Analysis Overview
SHA256
978a8e93d8a63bbdfdb6ccf6fa83933a7b741632d83763fb37014eb2be51b4b9
Threat Level: Likely benign
The file about was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand STEAM.
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-01 20:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-01 20:16
Reported
2024-11-02 05:22
Platform
win7-20240903-en
Max time kernel
1562s
Max time network
1563s
Command Line
Signatures
Detected potential entity reuse from brand STEAM.
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\about.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\about.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1992.0.851016258\79590999" -parentBuildID 20221007134813 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63b64281-a642-414d-9169-815609ebfa17} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" 1280 120d6b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1992.1.252145685\654997217" -parentBuildID 20221007134813 -prefsHandle 1468 -prefMapHandle 1464 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcea0c53-edb9-4e24-baf0-318448d36c50} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" 1480 45f9258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1992.2.218804844\529382821" -childID 1 -isForBrowser -prefsHandle 2088 -prefMapHandle 2084 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a873d9ad-32ad-4b3f-a942-4a8395561ec9} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" 2100 199fd358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1992.3.2142181542\916898068" -childID 2 -isForBrowser -prefsHandle 2572 -prefMapHandle 2568 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45efcbc1-0154-4b7c-bce7-b09231f46785} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" 2584 1ba05b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1992.4.719718388\1928666904" -childID 3 -isForBrowser -prefsHandle 3784 -prefMapHandle 3772 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41da35c1-b182-4d27-8e06-20a48bb449f1} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" 3764 1f130e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1992.5.1636750804\313488688" -childID 4 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a853d33f-9016-4905-9151-61bd71eea1d0} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" 4000 1f133b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1992.6.700945974\1780000003" -childID 5 -isForBrowser -prefsHandle 4016 -prefMapHandle 3760 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ce157ec-76b6-4de4-9a2e-0cf151622a79} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" 3896 1f133558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1992.7.912482203\90643878" -parentBuildID 20221007134813 -prefsHandle 4404 -prefMapHandle 4048 -prefsLen 26356 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {915d24d6-c1df-4633-aaed-e299646f50de} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" 4056 1f77d558 rdd
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | store.fastly.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.fastly.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.fastly.steamstatic.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | t.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | t.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 151.101.195.52:443 | t.sni.global.fastly.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49187 | tcp | |
| N/A | 127.0.0.1:49193 | tcp | |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | www.valvesoftware.com | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | partner.steamgames.com | udp |
