hxxps://ocard50[.]ru/50

Analysis

max time kernel
566s
max time network
568s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ocard50.ru/50

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3596	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 3596	1384	firefox.exe	85
PID 1384 wrote to memory of 3596	1384	firefox.exe	85
PID 1384 wrote to memory of 3596	1384	firefox.exe	85
PID 1384 wrote to memory of 3596	1384	firefox.exe	85
PID 1384 wrote to memory of 3596	1384	firefox.exe	85
PID 1384 wrote to memory of 3596	1384	firefox.exe	85
PID 1384 wrote to memory of 3596	1384	firefox.exe	85
PID 1384 wrote to memory of 3596	1384	firefox.exe	85
PID 1384 wrote to memory of 3596	1384	firefox.exe	85
PID 1384 wrote to memory of 3596	1384	firefox.exe	85
PID 1384 wrote to memory of 3596	1384	firefox.exe	85
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3980	3596	firefox.exe	86
PID 3596 wrote to memory of 3152	3596	firefox.exe	87
PID 3596 wrote to memory of 3152	3596	firefox.exe	87
PID 3596 wrote to memory of 3152	3596	firefox.exe	87
PID 3596 wrote to memory of 3152	3596	firefox.exe	87
PID 3596 wrote to memory of 3152	3596	firefox.exe	87
PID 3596 wrote to memory of 3152	3596	firefox.exe	87
PID 3596 wrote to memory of 3152	3596	firefox.exe	87
PID 3596 wrote to memory of 3152	3596	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://ocard50.ru/50"
1⤵
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://ocard50.ru/50
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {697da471-3a3a-4c3f-8fa5-ac2a1caa0ccb} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" gpu
    3⤵
    PID:3980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2356 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aca3375d-94e5-4e4b-9806-9b7526b48afc} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" socket
    3⤵
    PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3080 -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d552719-1fce-4337-9b3d-71ae01131cb7} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:1272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3716 -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3028 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f462f148-d6b6-47a5-b530-a6e31f5fe44b} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4348 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4340 -prefMapHandle 4328 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d797f99-d586-465b-b4ad-855c691e8798} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" utility
    3⤵
    - Checks processor information in registry
    PID:1596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 3 -isForBrowser -prefsHandle 5552 -prefMapHandle 5540 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1997aef6-65f2-45f2-b4f6-477e8d35978f} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 4 -isForBrowser -prefsHandle 5772 -prefMapHandle 5768 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c362e3b-24d9-4dc3-a5eb-354286d254f6} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:1236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 5 -isForBrowser -prefsHandle 5908 -prefMapHandle 5912 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {312297aa-df61-48a9-b364-7f6a12c07778} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:1088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1496 -childID 6 -isForBrowser -prefsHandle 1576 -prefMapHandle 4216 -prefsLen 34177 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50f2b3c9-7c3c-4c8e-991c-fcea198ed083} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:2632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6364 -childID 7 -isForBrowser -prefsHandle 6480 -prefMapHandle 6460 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8b034c2-1b78-4716-ad3d-fb9daab51fb4} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
    3⤵
    PID:4956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
518a6c30d5d1dda091c062c8b0ce03b4

SHA1
fbbb9095e84d8ce5ed97af400a91dc936ddea61e

SHA256
075b1fe9eff733cfc2030f79af33e87f3986a63d455444084475c2aebad9dc45

SHA512
787bd3cb1b24654b78203363b2f312c2ac410cca67802fd385a826387e9effa3e1d6448411fdfd574784eb8506d83a7d2f1d4e343ec95359b2f5422eb0a804d1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\0496E33B07BB9340090B6FF9A653DA5443DBD403

Filesize
224KB

MD5
75e65e05a53f114490372c9c78d29c98

SHA1
3fa85611e43eed5dff9502d5ba4f80100fc43c30

SHA256
85e854dcd1fe5d42b37f2ab13d75b4ab81c055fc664aa6025b846b650a8708c0

SHA512
020b1fde05327da142b282b0fc430c2f2d4a56db792c3d196b212bcc09d074056b4f4e82b62542264a4b1b3b143ebb82e973f4bb9b707a976518e7e3f910380b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\0C0E12ED83B149D6A68D87C705EAEF00394A7588

