Analysis Overview
SHA256
2ff02020f85a89f6e7a2b04b2c283d260f372605ba46700b57976dfe3dc7126f
Threat Level: Known bad
The file devsur.zip was found to be: Known bad.
Malicious Activity Summary
Lumma family
Lumma Stealer, LummaC
Meshagent family
Detects MeshAgent payload
Downloads MZ/PE file
Suspicious use of SetThreadContext
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-28 19:55
Signatures
Detects MeshAgent payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Meshagent family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-03-28 19:55
Reported
2025-03-28 19:59
Platform
win10ltsc2021-20250314-en
Max time kernel
104s
Max time network
164s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| N/A | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| N/A | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| N/A | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4228 wrote to memory of 2284 | N/A | C:\Users\Admin\AppData\Local\Temp\update2.exe | C:\Windows\system32\wbem\wmic.exe |
| PID 4228 wrote to memory of 2284 | N/A | C:\Users\Admin\AppData\Local\Temp\update2.exe | C:\Windows\system32\wbem\wmic.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\update2.exe
"C:\Users\Admin\AppData\Local\Temp\update2.exe"
C:\Windows\system32\wbem\wmic.exe
wmic os get oslanguage /FORMAT:LIST
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.195:80 | c.pki.goog | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-28 19:55
Reported
2025-03-28 19:58
Platform
win10ltsc2021-20250314-en
Max time kernel
100s
Max time network
122s
Command Line
Signatures
Lumma Stealer, LummaC
Lumma family
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6100 set thread context of 5740 | N/A | C:\Users\Admin\AppData\Local\Temp\update.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2067557190-3677960511-2209622391-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\update.exe
"C:\Users\Admin\AppData\Local\Temp\update.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2008 -prefsLen 27101 -prefMapHandle 2012 -prefMapSize 270279 -ipcHandle 2088 -initialChannelId {0759827f-5429-44de-a309-d356cefb082a} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2468 -prefsLen 27137 -prefMapHandle 2472 -prefMapSize 270279 -ipcHandle 2480 -initialChannelId {6f16928d-6623-411c-822b-36d62062e19c} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3804 -prefsLen 27277 -prefMapHandle 3808 -prefMapSize 270279 -jsInitHandle 3812 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3820 -initialChannelId {a5c0cc07-72d6-4a5f-98aa-cf00506da882} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4000 -prefsLen 27277 -prefMapHandle 4004 -prefMapSize 270279 -ipcHandle 4084 -initialChannelId {2f1e1feb-9277-4be1-8cd7-9059691ae800} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2964 -prefsLen 34776 -prefMapHandle 3232 -prefMapSize 270279 -jsInitHandle 3236 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3196 -initialChannelId {90253170-2abf-466c-833c-008febeabb07} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5028 -prefsLen 35013 -prefMapHandle 5032 -prefMapSize 270279 -ipcHandle 5040 -initialChannelId {6d28e43a-0559-4f83-a383-4c1798dffc22} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5292 -prefsLen 32952 -prefMapHandle 5296 -prefMapSize 270279 -jsInitHandle 5300 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5308 -initialChannelId {f42833a3-7ffd-4194-a38f-774b91ebd8ee} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5504 -prefsLen 32952 -prefMapHandle 5508 -prefMapSize 270279 -jsInitHandle 5512 