| US | 8.8.8.8:53 | www.valvesoftware.com | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | www.valvesoftware.com | udp |
| US | 8.8.8.8:53 | partner.steamgames.com | udp |
| US | 8.8.8.8:53 | www.steampowered.com | udp |
| US | 8.8.8.8:53 | partner.steamgames.com | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | www.steampowered.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.steampowered.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| DE | 23.55.161.211:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsl.gvt1.com | udp |
| GB | 74.125.168.233:443 | r4---sn-aigzrnsl.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsl.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsl.gvt1.com | udp |
| GB | 74.125.168.233:443 | r4.sn-aigzrnsl.gvt1.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\pending_pings\6f5a2ed7-55c3-4faf-9023-92b76230b681
| MD5 | 86b766ac8321442307ff52013e3b7fdb |
| SHA1 | 5ac833d4c897e8f365c096614a477a99e6f52e1b |
| SHA256 | 4affba8e7570380aad0b50a439749ae253fbcf61ff0b6757a96c46c86de3991b |
| SHA512 | 34c25ac1db461736e23fc33b13615396b55c7bf1d9fd7dd942d2fda36aa07d0b754e2ad83385177a3010d8c8b6b2c65ec456da05b87049e6668a0cd0728e803c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\pending_pings\982c6116-64ee-4b7e-a427-8de3d644def9
| MD5 | d73820039c2987746a2db2e5a4e78f89 |
| SHA1 | d4d753b872afc0746d588ceae40b59d2e64b464d |
| SHA256 | 117dd95715aba381ad4c054a92988f6b94582b0acdd07622188131222647680b |
| SHA512 | 3f816e9682fd2db98d80fd2dd21e010fa591991911d737cc1a27a9fcea01c7d3f6de405c71cd636b940599b749b518c7282c50cd3bbb7480d13053e5b5492774 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\db\data.safe.bin
| MD5 | ec9c51a6aedff36e1fa5de71f8cc9fbe |
| SHA1 | da0259052899001b01fc8a6f0d61a920db86e587 |
| SHA256 | a7f79ae06ae394aac4fa74d5413f583db36cf6bf102f20447b4cbbb09063d37e |
| SHA512 | c9cd03956ed6cde70ac3a615e7c1d2074d6d870bf7b375135d8ddf64e8e795adfc400b8bbc30d9c2470e4c4704ee156cad00e7dc0a415c1d7e9e9f385dc4e610 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 8e2bbc69a2e845d12ac7dd87e0368ae7 |
| SHA1 | d8b359c7f53a6d149227887b7e7072a24c626aca |
| SHA256 | 15959a1b161d3bcb66093b81e9d08fe324518b1b372184b9bc46a4fa45a693f0 |
| SHA512 | fc999156e70047b0030a707e4298015e41956677555c910a82dbe5cfade21c49be018ab335093c0b15e3493be72c0adbb250532b643893072e7629e8b7239202 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js
| MD5 | 9789d8e5e121183686a44508308d37f7 |
| SHA1 | 53861f45df39f033117a65b4d51bc5f160b2b455 |
| SHA256 | 58ea812e64940f219e9c384ad837e5d54a70eced50645b45c6b68fc2e6f5f8dc |
| SHA512 | 796f61ec39f970c8a8fdfccf71dfa419f0181b69ce9d38b96fe7a150211ccce656628ef6b34578394a3f178ccbd97dd6fb36a54fe509a24316cff4ce34d866dd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | f99b4984bd93547ff4ab09d35b9ed6d5 |
| SHA1 | 73bf4d313cb094bb6ead04460da9547106794007 |
| SHA256 | 402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069 |
| SHA512 | cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs.js
| MD5 | b80d8e44f809d5c7c4b65db6384c077d |
| SHA1 | ef56f9c8c03c93245c3f3f4f52d5aae29ac41146 |
| SHA256 | 79535af2f78df65c0026a2bec6a8e969ba18bc2f4901c1d327154e63abed13ad |
| SHA512 | 85d7b877d70b5b9940084a660b940ad38317c7b29b5f0aa44bab00c4165c49753ec2562d328f590dcb7bff5c44bafe0d16dc2e4219f4037a40a133e593067c68 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e38f5bc9585f0cba827127b45b6b28c4 |
| SHA1 | 144344be599a0cdcfce1771c02cd0bdb9681f6f3 |
| SHA256 | 17150c5e760ef71b86e8cacd08389b0b1eeaccfa001552664320c8f909e1cdc2 |
| SHA512 | 4d15682a8d17863e938c03250a59ab0f63e4b136e9b5e141a33d8360a8fb629d0d71c46e59fa0653824bcfb0d86f6219312a62bdb5e2207ed7add63f599b6234 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js
