hxxp://r[.]oblox[.]com[.]co/communities/4696692894/TxT

Analysis

max time kernel
439s
max time network
440s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
22/03/2025, 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://r.oblox.com.co/communities/4696692894/TxT

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2732	firefox.exe
Token: SeDebugPrivilege	2732	firefox.exe
Token: SeDebugPrivilege	2732	firefox.exe
Token: SeDebugPrivilege	2732	firefox.exe
Token: SeDebugPrivilege	2732	firefox.exe

Suspicious use of FindShellTrayWindow 19 IoCs

pid	Process
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe
2732	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2732	540	firefox.exe	84
PID 540 wrote to memory of 2732	540	firefox.exe	84
PID 540 wrote to memory of 2732	540	firefox.exe	84
PID 540 wrote to memory of 2732	540	firefox.exe	84
PID 540 wrote to memory of 2732	540	firefox.exe	84
PID 540 wrote to memory of 2732	540	firefox.exe	84
PID 540 wrote to memory of 2732	540	firefox.exe	84
PID 540 wrote to memory of 2732	540	firefox.exe	84
PID 540 wrote to memory of 2732	540	firefox.exe	84
PID 540 wrote to memory of 2732	540	firefox.exe	84
PID 540 wrote to memory of 2732	540	firefox.exe	84
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 100	2732	firefox.exe	85
PID 2732 wrote to memory of 2008	2732	firefox.exe	86
PID 2732 wrote to memory of 2008	2732	firefox.exe	86
PID 2732 wrote to memory of 2008	2732	firefox.exe	86
PID 2732 wrote to memory of 2008	2732	firefox.exe	86
PID 2732 wrote to memory of 2008	2732	firefox.exe	86
PID 2732 wrote to memory of 2008	2732	firefox.exe	86
PID 2732 wrote to memory of 2008	2732	firefox.exe	86
PID 2732 wrote to memory of 2008	2732	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://r.oblox.com.co/communities/4696692894/TxT"
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://r.oblox.com.co/communities/4696692894/TxT
  2⤵
  - Drops desktop.ini file(s)
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1996 -prefsLen 27100 -prefMapHandle 2012 -prefMapSize 270279 -ipcHandle 2080 -initialChannelId {4d565e6c-d4ca-4195-9bd6-7e47bd5901e9} -parentPid 2732 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2732" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2500 -prefsLen 27136 -prefMapHandle 2504 -prefMapSize 270279 -ipcHandle 2512 -initialChannelId {3feaf901-ab89-4288-a48b-13efa18634f3} -parentPid 2732 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2732" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3836 -prefsLen 25164 -prefMapHandle 3840 -prefMapSize 270279 -jsInitHandle 3844 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3852 -initialChannelId {1be71b4c-93f8-4617-b6e5-ae1a6cb2d716} -parentPid 2732 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2732" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:5524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4028 -prefsLen 27277 -prefMapHandle 4032 -prefMapSize 270279 -ipcHandle 3980 -initialChannelId {ee1d2d4a-c399-48a4-9892-008d508951ca} -parentPid 2732 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2732" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:5004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3224 -prefsLen 34776 -prefMapHandle 3100 -prefMapSize 270279 -jsInitHandle 3104 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4560 -initialChannelId {8b90ff6b-f43f-48c5-8205-f83d14876b33} -parentPid 2732 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2732" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:5856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5156 -prefsLen 35013 -prefMapHandle 5152 -prefMapSize 270279 -ipcHandle 5208 -initialChannelId {1742d747-b793-485b-b93f-ba2e95296619} -parentPid 2732 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2732" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:4664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5356 -prefsLen 32952 -prefMapHandle 5360 -prefMapSize 270279 -jsInitHandle 5364 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5372 -initialChannelId {aac4cf17-9df6-47fd-84e9-0ded2c6b48f2} -parentPid 2732 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2732" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2680 -prefsLen 32952 -prefMapHandle 2800 -prefMapSize 270279 -jsInitHandle 2804 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5744 -initialChannelId {36428ae0-c8c9-4b59-832c-f69b7fe6963a} -parentPid 2732 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2732" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:5404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5844 -prefsLen 32952 -prefMapHandle 5836 -prefMapSize 270279 -jsInitHandle 5804 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5996 -initialChannelId {9e1b1498-8ce2-4baa-923e-ac23757f4adc} -parentPid 2732 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2732" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:2424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6080 -prefsLen 32952 -prefMapHandle 6108 -prefMapSize 270279 -jsInitHandle 6104 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6116 -initialChannelId {950e439b-5e40-4a49-be0d-767bdcf31e97} -parentPid 2732 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2732" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    - Checks processor information in registry
    PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\activity-stream.discovery_stream.json