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5516 -initialChannelId {f51c08e6-632f-4460-a596-edd79bc42481} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5688 -prefsLen 32952 -prefMapHandle 5692 -prefMapSize 270279 -jsInitHandle 5696 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5704 -initialChannelId {4a8a92b7-4471-463f-bf6c-62fe96f7e7df} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6380 -prefsLen 33071 -prefMapHandle 6384 -prefMapSize 270279 -jsInitHandle 6388 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6396 -initialChannelId {bdfa0de1-5a3f-43ce-b450-0fdaa0bedfc7} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4408 -prefsLen 33071 -prefMapHandle 6192 -prefMapSize 270279 -jsInitHandle 6208 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6468 -initialChannelId {d6848ce5-85f0-42a3-8cc5-e0f3a26d8c5d} -parentPid 4756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | targett.top | udp |
| US | 172.67.183.183:443 | targett.top | tcp |
| US | 172.67.183.183:443 | targett.top | tcp |
| US | 172.67.183.183:443 | targett.top | tcp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.11.108.188:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:58893 | tcp | |
| N/A | 127.0.0.1:58904 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | merino.services.mozilla.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.110.138.217:443 | merino.services.mozilla.com | udp |
| US | 8.8.8.8:53 | merino.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | merino.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | prod.detectportal.prod.cloudops.mozgcp.net | udp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.detectportal.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 151.101.3.19:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.201.113:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| GB | 172.217.169.74:443 | ogads-pa.clients6.google.com | tcp |
| GB | 172.217.169.74:443 | ogads-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| GB | 172.217.169.74:443 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.201.113:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.204.78:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.204.78:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | www.wireshark.org | udp |
| US | 104.26.11.240:443 | www.wireshark.org | tcp |
| US | 8.8.8.8:53 | www.wireshark.org | udp |
| US | 8.8.8.8:53 | www.wireshark.org | udp |
| US | 104.26.11.240:443 | www.wireshark.org | udp |
| US | 8.8.8.8:53 | ticketing.wireshark.org | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.26.11.240:443 | ticketing.wireshark.org | tcp |
| US | 104.26.11.240:443 | ticketing.wireshark.org | tcp |
| US | 8.8.8.8:53 | ticketing.wireshark.org | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | ticketing.wireshark.org | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.26.11.240:443 | ticketing.wireshark.org | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 2.na.dl.wireshark.org | udp |
| US | 5.78.100.21:443 | 2.na.dl.wireshark.org | tcp |
| US | 8.8.8.8:53 | 2.na.dl.wireshark.org | udp |
| US | 8.8.8.8:53 | 2.na.dl.wireshark.org | udp |
| US | 5.78.100.21:443 | 2.na.dl.wireshark.org | tcp |
| US | 5.78.100.21:443 | 2.na.dl.wireshark.org | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | archive.mozilla.org | udp |
| US | 151.101.67.19:443 | archive.mozilla.org | tcp |
| US | 8.8.8.8:53 | mozilla-download.fastly-edge.com | udp |
| US | 34.104.35.123:443 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | mozilla-download.fastly-edge.com | udp |