| MD5 | e3e8f71969caabb870ac2d7c3697d828 |
| SHA1 | 075ade2cc2ba889b82c13ab5d12e6c0250535f85 |
| SHA256 | 7575ee29390dec66cf2cd5039db449ff30302fdd634bb9e2687ccabc183de884 |
| SHA512 | 8b26d877929f74aec5c1685754ecf7b82365789fef6b7d955d37772209e1ff9f7074c513d8fa2fb6f07b596e222430e24c439112a250207df5e84f2bfc0e7f4b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ce5d1ba271e068e1f3604f3c95eebd3c |
| SHA1 | c9c5dfb93f0b4e8d9d2207a6f0314fc65e046592 |
| SHA256 | 4c838e0b1bce5349affb64f68b478a8d7c035551293866fa7a2d6c4fccf36a9e |
| SHA512 | 5b17ec6e70791ccbc70cc80ea4e073cf05e659ff3cd3d387b3c232c433bf360ffa4a9f70e6087580284c5859159c56504c846a8b4445b3c5411a0e2879324235 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js
| MD5 | 95ac7426c422c023e313700673e0cf56 |
| SHA1 | 2564f094b2d29b78535bfeaac67ec940102306fe |
| SHA256 | 8b12eb74dea2fc98dc4ba3ed38b15916c8ba6f44f257885be8cc012aba4d6fdf |
| SHA512 | d4ae026544cc9d896b9e38d380311d96704f9afe7398a7bff5b54c526335acd8bddf3e08f7e39cb190b816d94d692540cf3a3b6bc279fb16068d35c8f3eb2440 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs.js
| MD5 | 2826e358d0c1f34ab6bafbdf334d8d11 |
| SHA1 | 65001eaa9588aa8e1367b40dd6f3640b1c15ef56 |
| SHA256 | 565eb1947acf9f57fd912b38098f64590ad3de1a4e6ff75aeefcfc1a30501b40 |
| SHA512 | abddd3b43eab57bb31985ff65f1a8bc52e2febf27649ead45620d9709367f21bf703cb44cb288e864635a5663aed8f2f43d025d489af7e9ed25797c780ddf2ce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\targeting.snapshot.json
| MD5 | 77b9a40bb9c70b6a4b7227f3905d80a7 |
| SHA1 | 081ce727dc9de7adeb354a89e7c8d9d355f8f0bb |
| SHA256 | db34e1cd3e81cbb900e7b370c1f852ddb1f01ce2fc388d63c2ec41bb231dfe68 |
| SHA512 | ba77b7d38156dd6ad4d6a25facf7622504a43be0ba77676c998baf68d3b99d01b04cd129b04079472195310d54bddabd4a6d1227cae782752003e4d4356b433f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\bookmarkbackups\bookmarks-2024-11-02_11_sjKG2+0ga0VahM0kqZ2rjA==.jsonlz4
| MD5 | 679a38505331a1570920a19ac46770e1 |
| SHA1 | c079ab13d6065d5de32905f323fc4af0808a5d11 |
| SHA256 | bb47a81e67de8b705fd3ba612c63ec9afabacbcc53a98d9b6b62b08b2753e491 |
| SHA512 | e70577747614f8d118c9ba61319e392d7ba0863dc2c919b63b9b76ecbd63ae15ebd83a63d891e2be94f8d2dc3639d1279e8e18b1fb1bc5558be8d800b6a76256 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 32ccb619234327ff13fe863b2291a518 |
| SHA1 | 47afc8544b2d7e8fabef2ebbca5068f89edd5cd3 |
| SHA256 | a41cd3281101d809cf614d6553d13d844888f77cc7809e23c5aaec65d531e032 |
| SHA512 | 343ae8a8005d90b0cbcf80c921e9454fc60520e02624eec52d7a036550d46be8997285e1304aa369f92e4682b088d4df3505b0d65257c63e210bf24ec7a72f8b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\cache2\doomed\12111
| MD5 | 38f877f6d2095936685f07c89318eed6 |
| SHA1 | 24d7f3968a89abb034d09bf7cbbb8620b0a8c08e |
| SHA256 | 003abe9d8c46714054d9887686433dc52ba078fcf31f1be440c22ea2f1023cc6 |
| SHA512 | 9a4ef6455a4fa5dae84c48d63fad5ccb509566ee2a88af5fb4a327155a0cfc6582922bb7c9770c8dae03a13142ae1c57361b2764fda6a28134d6128e1d98c80b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\SiteSecurityServiceState.txt
| MD5 | ae5c6151761825d7c480bbebca5676c1 |
| SHA1 | efa439757c8282a92b587335aa6c063c9f139776 |
| SHA256 | d04b8dd215f060e178814ad4011795d6b59f94b7759ef5912af71162ec07ec70 |
| SHA512 | d6f2ceaa5f7c29daf39e7abdfc9edee9e04aae2d5702138345a287940c9500cfcf78bd879b20a3b330f6e625dae3889ea1b6ced882a6ebfde6a18ec4a77cebfe |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-01 20:16
Reported
2024-11-02 05:22
Platform
win10v2004-20241007-en
Max time kernel
1765s
Max time network
1504s
Command Line
Signatures
Detected potential entity reuse from brand STEAM.