Filesize
61KB

MD5
10b3ddc7d85241076370021cc8f81cbf

SHA1
111cc67437c0427684915f7be1fcb3696f2a0e9f

SHA256
1c1efe20f010a2b83246ad35a3f7d8f7b0bd635007a513afed1a80b4af023d7b

SHA512
b1d1c2724a7d1d6943ec8ddeb12bfeb78d8dc14bba62bb36974b41b575cd819b23bea2f111b315fc8e8e136461def4ebce5650b0f34623ef08f52342910b26cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\0EB6CFCB063A7E9F4B00E2A50B35F8E896BF530F

Filesize
52KB

MD5
fea6d514af825680e147fd73d785be7d

SHA1
a10ace43be1488af9400b8c47e8134b4915e07e3

SHA256
c14bec19c41035c6604d923a0f25d82da073aaa11d9ff56e29ac5cbb549ff54b

SHA512
d05cf4805a3d85de1a1952007442b70ebb781060b18cf42373151345b668f0b61dacdb5fec067ca6c14d05f2b10c8c3c6d358b35c8dd9504792d6289386e4e5a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\D1DBEDB392C9FA44E7855D1BC881A6399ECD66D8

Filesize
13KB

MD5
bc9602fd20e3f2a98576acfc427f754c

SHA1
bc09b9571ca0881320dbc44577046e3f88b78d69

SHA256
abe3b5ab8d157cc311f08ee9b4755d852b1241a60140b243974a07dc8c86e5c4

SHA512
5596e8afcbcbcceda8bb7ed5aa9e20f5cf94f58076c132c37f9b07a1e4018e0fabbb4e43885742609cad4913f1940c2af66525ad689c8ac77682e5747f865994

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DU1N49CQE05H9E0VWAQA.temp

Filesize
9KB

MD5
2d62f61d250287403fdc773749827e42

SHA1
9767d58e623d46ce9d74fdec71c78a4b269b432f

SHA256
dc56b8a37c129941813c34428777a82c6f088af87f2ba3151789425ac1b5fede

SHA512
32f820499de5f692f14f87f8e5edf3164c17d0a0ce039b51c59a16cf7633ae62015fca20102bfb728f8ad5b682aeac47dc69ae767f528c9b8f6093b8eae23164

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
6KB

MD5
3e8579288f1a5180ceb988202591ba54

SHA1
d13dd32c1f74bbab500714bb8df3b6e445ec2fe3

SHA256
ab017e5d06827307548009dbcab99b496110863c1b09186eb1f9b5b380a89089

SHA512
6f636368b04d0c71c88fb712daf51cd71267a14321ffcac91c8af2d8ac270e925e4b29e92da3fed423154a9cd37f81b3d9ded24eec6bcd7a1daa4cbe96a59408

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
10KB

MD5
a84c833edefe22999b49a59534b03f3f

SHA1
64f1a8d549162b574a188c6a73149038dc8321b9

SHA256
c7a9407461ff70a753bb093bf3e79c343afb9de4118e8ceb3bb4e888321efc47

SHA512
168aceaeba24b9d2e896db22820d9df70320e11b29d7aaa566e2ab324f1dbf5c9366ae64106a6622bfccb0987c4ae08cb75e095a11adb1454a55eef8a155d97a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
12KB

MD5
ab0cb3969e74bbb27ff89fc0f82d1f9a

SHA1
32d1131ebfb2b7ae86c2073bd388f402ea7604e8

SHA256
3abf4369bdb757d1be7d514907fadda8f07198557526c597b9e23c74bc56eb75

SHA512
bcc57d8dea6f9558eec574a619715223a2bf6e16428b1121af9c0dbc04d5c360ae8e98a8a355f5814b680cb81ca0935ea8012d5b6ca680daa1c924f3600bd0c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\bookmarkbackups\bookmarks-2024-12-25_11_ZrdYzC-eJDxPzl9eWEGoog==.jsonlz4

Filesize
996B

MD5
faec8a82c35d6bddd9b1d7f4a7c68dbb

SHA1
518f8d9856574fc11d61576a2980fec26cbd7327

SHA256
c173a9013f78ec791bc1617ce873f96299c46c83df700dfdd02986b08de89e84

SHA512
20f8627622f835c46f59f44e6a5f6cdd6f20d775f3a6ab817b0489de7cef6e5be0e9825fa56787e19fca912a5ca7c1ec3332e0a7f5008c8c2c8970468082d2b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
817c8ea78d9f86092abe3da5d16151e3