| FR | 23.200.87.12:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.195:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| N/A | 239.255.255.250:3702 | udp | |
| N/A | 239.255.255.250:3702 | udp |
Files
memory/5740-0-0x0000000000400000-0x0000000000463000-memory.dmp
memory/5740-2-0x0000000000400000-0x0000000000463000-memory.dmp
memory/5740-3-0x0000000000400000-0x0000000000463000-memory.dmp
memory/5740-4-0x0000000000400000-0x0000000000463000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\55031e43-ada1-4b1c-8d71-28ea53a2773a
| MD5 | c2f1c0ce0441fcf6cb7cf96a3acb9480 |
| SHA1 | b2150cddbd64d4e5c3fd0be89f28b582a16e65ab |
| SHA256 | dafd680192a2bd7c752085660a162165f7d0de98d4c431b232be5978f73ff524 |
| SHA512 | 72e87f87c7d911d42d946a03aef6685e4c65140c06869e8b03ab714717717eb5add1396004be9157772e15c23545de7644c9d78c28f02e064f11888a3ae810ba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\a90c84fb-74c1-44eb-8ab6-e0ebdac2817a
| MD5 | db301f8cf3ad0c3b05980538901db6af |
| SHA1 | ab064c1f4912939f61caf32ba7cd365603576dc0 |
| SHA256 | b8860e3a876973b64614f45b367a2efa3b98c9744b250eb95694bd444998f793 |
| SHA512 | 912dffea94d6d3e64def1220333fb14048d83b3826131130d7c158371dc370c38edaa892b86a7a743adf7c579c947b073afc1be4de4297be763405a0166dfd85 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\events\events
| MD5 | a341da9d5f920934abd74b44ff77c010 |
| SHA1 | 90e3e95b21fc98030fa4038f85a869d4a186990c |
| SHA256 | 88a2616eca18de4d4a57dfda52bf15be488d5c99d728a58919e45b82b977ec5f |
| SHA512 | 3441be917529eac0d3910df94fd59d52896af5bf8070febfd35ad91b79258e3b84dd7f2e4db07d2aa090b6de4cbadc298ba71e43b651ee5f04d91ab2ef043907 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\3f419930-89de-44e1-910b-4204d528bb86
| MD5 | c0f264e50271d412fe32c45f0365bff9 |
| SHA1 | 172138bb17c0c917137817adcccf8841707d9b7c |
| SHA256 | f58a4e332f9a2157ab2a3722ba127546e1393af240deb87ff0c7c86c50b82384 |
| SHA512 | 8df94fc5d82f14aa7b336d161bb08afb304a9d00509ff24aa797eec7604753c589049430041e43cfec6160984515f472a312ac7e803c712734e6b1f6dd4bda9b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 3abae33e464fe9b6d1c6f138b93891da |
| SHA1 | d5646de37069602f047d44d1401fb5a96e38ee9a |
| SHA256 | 8eca25385fd7ceb519ff7925278d3590db792e27d30991a252f7c43614e6e688 |
| SHA512 | fe91242d25fa8a6e5377793d10ccbd4860f60e43f61d2612656c3a1494cd55972c6adc322748ddb2cf8d54735e94298d59b2b50da8436229458d671478125cab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\f1a8bd37-68e2-4d64-960c-744628f5e56f
| MD5 | f4fd2e2385325f978e6af41aa17c7738 |
| SHA1 | fb56dd0a3888088176cda80d07421aef1367678b |
| SHA256 | 67da86948912b99c1f40175dbfaced1a40ad1d479f56b6b8540aaa6c9d084826 |
| SHA512 | 772f7cb764c9f4d2cbb839ecaacff28243d5849f4f0ba686b5dbf2fb04caacb10f4bf30f2739a1aa791b15581a9c83c25dc99035cb19d334a0eab2867a5aa154 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\a84b6b78-4cb2-484c-8009-663f382fda39
| MD5 | 7d37278ad859034d63997fa9a6487b49 |
| SHA1 | 0d4290af06e652e9214f4477cd11e5397b258942 |
| SHA256 | 39c00db8e0d458d60bab7cec3b9b2260d0e73dc625cefb538ba64119f9818802 |
| SHA512 | 1157413570f445c20cc95940f2e7e65d7a22d10ade5d3cc42076f09a78bceb9c4419453b83e5a5e01b4d58a927b1c466812034b5571ceaf04be4dba744209cd4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\pending_pings\7b2d7780-9f62-4d1e-9324-c007265faa9e
| MD5 | 91d26fd9302bb809e6061c48c14381b7 |
| SHA1 | 585ef3d9b796dbb35286d05b181cfcfbabb8dc8a |
| SHA256 | 07f0a9d1354a3259e903f39488a60c1577a1dd609f0bb9232caa4ea76a9f1734 |