Filesize
33KB

MD5
adb736bfb0c799fa49de7ee5daebb72f

SHA1
df972633c739f0f2d62f2cc4927a729e3612ea73

SHA256
484858dd1c75ead481336e5561e1b2ccfbe17bad534f5809a67fbb07693d7a27

SHA512
532beee1515fb1ad960e64548c2d5b0ef9a455dd30ba0fb5c6fbbe1e5051d251cd1d357dea83cd9c66a126fc2593af6c1adbfd73426c17b2e28138b4d78591f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD

Filesize
13KB

MD5
a828879cd83100a8218dca9eff86b4aa

SHA1
1b20cc9f06e793506b7b1310a316a645d30bc55c

SHA256
9e9534ea683b135dee4416283b724a952e91eae19d0bf83d7dabe623cc2238d2

SHA512
dc9928df3fb24dadf539896d107b85431e434420054beaed198980afa5552c9980c8359c50ee1661790fb008a513634a3d604f5f51f865519a936dc990eab225

Download Submit
C:\Users\Admin\AppData\Local\Temp\6581e536-3c0c-40cc-9aba-8c18d78a083e.zip

Filesize
3.6MB

MD5
6ffec2d4940f0af564b7723c3a9ab3f1

SHA1
5a96ad99a9a20d0a954e3927ed1c8ec9626774eb

SHA256
77345346798e0ae65fa9d7dd76f78c808fe84c29522f5d04f80807508d80d12b

SHA512
7f11c9a992ba4df8cfa5dbbefe7dfc2f6632d3e25705498c16aae0c484c1a8d512ef9bf582e68f24b7d90658c4c8b86eb5df21d2a7b6fe9ea6c844e65d8c0907

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\AlternateServices.bin

Filesize
8KB

MD5
eebf38a80fa235f81f82d913847ed5db

SHA1
1647e493127cf3fde93a9e9f61eff0df071fa939

SHA256
eade76544b782d4b20a657fa6b167ef65a5e003d40f4ac23241cc788e0d24f78

SHA512
69a6df510c966efb3e1f711ff1b60c0ce97f674013ba2a5e603c4ffe34e0af4cc0034a67e5937ea375185b26a8b7225e97284d4fdc6026af3624e09469a5257a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\AlternateServices.bin

Filesize
10KB

MD5
332363fe89ea8b9e0b3336300d31e585

SHA1
1cec114e47d31d8de5957e963955a2aaaa75ef49

SHA256
8c57cc6153f64e08dfa28934267fe8b91f18b370f63b68589c614614a17f992a

SHA512
cb1e249c195e1e7398dc99817a85481915717bd836b7b0a5589899fe358668dce1d5298bb1248415d19b7e5f5fddd6db58781c2ce92bdd092a1bc65375eda041

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
9ad18243125978392919a1e5f4b4efbb

SHA1
9c90644da753fe61144764d16bb2414529ccae28

SHA256
d854367e6d07c81577d8c42a0de4e43761e618a4bb5c1f279da6ce0c52eff16c

SHA512
94320ecc3d1d6f1754c336c6f62f6857452a69526a1269c8b88d7884a6a6d0d7c9816ead293930ac48ce74e6a3126bccd1de0b0ae0611e24bd8a3ea360d75c4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
02982669ce35cbace41eb01b56f7dbd6

SHA1
971e5817a77329968731b0926930388676b3bbc4

SHA256
61265e6733596e2617a06eb76c834cb393639b5f58b36e6a952084e13abf7f8d

SHA512
b257bb0ce300253ad5851f0ea8490d45a6b8de19eb6936f8f44941667758f4e40fc3145d563cd05451d34d7c6c8b8c53d62b77eeef85811140745bb8923baf9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
8f0fbfe9dd7c8bd1cdb3355aabfe3217