SHA1
0a8571ed3ab0055eef0f48ce9ca7ac115d9db9e4

SHA256
1539629655d173d8d1f5cd587c7cacdf1db6af34a29839103536f9c9dbbd66ae

SHA512
d7f05c56d8a372a9fcc9d2967b047bbaa8143700e254b0023a932d0087785bf10f79b06092cef116308fb81bf1bc1b03c39a22c0aa56bd78b435d5f85073339a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
60KB

MD5
11c77ec1fe018754aa3786acd0b49891

SHA1
f746d69ce00120c5aedf855b83baa566eeab8ce4

SHA256
e5bdd73420d9d52e3dc81c3062ac77463025a9dd7450ad64c27807b62dae25ef

SHA512
5a31bf72a2825cb03765dbd8aee4c12d0a63a9438fbec0866b59934c7f9607d74411665cc5cbaa1bdcc391d1d37c7860fa2647f8f3e2eca29b6b70a06e2d6db1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\4aa7881e-6150-4488-92b5-5dab3500b61f

Filesize
26KB

MD5
77c1fb97b53ba7578daaaacf869057f2

SHA1
b69b6d96e0abdc15d5cf45de99a65a35cf78fd96

SHA256
b432355ca8ee84d77f70d694da57a41cd8a2606d251a9724a739b100173a6be4

SHA512
a730d81438ff55f24566b92fc8fde48490652cf1f8bbd4521798318cac01c44a8b1feca66cb4d161474e7763220bf04b788177b1628a5e4c54bcbbe0f29d2c0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\819f2e3a-8437-412e-b400-8806316e83d2

Filesize
982B

MD5
fa40bd059ee5c8861d460cb8bb271b85

SHA1
142bbc5f8553cbce51d1fb0ae68f31aed6a1fb77

SHA256
e4891f0bf94ed2cf3992bf9bcad73e37490e879e09f0d66e61ee69943a6dade6

SHA512
02d0d55b12e19bb55dba83c19e4b3ea78c4b5d5401e2c3e0c940cf3bd36467d4c83fc54eea69653efc94d8851d4371a56c62e4e4890067616c5874de7b58a0ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\9bd2e497-cc30-415f-85a5-8be2313407f9

Filesize
671B

MD5
a01d1f0f9c92f8ee2671345ec42fbf8a

SHA1
825fe9b859d83b7c3aeea26ee45ca91d3e19e5fc

SHA256
73c406d613070df2a23c9fb605800d5cf59bddabfaef9103cfadd99e637fc526

SHA512
a1aa34845334ac30812129b9a1c5bd2de0b6f6be2148991b044040bfab26a3e995cdc977ecffcd3ea787bec56a87c345e1c3c8ce4d38ed94eb121b25b983280a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
12KB

MD5
73445c36631728a564cbfb1469c69ea3

SHA1
2c8871588315ef7991554c28883225c5fbd474b4

SHA256
ab1d6f4b0922f2bc61de2d6874a86eadb4c14e131110c58eae32046982df67e5

SHA512
b2ab8b4a2fddc5ca7ada20bcad77cbb130db01d2627332b8cb5b0f62b9c7b380c6e6be8e2db6ab4c62406cfd054f612c93f2d4a010ccc34b230f0244c742d036

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
10KB

MD5
3e7636a95821fb695d318c1199af7ae4

SHA1
940f7bf8a01576e2448f47023b90ee336bce96c2

SHA256
361bb92e487fcbf76aed1ad83d420ae6d7d4b5daa94c5ede2ce3abcdb7f91361

SHA512
f42cf48cb5e38c2dff4fed234b7eb3bb1008fe886f6cf4905d40c74924dd580adc647d9fde02c836f00c0e7282207988807769e13965551f0ec96c790f96f5d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
43KB

MD5
fe53d873f7ee000fbd240a022378e6e9

SHA1
123913b6fd2bde208c7b8f9a7e6c1cb14a51d9b3

SHA256
908ef43b1f6bfaac2076eb0bcdc8a07aa9b5aa891755d0efecd19600ce55c3ae

SHA512
dd0fb2dbb1771a31c9f9fb07797bfa7d51bd7bf8c46eac92d16a9001084cfee530559cd4bfccce7d56a42f77e358b97ccab537d1c7a559e113f477966f517201

