bfddb29a0802115a8fb0192c82a7dce62c2665cae567f7874cd11a1b7fa4a344

Resubmissions

11-08-2024 09:34

240811-lj7spatfmr 3

11-08-2024 09:33

240811-ljm4aatflj 10

11-08-2024 09:30

240811-lgn8katenn 10

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
11-08-2024 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

groxmc.png
Size

2KB
MD5

5023085e12fb0144d7b97ef02a9f3087
SHA1

241799fdb6fad6beacd8940e3126a4be043b47ee
SHA256

bfddb29a0802115a8fb0192c82a7dce62c2665cae567f7874cd11a1b7fa4a344
SHA512

c72ab5bb7b33f49945cb8b248cc114ae84fb6dd58f876c121c1ddb5b64e38ef7b637fbc2df5c74568ab8d385b76d9798195a61d1b494baed33b61231135db5e6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\MuiCache	AppInstaller.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\DuckDuckGo.appinstaller:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2828	firefox.exe
Token: SeDebugPrivilege	2828	firefox.exe
Token: SeDebugPrivilege	2828	firefox.exe
Token: SeDebugPrivilege	2828	firefox.exe
Token: SeDebugPrivilege	2828	firefox.exe
Token: SeDebugPrivilege	2828	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
2828	firefox.exe
1936	AppInstaller.exe
3820	AppInstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 792 wrote to memory of 2828	792	firefox.exe	82
PID 792 wrote to memory of 2828	792	firefox.exe	82
PID 792 wrote to memory of 2828	792	firefox.exe	82
PID 792 wrote to memory of 2828	792	firefox.exe	82
PID 792 wrote to memory of 2828	792	firefox.exe	82
PID 792 wrote to memory of 2828	792	firefox.exe	82
PID 792 wrote to memory of 2828	792	firefox.exe	82
PID 792 wrote to memory of 2828	792	firefox.exe	82
PID 792 wrote to memory of 2828	792	firefox.exe	82
PID 792 wrote to memory of 2828	792	firefox.exe	82
PID 792 wrote to memory of 2828	792	firefox.exe	82
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 4852	2828	firefox.exe	83
PID 2828 wrote to memory of 3924	2828	firefox.exe	84
PID 2828 wrote to memory of 3924	2828	firefox.exe	84
PID 2828 wrote to memory of 3924	2828	firefox.exe	84
PID 2828 wrote to memory of 3924	2828	firefox.exe	84
PID 2828 wrote to memory of 3924	2828	firefox.exe	84
PID 2828 wrote to memory of 3924	2828	firefox.exe	84
PID 2828 wrote to memory of 3924	2828	firefox.exe	84
PID 2828 wrote to memory of 3924	2828	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\groxmc.png
1⤵
PID:3180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:792
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1432 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1904 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {682817d7-9fe6-4a02-9768-eec1518c1482} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" gpu
    3⤵
    PID:4852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {582696f7-12bd-4bc0-bdfd-cba344125512} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" socket
    3⤵
    PID:3924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3204 -childID 1 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb9f7472-efe8-4a7a-b562-570bb0a5a89b} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" tab
    3⤵
    PID:3760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3140 -childID 2 -isForBrowser -prefsHandle 3116 -prefMapHandle 3100 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da436fa3-797f-455b-8b61-279b564b07c0} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" tab
    3⤵
    PID:2784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4208 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4188 -prefMapHandle 4156 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f38cfd4f-8c2b-42e5-9e70-3581bcb91d77} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" utility
    3⤵
    - Checks processor information in registry
    PID:3688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5348 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a3b95d5-ea2b-49ef-9af8-5f8b451e89c9} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" tab
    3⤵
    PID:428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 4 -isForBrowser -prefsHandle 5520 -prefMapHandle 5524 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67f3f757-b72e-4eeb-acad-c7fc5032060f} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" tab
    3⤵
    PID:1892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 5 -isForBrowser -prefsHandle 5712 -prefMapHandle 5716 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {095cf58d-6cf1-473a-8732-4ba245a4d8bc} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" tab
    3⤵
    PID:1256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6176 -childID 6 -isForBrowser -prefsHandle 6168 -prefMapHandle 6164 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcb23319-1ca6-45ce-bd70-74ef1da76358} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" tab
    3⤵
    PID:4212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 7 -isForBrowser -prefsHandle 1492 -prefMapHandle 5408 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcc85786-50e6-4ab2-a8c2-105273db7c76} 2828 "\\.\pipe\gecko-crash-server-pipe.2828" tab
    3⤵
    PID:1132

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3572

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1076

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\activity-stream.discovery_stream.json