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\about.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\about.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1912 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e2ec54a-f5d1-42aa-ac22-ded3f92a4615} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bdfbb3a-4490-4a3a-8456-950dfd2ab16d} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2884 -childID 1 -isForBrowser -prefsHandle 3172 -prefMapHandle 3188 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f41d678-d77c-4548-9c52-3dbdb90154ec} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1412 -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3592 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {950a4d79-ee53-4cea-b12f-c9af0d6225ea} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4904 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4924 -prefMapHandle 4920 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {327f4e98-fd56-4b33-8de1-69aed641bbd2} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 3 -isForBrowser -prefsHandle 5236 -prefMapHandle 5432 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f593671-19f5-43fd-b209-8e3794cf14b8} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5140 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {331e7d6f-176d-4de7-a262-23a2131f79c3} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4732 -childID 5 -isForBrowser -prefsHandle 5564 -prefMapHandle 5568 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a2b8f73-5c80-464e-8138-f77ed6356517} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -parentBuildID 20240401114208 -prefsHandle 5968 -prefMapHandle 5984 -prefsLen 29278 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa62799b-fd0b-44f5-a294-8c9d0f9a73e3} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" rdd
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:53791 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | store.fastly.steamstatic.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | t.sni.global.fastly.net | udp |
| US | 151.101.3.52:443 | t.sni.global.fastly.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | t.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | cdn.fastly.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.fastly.steamstatic.com | udp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 52.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.212.160.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.195.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | www.valvesoftware.com | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | partner.steamgames.com | udp |
| US | 8.8.8.8:53 | www.steampowered.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | www.valvesoftware.com | udp |
| US | 8.8.8.8:53 | www.valvesoftware.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | partner.steamgames.com | udp |
| US | 8.8.8.8:53 | www.steampowered.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | partner.steamgames.com | udp |
| US | 8.8.8.8:53 | www.steampowered.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| N/A | 127.0.0.1:53800 | tcp | |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| DE | 23.55.161.211:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigl6ner.gvt1.com | udp |
| GB | 173.194.183.137:443 | r4---sn-aigl6ner.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| GB | 173.194.183.137:443 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.161.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.183.194.173.in-addr.arpa | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\c0289d33-8316-4ecd-bec5-c4d8e8d15459
| MD5 | b9353e327280aa8e28b15907bb5aa43e |
| SHA1 | fb41b1a0e9dcb1cb83eb8163461f61e343ad88b5 |
| SHA256 | 38055e888a93efdc4d2df2d5302f838fb815152e3599e90dcd519ffdcad52dd9 |
| SHA512 | d5c8fca05934975094e7f09c5fff595fbdde5e70f09f4e167da3860fc8c0dc13b67e3ecce867309f9a3290d47bd6ccf6517777658e53bbe88fdf78b7c12ee3ec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\0cc8ca5d-47e9-4944-ae23-0180d8528125
| MD5 | 1b3db799e42e78e4d16d074aa839479a |
| SHA1 | e60021f40b1777f28a326d7102e566a72796cc15 |
| SHA256 | c093d255769a97dff4b74fd6ca0a84ac4626e62beef8b0125750c6dc1aa52b1b |
| SHA512 | a8d894d1910e7795b48d14e35e59a4ac7f30b4f6d77aceb47344c07ab0cc6afd281f6c2403116f0109a698ab3e8a722bd1f09469b4c55193b3c1ca3b6b20e79f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\76133dc8-1687-4010-9b2c-60377b69f5f2