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
45KB

MD5
48ec9cd861ad33550f86a43835a0c6dd

SHA1
785e1f25b398510c25f54acf0ae9d048386a1cb8

SHA256
7519a231221f30e0f7dcb84d2205d43e63a47eb58694ba28fa5253f276cf02a1

SHA512
7dc93e0de1737b28bbd81090dae8e9244079b3a5459d39a5b1771a07bd3aa0c2fbc443b909bb14680e08c71a8c0baa03f806a858f65e42f4b3ad61838d05c119

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
44KB

MD5
74d2e961f3d2147b0db8e53ee800272e

SHA1
195f801cb89d0178abaa68d54f2e97c7ebff6120

SHA256
27b8cb54f35515f7b9e28a660c661b1d70aea9c4037986449b9015703a6edffc

SHA512
a3b77260a7b0ea461faf10c31a4bbdbf4cb0d57e38c0fad90681bdd66ee95e4e1e214667491115c1c1de8ab6b70e7c0bb70ad3ff1cedd091319a905406b89da5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
0eed2869c64fb7a82c9a1e406b86f34e

SHA1
8d6766277f8a7db93431fdc20f6901f8d47c5aff

SHA256
516da44db7f086964b307e4d811bf6c6a517367ea84cc52499f6522fc4445461

SHA512
ea5aab65ee4185f4102ab2f8af70839b0e0575842f5c172761c84d2a392a74f31aa9abe8d47b6d15063fab979f2984fbd3446b9c7f8ac82f6b0574d8ed9c6de1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
44KB

MD5
560ee4cb195dc6ae0470a3d01aa77895

SHA1
59f0ac14df9f76212d98702f64ccd9fc60a0c337

SHA256
d583c79651ee53be7560bc3c94719c70713b81272d7e9d28d3a195eeede94c75

SHA512
11437e50bcdd0d4e6469ab0462a60e72fae1de9b0adf9143b42153fe2662ff57c11d2116f1fcf9bb96d72cd9e061076444ff972a11c86fad714a57f56602437c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
44KB

MD5
7572ade77572d8b2d497544889ef7501

SHA1
94511879ec307ade8d7d57b92f63c82fdbea8c83

SHA256
11feb9e6ed3c2bab92143f7ad63c3e9f19dd47d2be0645755f44f76fefffb732

SHA512
11454122dc06fbbb97314574f27d2be1e7d36edee2621dadcc49ef15f67017b5f62d697156a7bb4ea08ed727a67d25a4e8f1ff24a8ee8915e23efdc9a62d184b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
43KB

MD5
4e486bcf44dda3dbb1eb9b0ee0970315

SHA1
868bb7f27383b0a5fe08c998feaaed51eb81f368

SHA256
ce97ae53d83031660045ef403176a080d2c2a7211f33c899f457872b8701af17

SHA512
1b1c56abf90ddcce76f5ecb416e479d17401077fff3ae4b7423f359c096cedecd2b90791fd2440ce26449a857052faa6508f211fe1daab930f381c1482d8cb03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
44acd6d56fdd06e6d1902ce14f9e734c

SHA1
4f9f189c19eeb24ee13f690ecfec7dcd1db66ef1

SHA256
fe143fef130f0009056b09a53a90647141cb2ee08ad7033b8c0017a2d9dd580e

SHA512
4781ef3bbcb802749cb6d3a55aec98a0ba584ba185e1c3b161ef7c8747342367f8ec91c0ac7e41db9f41c73d47262aa0e10e124bfa41e9aaf286358f0c4e6e18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
600KB

MD5
7ade039a1078325b8d4f882fc7cc53e0

SHA1
b90a3da97e4fe2904df86c3e1880a991aff16b40

SHA256
52d3af62048e5e43ae3dd8059d4fd33ba89e358c5f1ace8896245c08bcf1face

SHA512
3a1cc485dbd9fdbf28533953a5516fdbca85d000ff03541fb0f0e0dd66af0f2c8393c917627f84105f7fd843f2db4f5c64e832ff69e345fb32764d4c687fc041

Download Submit