SHA1
da849716c520828717a1ee33719efa2f6ce8c1d9

SHA256
f96d961bcbffc8a59934d53c716109c9d9dabcbf7cd2cf955422b9b72111f26c

SHA512
dc877155143dda166c9be8c7917fd9dd6b13852605cf0f1b8c2509d6228fe55ac5015aa85ef5b5e2bbb00b3e8bf37c70d8deaf18057cf5abeaf1c12741835ddc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
74KB

MD5
a8b0b551f5e201be2a8cf139f762635a

SHA1
f2a6c12e7b456874fdab0d0aa9d44a150f24153b

SHA256
98a533ebce719a93af1849b7eaa5cbd7e6885c9169c9ab2d60d30d4e2cd0bc0e

SHA512
05c96ab69101912ed4747172a14128101695635f30e55740140dd6a5b0c5bf793af77abd9ff5bc1465d41f87bc94f6dab6a78b956b1a475383b00a4d49f8ddbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
5c23e872bde04cb322109ec83f3a7cb1

SHA1
01d0aad6a12d8fc8b01687faf981d5ecd2479986

SHA256
fe68ffb6b37b20794bceba8433da3365abd8ed0259dc6850956a10d1d321c295

SHA512
1a7cc9f181d6a3aba5d1d656cdd5c312ae5fc811380629a2fbb636d8fccd8bccc79f83142866f414a098d8aad3555c40fbed9b7287ae92c4105fcc0f488f0a47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
f1b42c2d0275d61d3f29bcea285a10fc

SHA1
1733f075dff23678ec3fb86c83975820f8927f7d

SHA256
0b9a123530d626a870470640cbea9a289baff45bed517cafdc6a2bcac7e55f2c

SHA512
53e79fef03ee8690bcc30dc2662ecf96f34eba961f7e0c7783fcf98ecd3d925dd23a6fdafbd652c8cea32fb977df73364b7fa32f70dd0271972ebaa16acce603

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
7f65a03331f386ec721f6d9c48cf3552

SHA1
d0873c454e45ff76faed8dfc329eb1fba3715a89

SHA256
c386242ecd9634e91177f6509f1ccf9bacb71a99a4ddafbcd365b992fa9c8ec2

SHA512
b0e96c2bbc54c59e8822f9a452c4858de4aebc88c3b376cedb99eee8891fb8cc3fa9fd17b4c4d73adf05974c6fc30ddb47999f7c42dd2826ac021979f89cc432

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\32062e82-0aa6-4ecf-bbd5-c45bb03a3c42

Filesize
235B

MD5
984fbb2047d4e42b4d902f24eb419067

SHA1
21b1be75e5b2ee3b79ba7691bfa63e54488bb9bf

SHA256
961e6e88f12c0fc76eb02f9379cdaea01fec30d0ceee2e816d374fa4ce80ee4b

SHA512
81a84e05b154edf857875c081a3e98b290a7554cd14855b77446fa5b2dc965bd3bca6f4c36ae31cd29092b8927b80e57f28a1e338b173083f9637d10a88ea834

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\a575f9f2-08d5-4494-a41e-ddc05baba456

Filesize
886B

MD5
946c06569e7ad8c482962de17cecd67d

SHA1
98f27dcee55b3498f2690a7822932c8d1105b67d

SHA256
4cb90903fa36789ed964310cb6f46e5bb68a477e21995b8705cf7cb241d7ae79

SHA512
d513c9cfdbe19fa36b81f54ab653eb177628aeae7d838bd87ad19903ad4a9c5d59aaea0b6b19b42c557bf3de59f5bca5ec0feb6904bef4a9a193e220f0463cac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\b13c4791-b8e0-4690-ae69-8e240f8db856

Filesize
235B

MD5
c5fcc89a20ca16182208ac734e04f46c

SHA1
b3316289e1b775a501a4c1ca36b5e8b81d6ee90c

SHA256
7a8de96d2272e3c1b377d39ab20af242a3110236db6bdf7f57a1a59637c81375

SHA512
c635a1359d13e4bd9116313b255b24eabcef82a303cc1f3dac0f70402def9fb2a47f91e39f72d8401b65b09e3e9a62849e9518deec56b0a60cf71a2fd4707fe6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\d1194023-9227-4052-b41c-b501a8c2b80e

