Analysis Overview
Threat Level: Likely benign
The file https://is.gd/RyL7tJ was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-31 12:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-31 12:24
Reported
2024-10-31 12:25
Platform
win10ltsc2021-20241023-en
Max time kernel
73s
Max time network
75s
Command Line
Signatures
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://is.gd/RyL7tJ"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://is.gd/RyL7tJ
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f0a04ec-cf3e-4372-a3f8-2f0653cb5a33} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2384 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d550ac6-9f84-4a40-a9e9-d4bf940458e0} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2948 -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3272 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b72aade9-7aa8-489c-a0a9-4f79a5e823bb} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3644 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bfe0a82-646f-42a6-821b-707e5dd0d2cc} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4160 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4232 -prefMapHandle 4228 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {925f256f-580a-40ce-b276-c3828f295a6d} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 3 -isForBrowser -prefsHandle 5444 -prefMapHandle 5380 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38e88396-cd39-44c8-ac0f-8abe9f2bd184} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3168 -childID 4 -isForBrowser -prefsHandle 3004 -prefMapHandle 1452 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d010eff-11fc-46d7-a9df-8b3767333236} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5804 -childID 5 -isForBrowser -prefsHandle 5760 -prefMapHandle 5756 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daafac16-8278-42e8-a8b0-25d18c35de93} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5964 -childID 6 -isForBrowser -prefsHandle 5972 -prefMapHandle 5976 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e213832-ebae-40cf-9cba-3906e50de55d} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6192 -childID 7 -isForBrowser -prefsHandle 5820 -prefMapHandle 2832 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a192df4b-5faf-4e04-ba30-6f96f48cb63b} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49790 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | is.gd | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 172.67.83.132:443 | is.gd | tcp |
| US | 172.67.83.132:443 | is.gd | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | is.gd | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | is.gd | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | sjeamcoonmumnuty.com | udp |
| US | 172.67.155.81:443 | sjeamcoonmumnuty.com | tcp |
| US | 8.8.8.8:53 | sjeamcoonmumnuty.com | udp |
| US | 8.8.8.8:53 | sjeamcoonmumnuty.com | udp |
| US | 172.67.155.81:443 | sjeamcoonmumnuty.com | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.83.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.212.160.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.155.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 155.143.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommuniqy.com | udp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.cloudflare.steamstatic.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.42.18.104.in-addr.arpa | udp |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| GB | 2.22.144.41:443 | cdn.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 41.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | clan.akamai.steamstatic.com | udp |
