7

            SHA1

            585ef3d9b796dbb35286d05b181cfcfbabb8dc8a

            SHA256

            07f0a9d1354a3259e903f39488a60c1577a1dd609f0bb9232caa4ea76a9f1734

            SHA512

            9f3d506418e699e84f2d025001dd7c2c0bd041922c418fd315324314d6c2a86605d9de3514360537efc458a3e86c71d16d7256b2c2179e7189cb970ac65ffbbf

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\a84b6b78-4cb2-484c-8009-663f382fda39

            Filesize

            883B

            MD5

            7d37278ad859034d63997fa9a6487b49

            SHA1

            0d4290af06e652e9214f4477cd11e5397b258942

            SHA256

            39c00db8e0d458d60bab7cec3b9b2260d0e73dc625cefb538ba64119f9818802

            SHA512

            1157413570f445c20cc95940f2e7e65d7a22d10ade5d3cc42076f09a78bceb9c4419453b83e5a5e01b4d58a927b1c466812034b5571ceaf04be4dba744209cd4

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\a90c84fb-74c1-44eb-8ab6-e0ebdac2817a

            Filesize

            886B

            MD5

            db301f8cf3ad0c3b05980538901db6af

            SHA1

            ab064c1f4912939f61caf32ba7cd365603576dc0

            SHA256

            b8860e3a876973b64614f45b367a2efa3b98c9744b250eb95694bd444998f793

            SHA512

            912dffea94d6d3e64def1220333fb14048d83b3826131130d7c158371dc370c38edaa892b86a7a743adf7c579c947b073afc1be4de4297be763405a0166dfd85

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\f1a8bd37-68e2-4d64-960c-744628f5e56f

            Filesize

            235B

            MD5

            f4fd2e2385325f978e6af41aa17c7738

            SHA1

            fb56dd0a3888088176cda80d07421aef1367678b

            SHA256

            67da86948912b99c1f40175dbfaced1a40ad1d479f56b6b8540aaa6c9d084826

            SHA512

            772f7cb764c9f4d2cbb839ecaacff28243d5849f4f0ba686b5dbf2fb04caacb10f4bf30f2739a1aa791b15581a9c83c25dc99035cb19d334a0eab2867a5aa154

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\extensions.json

            Filesize

            16KB

            MD5

            c31f181449765e010ce6b49c3fc970d9

            SHA1

            94a5d4462d36454d5b1e1a0ec115e07c6f057bb9

            SHA256

            da8454d4faffc24a56124882a82983cfbb860899b97eb279397d51da601c4179

            SHA512

            f1ef39f634a8e5dcfeda7c884801b658d21a26910191fadd56edad9586d9bd671480901d3a21b2aff8ecddb2216e4cf7baef7ac1fb828f2d6667feae4b85d239

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

            Filesize

            1.1MB

            MD5

            626073e8dcf656ac4130e3283c51cbba

            SHA1

            7e3197e5792e34a67bfef9727ce1dd7dc151284c

            SHA256

            37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

            SHA512

            eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

            Filesize

            116B

            MD5

            ae29912407dfadf0d683982d4fb57293

            SHA1

            0542053f5a6ce07dc206f69230109be4a5e25775

            SHA256

            fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

            SHA512

            6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

            Filesize

            1001B

            MD5

            32aeacedce82bafbcba8d1ade9e88d5a

            SHA1

            a9b4858d2ae0b6595705634fd024f7e076426a24

            SHA256

            4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

            SHA512

            67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

            Filesize

            18.5MB

            MD5

            1b32d1ec35a7ead1671efc0782b7edf0

            SHA1

            8e3274b9f2938ff2252ed74779dd6322c601a0c8

            SHA256

            3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

            SHA512

            ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\prefs-1.js

            Filesize

            8KB

            MD5

            c8eeb6d8d124dd579b45c9e2c9413c66

            SHA1

            f80d9262e17c194a82f8610f1bfb26121bdb0ad0

            SHA256

            49c1c8c5ca56fa14b7e872f3865da0f93417ae1451094a56d0d801b574451dc4

            SHA512

            f44eeb011469ebe3213584c2ccf5a9966bd8bd478e5b2fc34f01d043f2b2f1ccb338b261a5228963b63e9f9d48414e619f9da85f5bc2ef62d658f4b4a151cf5e