Filesize
41KB

MD5
b185c9ba36d04bca22cd8a90e8bd4ab5

SHA1
a26ac4fd1b27c505bcf727b0603a50fc8fb3bfa3

SHA256
e8184a4bc0bed9161129dfa27f2152c6e2e39835f63470f160a6a9249b2b0bd5

SHA512
0f8f8ed6f475e0e9df0983e156be3286810b95a17cab5b37f7b8eeafc81b9d4dee675400e10c3eb19003b2fbdc0fd12b6ec649183c5eaf67dd00b2bc198cabba

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
3f1d56bdb15d0c03abab6a52a8fcf39e

SHA1
88cb312820722d434282afa459d845c6b9b01d39

SHA256
93fefaea75b2a018098fa1eb100348ed78549a0d0a15bb6db2f30c1116fab693

SHA512
3c3f0ce22d404a6adb190012e2e1d0c4e0d7a5ed70f813a9ae0dce5f4075e9f526cbbb842a142d15cf2bb037627bfadb336536c70f26f180d37909f2906838e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
cb13628e18e8603a13939bcc3fd3e565

SHA1
4f138cf8e3f1186a1835c3cc4dec0631859ad93d

SHA256
3e0a9ba1154b2471fc55e74903324c54c62e3164115ef225d2c4e9361eb53e64

SHA512
75e000b0cde5970dcb25d03b1db58559b7beb9625bf8315e348ffacadeb4b0db0d6517e2f5d319768b4cda05750a7390fe9cdca1321b4c8ea4b6ad64d210501a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

Filesize
7KB

MD5
8ced406b41474c234e33e58b14c2d0b0

SHA1
5ce6c64fe55cc702fdbe13b2e69140a6c2445b34

SHA256
98ad737eacc8012cf22f4814cfaac1bb9b9e50d1c1bc7bf9b5b5ad43bff21eb7

SHA512
003cdb9f5c32830fd2e92b441c438ae280b48b82af5e33a0cfdeddd538007af2277c30e372bf116b095b2d39fd0aa065dd80512299b188a2df92d801cd2671d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

Filesize
12KB

MD5
6c1a802b7a85fa7d5775d941c1b5b7c1

SHA1
f58187c2f6cf60a0b8fbd036c183da8175782025

SHA256
71380d45fe75775ec434346f0ffc65b2bbef4dfa02a85f010ccecd49f6bd1ad1

SHA512
ea082f778d52234f658933e95713b918ca2d29f6d41a8fe43dd73f116f5824a8abdfb24de6201a687d75ab6b3a54f65539411cbf5a18cefabcfe9cf7593eb1e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b61ea5f012083d624d66ce021f8e2bbb

SHA1
5c505b01b70abf2ecf1a7fc6ba6edd9734631183

SHA256
5e59ec08bf734cffd52b03d0890615bffa02f487185731252b9b5e077f031576

SHA512
9635773b6cbfaa66f68dee3f39bf7b7790be9c0da8858c354ef34113226c8e4cb024fd266bd161090f66ede14f3b84a5885671631aa5ed4e6fdfbbb9a708408f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4ce7099abbd5149b6babd9ab1f72f9f5

SHA1
a27b5ce28e39110f543ae1121435c0b91b93aae0

SHA256
528eb3af0663ed45f6a4a9a11dd1ee389ed0ac8c3ee71cdaefe0dfbbe3224251

SHA512
140e7b6508ec831b603fa6e5c122ad6e91eda75ed1729dd1a11acce6117a013261dc85378f0937b1a6434345991be9188d69714af97d270479435d53e639fb36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
2c1e84548dd61c456c0979a139d13e13

SHA1
7e0f1a51632b92316122ab7b5cd2616703ce0a2d

SHA256
46e46e1815ce1cf6ad051e836e8a4f30140205575239d76f07d32d3e72a53f3c

SHA512
097a3feb5082f3957a98b874a9e3824304818168c6e90ca614bd223087ab2ed75f3dc0f3ca0a24d4e9eaf3973d4e34c050a20b701cd831d282e71f43bf1718f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\2a9c8300-2673-4f87-94d3-f2c03010b366

Filesize
982B

MD5
54beae973d8be244842bb79a193ccb80

SHA1
f963a507238ccbe698942b61b4d942cf46830981

SHA256
dd1c90c69ce52c81c2b13c134831f26267f144f8afe261907c01bec4bdf2d5e7

SHA512
efbb8c728e31638148cdfbb17d080fc72dcc680fd4a98bc126af7343978821e22a43c631800309f2b8ef74d3ce50e2a2c76eee1dfa180eb555a84773c49f6d33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\677d5d01-6907-48e9-b11e-a43734210b80

Filesize
671B

MD5
dc7bcaf2f233f788e44cb46e23b615b9

SHA1
f8ccbd1fe4d8d89e26025afa313ffcceaf584ee1

SHA256
6b950df689c0db152d7be98a2a8090ad4cbb5ab30415210bb37abbaf99648e6d

SHA512
a671abd4f0960afd2973819dcf74eb81f756d1452a25e43bc68e149fbc8ce6b252741140ebf7b0743037821a68ea38908624359640ddf5937d20d37b0f029c15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\c73f3d40-dd89-4396-a4a2-4c3d043ea8e4