Filesize
2KB

MD5
1c472d30cf3885e6f7c2c1d39c345f6c

SHA1
5b18fb4ca4d329bb0c7644a8a13517f5dc66c5e9

SHA256
e70e8ff341162311f8b4d82b155e7d2b4f98ae5255477730f0d091b666661dcd

SHA512
156bb57afd18b9e14c50a729935b34e1907252ee4d522f9893f1859cb02ffab6ce71d5df98650b0b44fa1bd4624d3d7136c99b884b2975fb198e62dc11d35b47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\e2e803ef-7a5c-4c1c-a8f3-da304298f41b

Filesize
883B

MD5
fc24e47412e5a62c13c1a6bdc723d269

SHA1
b030fa5360d64a7a5bbde07f6d672f4afba753fe

SHA256
ac1647caa04fadea61523b77ef64d58d15abf918bd58e57ea76d328aef7a0933

SHA512
c062b1b4fbe526879449066d060dda07587bd853f8b08c3e9ee5115fba1ba2af34ae946c2e04454199d7cbc7526925e6aff8845676af75f6fb3dee3f7efed857

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\f3b7f0eb-dc3d-4c9f-a948-5c1413730022

Filesize
17KB

MD5
eced97703c0952a07b80acfb558bbe86

SHA1
14f7ca9959046c43ef01f6763290977af21cc152

SHA256
3f0151471844610d32557c86ad630cc3e790a3c2af92f7aa9006a6c327609681

SHA512
28ab06d2aee9f7a086816468570938595d4eef1dca9869e99d799eea98f5bacbdb1191f95453a4189aef6710b8c188301dbefd99e22ba15c0239a3f83603048d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs-1.js

Filesize
7KB

MD5
b4bd7258d68619e028daed30e156ebe0

SHA1
1c9820a2d97894a2970d806438d0d4b007afc4dd

SHA256
4800fd71d3c6917e7359ea29022126d5c8de9cbea36c7ce4e4bf58a83191965a

SHA512
3482de014b199fc5d36e4a00f4a404b7aed686a38cc36c186bb042255f940d8964d93af49d6509696880a4847f30d33261daa46a366262575cf3bc1db7384cba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs.js

Filesize
6KB

MD5
84fd23a271db1a6480817981eeeea639

SHA1
462c1ebd78cfc368231e84e91398a9ac269d1fd1

SHA256
a8395073634084b663580294431d6d64ae8690a0ac12b40c08148fa81cac5dba

SHA512
777df2cc9645335fe8b85d03df3c63091d7d0440caf190f0e73fc1e81b58140d6371bd20bfdd6148322e9eafd6a654348c179bd584a6a740a34c040659e52a83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs.js

Filesize
6KB

MD5
6607e9b45ad9d33e73b0e83c22d42685

SHA1
6b7c21f52d0b78a882f3f1d89c696c457b0ba22b

SHA256
cb95c8e572bf7919c8bb4b265459d1a89a4fd70e112f85545139057eb36773ac

SHA512
7c7fc02d5b0d57870c4a9a516383ffce8e08fade323b4fe0d3777c88b804fd48630b5ddfa16173d30d22e95af2633384d652f0899b4aaa72449876a335e80661

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs.js

Filesize
10KB

MD5
1d1547afe6fe94dabd5e06627b737bd7

SHA1
1baaf89d1e1f10ebe3a26d41a62b58ede4a08a88

SHA256
635203feefbe69b2a802a49f6c191632ecca8584e888bdc4bcd1445528ee3190

SHA512
fecb1eefc76978e99077b4af022bc9392b8f077bacd404467075589a2505082dceabaef97dd989414c64882b170a99bff0f4d176c0d166237195f08e7e01217a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs.js

Filesize
6KB

MD5
d177736947bfa7ad6139265cc44526d6

SHA1
84628becb8c5264f80ee2fb4a85fe52c1a641393

SHA256
9753673061d3afc80acbde796b23f61dd90ddcd06448a17b6e0ee19b3007ccf2

SHA512
3834bd77aadc50c63a752b1db3cd8322e104ed529add5718f0cff536ee999547785891c92532a830471113e216237f5bb1583b81de9aef1313dab024ff4d4ceb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
99be0bc8732bdd2031b8a4777444f7c1