| GB | 184.25.193.136:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 2.22.144.14:443 | clan.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | clan.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | clan.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | 136.193.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.144.22.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:49801 | tcp | |
| US | 8.8.8.8:53 | steamcommuniqy.com | udp |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 151.101.65.229:443 | jsdelivr.map.fastly.net | tcp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 151.101.65.229:443 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | fonts.cdnfonts.com | udp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | tcp |
| US | 8.8.8.8:53 | fonts.cdnfonts.com | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fonts.cdnfonts.com | udp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | udp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | udp |
| US | 8.8.8.8:53 | community.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| GB | 2.22.144.9:443 | community.akamai.steamstatic.com | tcp |
| GB | 2.22.144.9:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | community.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 2.22.144.9:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | 124.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommuniqy.com | udp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.cloudflare.steamstatic.com | udp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | tcp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | community.cloudflare.steamstatic.com | udp |
| GB | 2.22.144.9:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 151.101.65.229:443 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| GB | 173.194.183.137:443 | r4.sn-aigl6ner.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.161.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.183.194.173.in-addr.arpa | udp |
| GB | 173.194.183.137:443 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | community.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\1bc4fcd6-0466-4edd-aa3e-29a27cb1bcae
| MD5 | 66140b5743c4e84cdba5db15679857d1 |
| SHA1 | 4f29a8ef30f50bb736492025f73930188efa2e1d |
| SHA256 | fdeee06066314fd82fea99e59a6ae66ca85cac1235c90b8ff074067239a530f8 |
| SHA512 | fbbd21113c060a05aae8b9af17f7bbb81fc76ea57ee97fa1791d021ebe5f0024df7b3da4e4869ae9b6f22fe4736d0df8befb28b5e3224cc88dd14d91c342df38 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\033b0282-aa8e-4feb-aa9c-51d9a64d74f5
| MD5 | 944324c07b7deb360419444651b10ab1 |
| SHA1 | 97b61754e63dba18e3aade5639d0f132c3cbb9dd |
| SHA256 | 3c40a0de851afd92fbcba0e465ba90eefad37f8d05d0dfa659cb5a8e04d69d5f |
| SHA512 | 29d1ccfbc5f442adb94912e765471c2d9853961ebfe416cecdc395048bed3beafea15884ed76946e16cc2384db0498db7eca7c8d3455c25fe920d907bb14ea01 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\1883a3ed-2165-4787-aa7d-ca3dfc316cf6
| MD5 | 573c520ca199f9714beaded8235244ba |
| SHA1 | 05b6fb2e8c1987d01291d166663cf7bcac1b3770 |
| SHA256 | 2ed68fdafbf1118c441180b98831bbe03aed25db967a33d77dbc5f90e8366283 |
| SHA512 | 805f4bc2936e0f10ef846b25d10f98ab1ba74de003521f9c00fb12a1e247d140036096d580937432c97f4736d94c9c788944f2733ad17e21a911aa408ea0171e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 21ee97f9b20498fd16d5df396a87f2eb |
| SHA1 | f004c33eeb9245a22ab7d785f04bd33e6d620118 |
| SHA256 | b8933e14a499ab29471094c64a3d22a1af14804c35c074f8d46e3118ac64cfb0 |
| SHA512 | e84bd8fb680e8b8c99c46cbb557a71fb203c7e56440adf6aa057b4012ea1f83598af729e04a1cc43c08d04a93911a948254ae8a7d8a357683cbd640e14b229e8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\activity-stream.discovery_stream.json
| MD5 | 27e3da4afd2556b9055d06f0c25c6216 |
| SHA1 | b8fb7d6235832261c9bc5a89b80a9c196f8574c5 |
| SHA256 | fbdd37578c26fb008c9076a71000b493db09261647fb451c84c485fccebd4ab4 |