Filesize
26KB

MD5
c9b5881f1d92cb323c52d912f04240d5

SHA1
6d1777d84f36cb1e3088993380b7ee9bcb4ea1c8

SHA256
eac476f2b05394205425d9030dec3fba8b7de4df989aa3715c03773272dc1695

SHA512
f36a04e81ae9172d2ddeef6f985acb5d16c4630cafa53b9d10cd83696080bcdb243eed16307d506dc09e53177ee87077db1366e21da6d4a9b0858ab6e5776dd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
10KB

MD5
fba9e8effb8cfe70e4e4799bb4b74ffb

SHA1
e66f24a16667a91a2f9f0bebf778bf8471dcc948

SHA256
e5e3426b5ec21b06ff98109e0388c63689304a69bf6b56d9812864b533238cd5

SHA512
0dd816d2221de9a7c2832c4843f7a534be7a3cc7bd3e0519816eec2a03fb5d7cc87863adfad42fde9da7e548d1d17c250f59450b1753ef0ca8c184ae89726e70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
11KB

MD5
894cfeebb96c31f3b5d64d325fba443c

SHA1
72dfea5cbb868534db7b7dd7910796924982323b

SHA256
71e7df1533cd77f1618e6931b5e717f21fa8eed95315e00b25f73600d7877a8c

SHA512
d1e29dc3f02be413cb6f6433f268236bb483c44fb7ca7d20419b8a67bb6234315a7121cf46416121f3bee0502ffd0305e90c3176a473522254c6015fdee2fb61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
10KB

MD5
5a1e260b1b86b164a89ee363a755049b

SHA1
5d596e98542e54086b2a3e3c5ad594acf01a2868

SHA256
41782671e1756bae609110ec9b6b3046249e0391a9bde7429f3d6ba5cc80f772

SHA512
0b7a4c235c539400cbf6795fd6bf7537e9113e18d686f1d7c0c4665f6fb9bdda1b5a7f5ac92c4314252c4b1a2b8cba60cd7642cbfc2c509a29fafcb5f0114945

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
bb149297d3a31d3c84a4ff25608b1926

SHA1
fe08d993bff9ff107d1eb7f2be68030fb9de1e36

SHA256
fe743b6500ef6e88fa11bd68b5c33c830b9a201f125df2b64d52f01eec0df3da

SHA512
1086ceb95786126a62be0265a5abe91f194bab209a02caadbe84c78acab42e20d66debc9c4f5b9a08dc7314449b114c448ab59f0b03b00eda3a77124c75fc18e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
29a6d473b83716eea8d16d72f32aa78c

SHA1
104212dc4b54d9fb98050a9e35d0bb4749564ed1

SHA256
2093fc38bb520c8bbd74285b2304254d3d08ab5e8240a955b574ab93acd43daa

SHA512
0253f022c89fed4e4a8845593a340169de17df89f105cd7279f8e6aaf619cd45195b0697958120e929ce147f5250627203b5711a56036fbe0a0d0b7b49ae958b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
578dcf0a49a19b55bf536c9faf319d5c

SHA1
0d67eef1e8c2ea9b1480ca4b20202622e2efeafe

SHA256
efd64ea4dec1b3b728248e8d073deaff5ae234766f1c42a182daa60b28589460

SHA512
329e9ffd738ec77ab83d0113e0b1a0dffde6222ec1e236d38d36bcc24adcc71eb7e9ef2437623b771649868c4276d1cbbdc54ea45742ae753b20d0dfeefc87aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
34f20ab8ddc8798b11cb3b330dd84b69

SHA1
aaabdb2aa3fa8956caee866ebd4df149db8557d5

SHA256
e017cc5e1d650a8d9cce86edfef21d32b08ccd74dc381d99c118d6726e5bbbb6

SHA512
570765fa0d246b05b618a8b7f906df887a21b4535fff8ff266223ebace44357c776708dd923d933c858ef12aa3de95de509e05c50f4a74bd98c961bc0dcee40e

Download Submit
C:\Users\Admin\Downloads\vUIQwXGS.appinstaller.part

Filesize
749B

MD5
f2ec880aaa92d6e09fed4b8854ccc02f

SHA1
9df37f595f04e79cdb40f2fdb93082d4d5ad886e

SHA256
f9c21c56f28fe7466fced14f3f7b455104430a43627fc8ceac00a4a3fda00e0b

SHA512
95f8f32372fb772c01fe00d7da5407da472dd43da6f61020e93650cf437094fb0898fdc39481820e2cac77a585b16be503033391d020a7476363e5af1d11612d

Download Submit