| SHA512 | 9f3d506418e699e84f2d025001dd7c2c0bd041922c418fd315324314d6c2a86605d9de3514360537efc458a3e86c71d16d7256b2c2179e7189cb970ac65ffbbf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ee52b659ca92462dbcfa508edf5e4d2b |
| SHA1 | c553d66ccc93cce2f1f6134c786b16073eaeb7e3 |
| SHA256 | 1b1c87817922aa6878698814d6e1b2914fd3e04cc291ba237da7c76b36733e2b |
| SHA512 | 02a20d92a071b03ab52a6b13ee300dcac6e15c7cd4cb231f286ac96f54256d0486cbc41074e66daba4986ada0d661ecb479791653816f4041880b211f0db202e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\prefs.js
| MD5 | faa4fca8163656557f37fe09232f4126 |
| SHA1 | e25b797e5cb6b369a040c8c5751d385f17ca5b93 |
| SHA256 | 8e6b94a551ded75982d68fcfc72f3e380ada48212910c4b32358c23fd93ed205 |
| SHA512 | 9a3f8039b8809c5273f79878c325caeaf8d8e1e30a6c7fcc1fcd4e36e1e1667db3b887bc20b20315ef63093517313f984d52a2305ad4c77988c3045973336b70 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\prefs.js
| MD5 | 0c97ac5311672ac560c4462da31406fe |
| SHA1 | 0eb4ca829b0a345ded9cb12ddfe813d0e2e7e50d |
| SHA256 | a0837590436f5232c595e5301b27b4bceadcbe015d73dd211a7ea85e96455707 |
| SHA512 | eda15d1a4b640424ea503c736e63c8997a0e59a2b555a6a0e39f823fbc05933a3c28d66d7572d11d8f1804d4f698cc1b07cfd31f90fa8364509025f39ab8cead |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | adff013685375f0e8c2c78b535ab0c10 |
| SHA1 | 98995131b145ba783bbe203cbcaf9669b34bacad |
| SHA256 | b25ee99c40f83a397e6a91d7d9504403cc55e30591425468509871d28947f8e9 |
| SHA512 | 81df19fbaa80c8358b1beade9c2427224211f98d3171bb2ac9cf6bb2b484c1ce974c0eb3cd74100ac34219d61e34be8f6f161b0bfcab962f86f2b00896d52dea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\AlternateServices.bin
| MD5 | c0d301020cc8174a642dddeaef0a1704 |
| SHA1 | e944bf107650962a26b762423488faa88227a2b2 |
| SHA256 | 430a903ff6565dbaa3217598c23c22e85949f628878b629a79fc5691e9e03d02 |
| SHA512 | 1a2f2340758f9abcb0947b6fa73f1c9c939503a076927b2d646f65357702e92858ae8de1eb548e40c854d633afa40fdcb0e7b6a2408c5609d0e25565c7852979 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\prefs.js
| MD5 | 6679a4cf25399ce2b5799b0a7e2d92aa |
| SHA1 | cb6beecad11ec9d50f045de08aecadcba2215f30 |
| SHA256 | 71bb1a42d12daa9355faebcb4d7ee920aa609ec5add035ca3c9e83bb74df1b76 |
| SHA512 | 09f3afe2cfebadfd22a5c4457aa36d0cb2e5fbf37cf9f8a4597870f5c390eff3fd310c9014f2e270ef1c2b4b589e1ca6df9112ebf6cf5c5e87e652e848a2df3c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 25e8156b7f7ca8dad999ee2b93a32b71 |
| SHA1 | db587e9e9559b433cee57435cb97a83963659430 |
| SHA256 | ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986 |
| SHA512 | 1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\extensions.json
| MD5 | c31f181449765e010ce6b49c3fc970d9 |
| SHA1 | 94a5d4462d36454d5b1e1a0ec115e07c6f057bb9 |
| SHA256 | da8454d4faffc24a56124882a82983cfbb860899b97eb279397d51da601c4179 |
| SHA512 | f1ef39f634a8e5dcfeda7c884801b658d21a26910191fadd56edad9586d9bd671480901d3a21b2aff8ecddb2216e4cf7baef7ac1fb828f2d6667feae4b85d239 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | e690f995973164fe425f76589b1be2d9 |
| SHA1 | e947c4dad203aab37a003194dddc7980c74fa712 |
| SHA256 | 87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171 |
| SHA512 | 77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\datareporting\glean\events\events
| MD5 | ea6dc0c51d2efd7c6a4b0b28ccf3659a |
| SHA1 | 677cafc14d763943ff311e2317fb2f33aec2282e |
| SHA256 | a617d1486d32e5830d0ecfc40e4d9efc55e4ff94e1cce0b38b199df526c4935d |
| SHA512 | 55cb3e70aba3cf235d59083f880e216f1fb55665c55a97ce40b93a3496ba1d9fac3e3ad3ff5db5f54cc640e60de43492879a288a129900e30b509419e9c99267 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info