SHA1
054a0528c255e6e7bffd650dcd525d8bc71a767a

SHA256
fa6ed5e14ae21032197b9801fc709ff5898e47ddcd41d3c5c88e505dfaecc2ef

SHA512
34052104c58e253ee50fc39d9e95f870dbefa36277ce07e0f05df44fa02aed54d3a71943c5b93c7ccb36472fcc759b7f469fbc061ccc17cec076749c36fb2344

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
0d24580b8f9fbd9aeaf25112e6d910d9

SHA1
374f508ba244e49a7fa7744ce2ecdc611a3ca221

SHA256
87d93055192c6837db366203360bf395d45a0c38832a64795d004e92945f4cf7

SHA512
c1e01a8958bab8d64f6202e439bcbf5d0cf9e1126edab475460e22c0a8ee07d690533aa4243ea19bf5cf303860af8fc4bdebe5dcbe331df16a51b39a37a3010b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
9b6531e34839aa454fd9842bfe42f75e

SHA1
c8abed0650ee38313829940b4e12713eb1e6dbfa

SHA256
bb510c6b5a68fefafbd208db93da0720d4f93f515ec307ac0e4505d4ef7900bd

SHA512
c1d65c4e0be976520685a8dee986bf877cfc027ed04bcbf08efdb76b040f344ffa2f9f3820eae7c2038ecf1a4bc1c994f9d6f46252b9f82108907f75d39c2f67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
d7ff35bec0277a80fd28de212c184c8b

SHA1
f726adeae3e1bf5ebbeec9846486931f5a045ad3

SHA256
df1b82eaef41ac3fc538cc599c00b352b2793ea3c1ce26c79b1787d8f12fe5ba

SHA512
0a7898b75d6b9c10f4645f4d9c58d2d70a3d3c4179059a2d7cf73d94f93105bf4bd627382c0e1dc59c97490c68530fb3dd988e12d991679e1fa9c1e3add2b73c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
a8b213382e3ce52c871fba6c53dafbb3

SHA1
1dadf0ef2179a584e449fc77d301681641b78b41

SHA256
f80eb693b1d9bbe8f691d52183db283796da277db4271e18fa16587bae9c6658

SHA512
57382dd83f091681a7651a7bbbd85ca6a68b38c3e6c515d69e9bfca984a9cd605e6d44fadf857ce79e722fcc75063524b2dc88d4d1b1de7c76d3f3d080c0a8bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\default\https+++r.oblox.com.co\idb\3140325527hBbDa.sqlite

Filesize
48KB

MD5
f4c10ff184a302518d5e54af5fbfd362

SHA1
81981cd9ded43d8b14a0ee83d4e6c77a5f115eaf

SHA256
03d452fc3fccb411c4139c2bb637f837f1df84485ca7214558a39903f155ee38

SHA512
67bcc72a9bbf656a985c28d83383215ec6347d1c939b851b533a49a4b53a0c792ffee25ed53635af6c3e48512a2f708bfabbda2f5f660a087fa18965b4903e44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
9.6MB

MD5
2b56a72afe68f588d2383f112db1ef6c

SHA1
e0d564e32a1a6d37e4fece6510563b735d4b0976

SHA256
62035606bba2c304e91835d048edfa0e975c942c80a0c0eccd8cfa7262abf2ec

SHA512
72e3f961ccd0b8ab442c17f90676c1f5da3179026f068280d21c58435704a097032ff00d1377e5f888dc41997bf4685511d9897e133d86a7c72d94cb2f56fb49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
10.4MB

MD5
d906b535329bdd7601970f1fed798a14

SHA1
71da646cc1c721da004331a46270b8516aa4c420

SHA256
2fa89b7728794aa04cb13816fbb692c872e48684ba34e3e296913d837ca3e9b1

SHA512
b6acf493d4a2e180075ee61c7f62e5e2f475ef55b19f7dd21d640d02546ab27792dac136540c77b5e195e31daf96a3f663e8c30a534dcca4286b127741ab9e14

Download Submit