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\prefs.js

            Filesize

            6KB

            MD5

            faa4fca8163656557f37fe09232f4126

            SHA1

            e25b797e5cb6b369a040c8c5751d385f17ca5b93

            SHA256

            8e6b94a551ded75982d68fcfc72f3e380ada48212910c4b32358c23fd93ed205

            SHA512

            9a3f8039b8809c5273f79878c325caeaf8d8e1e30a6c7fcc1fcd4e36e1e1667db3b887bc20b20315ef63093517313f984d52a2305ad4c77988c3045973336b70

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\prefs.js

            Filesize

            6KB

            MD5

            6679a4cf25399ce2b5799b0a7e2d92aa

            SHA1

            cb6beecad11ec9d50f045de08aecadcba2215f30

            SHA256

            71bb1a42d12daa9355faebcb4d7ee920aa609ec5add035ca3c9e83bb74df1b76

            SHA512

            09f3afe2cfebadfd22a5c4457aa36d0cb2e5fbf37cf9f8a4597870f5c390eff3fd310c9014f2e270ef1c2b4b589e1ca6df9112ebf6cf5c5e87e652e848a2df3c

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\prefs.js

            Filesize

            6KB

            MD5

            0c97ac5311672ac560c4462da31406fe

            SHA1

            0eb4ca829b0a345ded9cb12ddfe813d0e2e7e50d

            SHA256

            a0837590436f5232c595e5301b27b4bceadcbe015d73dd211a7ea85e96455707

            SHA512

            eda15d1a4b640424ea503c736e63c8997a0e59a2b555a6a0e39f823fbc05933a3c28d66d7572d11d8f1804d4f698cc1b07cfd31f90fa8364509025f39ab8cead

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\sessionstore-backups\recovery.baklz4

            Filesize

            1KB

            MD5

            a69730d953b2965498b6a2d44216cfc0

            SHA1

            a6fe37863baaf037b50dbb0d280705e87b42c800

            SHA256

            354cbe9d41e9933dd6b2f725733406bdc7ec20a04ef88bf7d536ad654b401a87

            SHA512

            8c14afcbaed0e85cd77cccbe65eb32a3d3cf2b0adfba0ecbd1b1e75fa96113db0669758993a1912eaded94345722c78551eb5d9ae26643fd2896e588b92e8d29

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\sessionstore-backups\recovery.baklz4

            Filesize

            7KB

            MD5

            d074cb6992efcb5656d0010ccda3b81b

            SHA1

            571208b96fac83c3e00c33c594c860d66496d8bb

            SHA256

            5ff740f37431799c15de843d623064b6c23f07103c1e89f3a57f43ee0669ad93

            SHA512

            0c2b4ed0f55363af0da06c357c0056e1ffd2386cc8654483648c5111e4cf27fc0549fce9295cb98e1feec4151d9edbe9dd1439bf3b338a861754bdc79a946973

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

            Filesize

            1.9MB

            MD5

            adff013685375f0e8c2c78b535ab0c10

            SHA1

            98995131b145ba783bbe203cbcaf9669b34bacad

            SHA256

            b25ee99c40f83a397e6a91d7d9504403cc55e30591425468509871d28947f8e9

            SHA512

            81df19fbaa80c8358b1beade9c2427224211f98d3171bb2ac9cf6bb2b484c1ce974c0eb3cd74100ac34219d61e34be8f6f161b0bfcab962f86f2b00896d52dea

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

            Filesize

            3.5MB

            MD5

            957131458f7ffb2345e80e4e2a549074

            SHA1

            6ed4ca36cdf2ed98678f16e2a9d9397d32af9a85

            SHA256

            6aa9dd09c2503ee755962028e56a5e733600a5f0a0232ee21d64458866506d01

            SHA512

            dfee69385abff9d39756ded9ce8b9326a9d4cbfd7d712bda339bd4a8c2a0e56993359ff128a7ecab4ffe2c9e18e19698c26eb8706798456ff0d4bf139f7fa187

          • memory/5740-4-0x0000000000400000-0x0000000000463000-memory.dmp

            Filesize

            396KB

          • memory/5740-2-0x0000000000400000-0x0000000000463000-memory.dmp

            Filesize

            396KB

          • memory/5740-3-0x0000000000400000-0x0000000000463000-memory.dmp

            Filesize

            396KB

          • memory/5740-0-0x0000000000400000-0x0000000000463000-memory.dmp

            Filesize

            396KB