| MD5 | ae29912407dfadf0d683982d4fb57293 |
| SHA1 | 0542053f5a6ce07dc206f69230109be4a5e25775 |
| SHA256 | fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6 |
| SHA512 | 6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll
| MD5 | 626073e8dcf656ac4130e3283c51cbba |
| SHA1 | 7e3197e5792e34a67bfef9727ce1dd7dc151284c |
| SHA256 | 37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651 |
| SHA512 | eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h550saij.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9
| MD5 | 15691d3aad41a63383e392ed8e39c6f5 |
| SHA1 | a387e7881bbad0eb2790a31b235f358bda431eb7 |
| SHA256 | 000a79525e4defdfa72fc9c068d8104c81124e43552d02fc84522a09fecf0cb2 |
| SHA512 | 0ce1cc78ce6cfdb80ad1f4bfe781f6293f79d1372d6ae37b7e5fda0bc7bd0f741af2b2ccb96f5470d155e38ed4c44e593397f8359e6616e8a867a09a7c18d55a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\prefs-1.js
| MD5 | c8eeb6d8d124dd579b45c9e2c9413c66 |
| SHA1 | f80d9262e17c194a82f8610f1bfb26121bdb0ad0 |
| SHA256 | 49c1c8c5ca56fa14b7e872f3865da0f93417ae1451094a56d0d801b574451dc4 |
| SHA512 | f44eeb011469ebe3213584c2ccf5a9966bd8bd478e5b2fc34f01d043f2b2f1ccb338b261a5228963b63e9f9d48414e619f9da85f5bc2ef62d658f4b4a151cf5e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h550saij.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD
| MD5 | 9e4c49599f4fa9fb116b0270c3b2d58b |
| SHA1 | b5abd2b777a9657cd1349a4d41c391dd96a65dcd |
| SHA256 | 638a6e924433673458e4ba78b97fa0a6617d50e5a3bb4c93bbe9e7b70c5b1567 |
| SHA512 | bcca809ef7f748a15dbeacb74f632a73797f016a4126e2e454921cf544d33ca316acc440bcc5583a005062a8f02427f828e7b094ae8df8e034b3b2491209bf28 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | bcceccab13375513a6e8ab48e7b63496 |
| SHA1 | 63d8a68cf562424d3fc3be1297d83f8247e24142 |
| SHA256 | a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9 |
| SHA512 | d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll
| MD5 | 1b32d1ec35a7ead1671efc0782b7edf0 |
| SHA1 | 8e3274b9f2938ff2252ed74779dd6322c601a0c8 |
| SHA256 | 3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648 |
| SHA512 | ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json
| MD5 | 32aeacedce82bafbcba8d1ade9e88d5a |
| SHA1 | a9b4858d2ae0b6595705634fd024f7e076426a24 |
| SHA256 | 4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce |
| SHA512 | 67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 957131458f7ffb2345e80e4e2a549074 |
| SHA1 | 6ed4ca36cdf2ed98678f16e2a9d9397d32af9a85 |
| SHA256 | 6aa9dd09c2503ee755962028e56a5e733600a5f0a0232ee21d64458866506d01 |
| SHA512 | dfee69385abff9d39756ded9ce8b9326a9d4cbfd7d712bda339bd4a8c2a0e56993359ff128a7ecab4ffe2c9e18e19698c26eb8706798456ff0d4bf139f7fa187 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a69730d953b2965498b6a2d44216cfc0 |
| SHA1 | a6fe37863baaf037b50dbb0d280705e87b42c800 |
| SHA256 | 354cbe9d41e9933dd6b2f725733406bdc7ec20a04ef88bf7d536ad654b401a87 |
| SHA512 | 8c14afcbaed0e85cd77cccbe65eb32a3d3cf2b0adfba0ecbd1b1e75fa96113db0669758993a1912eaded94345722c78551eb5d9ae26643fd2896e588b92e8d29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h550saij.default-release\sessionstore-backups\recovery.baklz4
| MD5 | d074cb6992efcb5656d0010ccda3b81b |
| SHA1 | 571208b96fac83c3e00c33c594c860d66496d8bb |
| SHA256 | 5ff740f37431799c15de843d623064b6c23f07103c1e89f3a57f43ee0669ad93 |
| SHA512 | 0c2b4ed0f55363af0da06c357c0056e1ffd2386cc8654483648c5111e4cf27fc0549fce9295cb98e1feec4151d9edbe9dd1439bf3b338a861754bdc79a946973 |