| SHA512 | 21206d3805ed1493d298ba3d36703dd98c9985b2a48fb4596db3948e0ac8b3ef1c9b5dc20424661d66af15259a24fba08001af50b080b9cb260b0d00a91cc93d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin
| MD5 | 6559b84b11d41b6f7c2d52fa55fd45bb |
| SHA1 | 26647c83dd98385ae55c83f43ec6811ae1c8a545 |
| SHA256 | 53b16d8562a9e5abc91a1cd53f703e674ffdcab96ea6e521c43a41d376e11a39 |
| SHA512 | 0e3cea57e83df72103a2a223cf4bda556818f11ef04284d474e28e2b1670978be9f0650bfe3ef230b8986540ab0e0320d1c87044743409d9b8cf5614d982c4a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs.js
| MD5 | de74065708176709d3b1e1d34fca4d68 |
| SHA1 | 5b1b08b7e6a386c10f83678ee91d87e2ccb410ec |
| SHA256 | 77ea0cea6bd233be7568ad692b276fcd6f2e29c4da0f4a87f00a98662b9d4edf |
| SHA512 | 71900656ac9b8bf846f62dc9e34034af67805445817ea0b7887ba5529b0a3d33a2471dec80bf247a530b212c008581ebf49f8bd4914f7642e8a5f1fbbe08cb8e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\28B985A949ED3CFB546EF627A6D45AB673C9ED01
| MD5 | 5825f06d62c0ff0e191627d3d46bceab |
| SHA1 | f6f19e12c8a375d64d652c2d38a877d4ab4a8ab3 |
| SHA256 | ffe6ec3d93bdb02ad9bf4dd3fb4c1a8ebdde091dc6e0cc27f728b6d77efac648 |
| SHA512 | 41aa127a248f20dc14a48de5b8914364833beaea07316e07b4d853372fb793a7b3a03458a3f8d99f249f01d0785e74d4db75f654bfea4c023fc127ddfcb383bb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\88F10CA01EFAEE00C1F96E94B6DAF3935901F432
| MD5 | 799c3b6e5ee73201dd8c0c7a5999ac70 |
| SHA1 | f1135a3dde9491048641d45531572dfe828b4cea |
| SHA256 | 361a851568a078f8ade40838f6040ffee1d04cd3de74cb383ac3ea3df46712f6 |
| SHA512 | 9578e283df9821df0af10ee9c219b5ab32cd2395bf071124cc5ed3bde0c320ff6d664ee98563821cf27db8b2cfbb06eabb514443f1f1af49debedc8d565c4af4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 26a10f5f485790b11218d990cd21377d |
| SHA1 | 71e139a0a159669307c6bcbba13fd07edde9fe38 |
| SHA256 | 8184ff5fcaa4d740dacc3daf4c8a153e1f56578cd0253318d0f9e5a01b53abf7 |
| SHA512 | fb2b06c61be4582d1a8877ad0352b8f373b2f0f95644d0bd9e8493ac4d7f4b95929c413ee23fd3609537019a2a7c86896245f34d34837a97361e9c24c30fb2a5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs.js
| MD5 | 64046d0139a87a529c4c8d7d3cbead0f |
| SHA1 | cbb2f33f1bd851835c032d45cf6e72d64d331ef7 |
| SHA256 | 86c0dbddb3e404d50e23fb1ef56160862e0e898aed1b4877233067ddf9ab45de |
| SHA512 | ceec92221c5b7e290d0d7aefaa9d71bda0ea3c05f23856715c2ece2dad427d441ebc258aa2d0701a9765e85822a0c3ecd45773a7398f1ae56b68d11b5e0a9bfe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js
| MD5 | 495b714a4610f957cb1cd9e24bcb1b40 |
| SHA1 | c623da13e078a50bb03d56e92dd74ad8d081d06a |
| SHA256 | a09c616a515cbdb53cbceb2c005874b644ce8e02634ba2b780074cc3f7cc95a4 |
| SHA512 | a629780f7b5f5969bd3eafe28fd80b4b56f75992a55a761d0b9d0defff80370eb9f55ab5963a37ddb4afb72652c9d7d5d764bf911640671b4db808c99ca77569 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin
| MD5 | cda10890fa55125336173484510613a5 |
| SHA1 | fe506bd746853fe575e98f796868ac34b13de222 |
| SHA256 | 6e253c423748d0b7b985fd16ac2b17cc960cd2eaa6edd853bdaa16f141b2c170 |
| SHA512 | b2881e57662d7b4f5af1c8f199de7cf79f2e86040dde5cb5653bcec5535e6b7eaac26a54b362999f7e1f4a1130b1c98fee8f97f34981941c7daa8b46562d78b8 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8c9c911daff071dc055d6c804a5d4864 |
| SHA1 | ba43278ac00fabdb1ba98aa045755deba2a3ef05 |
| SHA256 | f0744f1b2e6372bca1b5735de7e9dda6f05693f377aa57687ee808ee39c35a25 |
| SHA512 | 0832e24fc45eba323fa3340c71adb94cf20ce574f23bc7612eabaf728c9f5d2e2abb09f784a3b772d6180740c55e8916774df1cd29550d74941bb9b0bec295e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | d4530205fbdd5eb3fe39a013f7865f29 |
| SHA1 | fc253f6d38ebac7288a98cdb1a93ea23cc53f4f9 |
| SHA256 | 71e3a68d783207f824aa839593229dde1312faca3ae1606112ab12ee621b9836 |
| SHA512 | 03d8dc760ceeeb509e99035f3a8c4cc7480e75778c2a8cae8a1b4863b70ccbd0c825c154d42f253e56977d727cbcd9e5795d1dc2dbe3fa8696d7a261257bf526 |