Analysis Overview
SHA256
ddfbd3bdb5abf02dc0f519de669b56b27dd866b2e93193e4958a8b0825bf019c
Threat Level: Known bad
The file OwnCheat.rar was found to be: Known bad.
Malicious Activity Summary
Detect ZGRat V1
RedLine
RedLine payload
ZGRat
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks processor information in registry
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-03 14:18
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-03 14:16
Reported
2024-05-03 14:22
Platform
win7-20240221-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2632 wrote to memory of 2708 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\7-Zip\7zFM.exe |
| PID 2632 wrote to memory of 2708 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\7-Zip\7zFM.exe |
| PID 2632 wrote to memory of 2708 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\7-Zip\7zFM.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\OwnCheat.rar
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\OwnCheat.rar"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" pnidui.dll,NwCategoryWiz {cfb57058-c07b-4cff-a322-7cc127fbf1cd} 0
Network
Files
C:\Users\Admin\AppData\Local\Temp\7zE49A64C16\OwnCheat\Addons\lib\ext\cross.ext
| MD5 | dada5d3d71d97009275fe266381bd52b |
| SHA1 | be421b5c86767be813811869acf569a1ad1dbf3d |
| SHA256 | 63c3d033bfd95795a555e1ad0b9233c1547cfd7682cca803b31c2a985615d91b |
| SHA512 | 99d5fb30378029dac8980a902848bbbd0f638b0a5bf058537aa27a21a64dafa9c39674273af4a0d15793065c543d358f1a75559ab9c354d9f7754ca03fde4c51 |
C:\Users\Admin\AppData\Local\Temp\7zE49A64C16\OwnCheat\Addons\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-03 14:16
Reported
2024-05-03 14:22
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
171s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ZGRat
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4660 set thread context of 3424 | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 2612 set thread context of 2648 | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\OwnCheat.rar
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\OwnCheat.rar"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe
"C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe
"C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\System32\_iyiwy.exe
"C:\Windows\System32\_iyiwy.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.0.1523896926\1384476286" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a9ebfde-4f10-4066-9e3d-06eb9148ca1f} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 1964 1d7781d9e58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.1.1673832774\1652749943" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2320 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2d39ae0-af40-4fcb-b06e-049c5d9c3189} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 2364 1d777b32958 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.2.9210831\650279896" -childID 1 -isForBrowser -prefsHandle 3308 -prefMapHandle 3304 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1440 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41cbec7b-5441-4673-b20f-5def090e8d5d} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 3320 1d77c118258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.3.1792019170\44276428" -childID 2 -isForBrowser -prefsHandle 3896 -prefMapHandle 3892 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1440 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {694cc34b-2ade-4120-8ab3-314595e3de66} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 3868 1d77c67d158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.4.1512588561\135234127" -childID 3 -isForBrowser -prefsHandle 2964 -prefMapHandle 4076 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1440 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eb01344-ace3-4174-ab5b-178116150bd6} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 3892 1d77aaa8b58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.201.106:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| RU | 147.45.47.64:11837 | tcp | |
| US | 8.8.8.8:53 | 64.47.45.147.in-addr.arpa | udp |
| RU | 147.45.47.64:11837 | tcp | |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:50302 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 44.233.67.78:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\7zE0B27E258\OwnCheat\Addons\lib\ext\cross.ext
| MD5 | dada5d3d71d97009275fe266381bd52b |
| SHA1 | be421b5c86767be813811869acf569a1ad1dbf3d |
| SHA256 | 63c3d033bfd95795a555e1ad0b9233c1547cfd7682cca803b31c2a985615d91b |
| SHA512 | 99d5fb30378029dac8980a902848bbbd0f638b0a5bf058537aa27a21a64dafa9c39674273af4a0d15793065c543d358f1a75559ab9c354d9f7754ca03fde4c51 |
C:\Users\Admin\AppData\Local\Temp\7zE0B27E258\OwnCheat\Addons\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe
| MD5 | 7e46d11cc986f86dc1210adfc6f51248 |
| SHA1 | 89823c4faf48f75c9578c2e31367bd2d0fd7225a |
| SHA256 | af8c537868eae76c5616f69dde5d25fa0ac00d9ac60d3afc0eff574830f5c123 |
| SHA512 | 61f4e103115ae908a68ac001d7e73d600ea727646c6daeff0474a6f18102ee70de67e145875827a70a0f7a47138eb55724c266252aa792ef514994328a8aed4d |
memory/3424-412-0x0000000000400000-0x000000000044A000-memory.dmp
memory/3424-414-0x0000000005570000-0x0000000005B14000-memory.dmp
memory/3424-415-0x0000000004FC0000-0x0000000005052000-memory.dmp
memory/3424-416-0x0000000005060000-0x000000000506A000-memory.dmp
memory/3424-417-0x0000000006640000-0x0000000006C58000-memory.dmp
memory/3424-418-0x0000000006170000-0x000000000627A000-memory.dmp
memory/3424-419-0x0000000006080000-0x0000000006092000-memory.dmp
memory/3424-420-0x00000000060E0000-0x000000000611C000-memory.dmp
memory/3424-421-0x0000000006120000-0x000000000616C000-memory.dmp
memory/3424-422-0x0000000006350000-0x00000000063B6000-memory.dmp
memory/3424-423-0x0000000006CE0000-0x0000000006D56000-memory.dmp
memory/3424-424-0x0000000006C60000-0x0000000006C7E000-memory.dmp
memory/3424-425-0x0000000007AB0000-0x0000000007C72000-memory.dmp
memory/3424-426-0x00000000088C0000-0x0000000008DEC000-memory.dmp
memory/1160-429-0x000001675D020000-0x000001675D021000-memory.dmp
memory/1160-428-0x000001675D020000-0x000001675D021000-memory.dmp
memory/1160-427-0x000001675D020000-0x000001675D021000-memory.dmp
memory/1160-433-0x000001675D020000-0x000001675D021000-memory.dmp
memory/1160-439-0x000001675D020000-0x000001675D021000-memory.dmp
memory/1160-438-0x000001675D020000-0x000001675D021000-memory.dmp
memory/1160-437-0x000001675D020000-0x000001675D021000-memory.dmp
memory/1160-436-0x000001675D020000-0x000001675D021000-memory.dmp
memory/1160-435-0x000001675D020000-0x000001675D021000-memory.dmp
memory/1160-434-0x000001675D020000-0x000001675D021000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
| MD5 | 60ad21e008a8447fc1130a9c9c155148 |
| SHA1 | 5dfa21d14dc33de3cc93a463688fe1d640b01730 |
| SHA256 | bb65e24fd8681e7af464e115fba42ff7713e933683cbd654a124c0e564530bb9 |
| SHA512 | 42a2753f717a4984967907fa69200e8a464068a6d4a226803cf9503ffb7fee540ffc611b4c905cc84f3623639a6aa93003b390f9c38e601b59f171a9e90bd9b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
| MD5 | ecdc05e0e4a7f574f5bb4a56b195838e |
| SHA1 | 4cfa1a0689a1f58d3506a535c15a5b939a946955 |
| SHA256 | 890a2b8adfbde47da41f5194eccd7b5baf19bc852b5bbcc0c9cfc6a32bffcc52 |
| SHA512 | 6c8343a71d6ee908f59f0e49f37318725cc1af68ffb1533a1464e0587f7a2d71d2d0437b0bd0cc2857e05b98449da431d675bcbbedec9314bc61c31a0d39639c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\9229c7c0-1d97-4521-86e8-d9d208676cb6
| MD5 | 0812c1f37fe590c53ab998755d6948fb |
| SHA1 | 079dcffa7f674f6bdaeafb9448d95b3a6d1de9f6 |
| SHA256 | 593c5ff01e7f604cda2fb7d6f54d93b47f6912a332d780fa1907911c5622392a |
| SHA512 | 3845a5d813bd2c3ef51ae452100b22ea05f5c294cb5b937539585401023ac8a43ac520af877ed6e8718fcba82abd539f307e12aa74421b21cfe55082e21ff616 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\d7618f18-8d39-4eea-9d84-786f28dfe9ed
| MD5 | 5b0e0bf6ada858462704a75f51a2653e |
| SHA1 | c89145488f52a34f255c5bb302a53d4d9e81982c |
| SHA256 | 2ea7541c6dd6427d463787ca229a5eef0f8341f06bcb7a69135b18589a4e559d |
| SHA512 | e19ece02ab7bb2209f7293bcc40ac81d420687219545cdb660e4eeb09199a28e0d5951ee8721526ee514de853c916bf674ef281370657b14a5e44f1fe284f548 |