| MD5 | 9ef6021771da34e39c2eb617e4ec39cd |
| SHA1 | 5d23a62743d6581cdd83f05918c165346ce4fbbb |
| SHA256 | e8a2d02fa9710e2d2e640bc2ab597c7e0bb2481fccca42e476a8acfb4081ce42 |
| SHA512 | c11b28c7a19b7e70f7683793ec1b4c57911a5967b260f4aa3f259aba73db8bb4e4b6a4ecdba59ecdce85bd0737bc5add6e6a001c65751fa106363ca5db6f6b8a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ed182a87c08f21bc85c5f267604bce1f |
| SHA1 | 896a805392a22813c8c5e75f4d0478e147e908a9 |
| SHA256 | 1e5e3cdd68fcfe606a9a0fef8e1c0e0996a4c5f3d4ead34c70d2b355c8fcb9df |
| SHA512 | 12c3d7e410cb536bff94cf6f4373ba63052ba9cd8347e859e06cefb3a6743d5ae62dc0b2233776078907c320420fca928ee0ebb5d05c60315e66f4464e8e1baa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json
| MD5 | 69f06366bb60eaafe829b93a382f54a7 |
| SHA1 | dfe3b6eda849e59f7576ec890235571ecb1b1aba |
| SHA256 | e3a23ae9c87cfa4ff1858b77ee2da93082d45ae9676d8d1140a47d1eb3fad6a9 |
| SHA512 | 23d9bf541a1226e1743cf973825c7f7dcc9a1b830bd5a7e290ccdc827cd1606bdf2bf7690dfeff9b8fef0f5490c1219f4554e41a53eb7bbce584b20a29040c42 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js
| MD5 | 17ed2dc737b6ae772954fde11d30eead |
| SHA1 | 386cfffe397e5511181fc52bc40cbca2feb94984 |
| SHA256 | 36b8a0f6d494280fcdbdab8203a17ef2a7ccf8c4f4adb725e3326149e75ec06a |
| SHA512 | a02ce07d63a79066385ec9c3bec2e362307e1dd9d5eb41ae77d3a49a7266a97be3ab4bb10c18f8ea1db92b5174e4e131472b9ce9a5fa9a0cae6a92e72966adc9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js
| MD5 | 266eb919bd256ba5f6ee349e4b463dbc |
| SHA1 | 8189ea2d8efd3c3784dfa3b8993e43d13ef8a211 |
| SHA256 | ce6b3da0de5f22ded176506fa2283e5a53e57247de2f75b51bf7e9e1e3d48295 |
| SHA512 | 94c76d969db796d8b538cedfd8ec4a7c11b7d2c7855cd4c78c7a3781b1cd1a8aa7e0000fc5f6e2e5fc38faa7a8cd58d6a3b536ed53eca52adc9a4e568387a5ba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 16766942932b82acd92b922b72756ef6 |
| SHA1 | 5b5365e3f73d1b71046fccae3540fd137b2a39f9 |
| SHA256 | 91ff07bf748fb68ecfe779ee061ea188067762fc5f2d097f2f93b94d66073042 |
| SHA512 | 46cdc8e41de7ce853693c250f74438661b420ade865acece86f46fbd0ea6388288e016ee7c978d2921384b29352d836cedfab5bc4cf616fa4bf2473427f0e09e |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\D500AD994A7515157BB2A6ADD5B18B754E4D2F99
| MD5 | c7cd27d0f757ff97d8c4e8d6c9355b5b |
| SHA1 | 0792c31b4ee149e4d59f0d76add874da950e45ae |
| SHA256 | 8e4bdc34a7377b30814b18c5b73cc25ee1a18debd67d21429b3036e76584aa2e |
| SHA512 | c680a85af9ae67953d7025a0bf00ae8a17f2f7be3b6acfe1f18cfe3ec65d36239909f40501f4288e754c9cd67a03a7d19f505704ab46f2e3f425686cca60953f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin
| MD5 | 76c469986007799efb4fd43e56e5ed6d |
| SHA1 | 748f247ed629934bbe8844ff0fea5b3596216b0c |
| SHA256 | fe37d120de81ab8bfda5b0a7c5d8ea7ad3ac6b239c91f6bb2b53647bb8b73d68 |
| SHA512 | 5974798f3a5b3e4003680d096d18b22d206d52831c101362356f406b8f04fdd13a1eb7c96e8caa3c010c0d426868f83e5631196416d4ec275eb14028c073f860 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js
| MD5 | 4e850bf4aecaa3b3cafc8b75896d1167 |
| SHA1 | 277adc29ba8af6a6814c591e39f53aa80190bf83 |
| SHA256 | ae6ed9316fe26fe4c7992d3122893fba82fb67d446425f27b1d5bda403358d61 |
| SHA512 | e5dd3dbbe5769f3e3b2ef64aef474d4999e7c8835abc9b04fa427c744314151d99cfdc09b73f375b7b9edb25f7d68f06a3726c59a28d1c42cd54d3ecdc77b48f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 58ecd30f4ee3907eb7b555ba10866e9b |
| SHA1 | e04cf695e649173ff581000674434af2fd5f63e6 |
| SHA256 | 48b3524bc9e12db60fbeb0c47ea513f5a4f1c7b242c851df0ec6d0007d881afa |
| SHA512 | b58bff237b87fce5f89306a8f7bd57c1d579bac2c24bcdbe57ed3a5dc0e16320c9241f361d132d837b27dbe24fdfbeec980b97aef29db2c7b27efe0aa15139f0 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js
| MD5 | 3a0c4021a83f907d5df1bc2d4779bff3 |
| SHA1 | 6cfcb9c9b64c2eaa213f5bde668e8976de243284 |
| SHA256 | 4c068d989d4ffb30ab0c92aa443b13cb41ea2b6a27b9af8bb07f6f579650018f |
| SHA512 | 1bc68a8fd717f2fa15197c8e5c00d341c43795bd24c9847c4be6087aafb7ca7a62dc525e0059579b37cf92759104cf3b40d1731f3f09f1c511dd1d75fbcf64bc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\recipe_attachment.json
| MD5 | be3d0f91b7957bbbf8a20859fd32d417 |
| SHA1 | fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10 |
| SHA256 | fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7 |
| SHA512 | 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_sports.json
| MD5 | ce4e75385300f9c03fdd52420e0f822f |
| SHA1 | 85c34648c253e4c88161d09dd1e25439b763628c |
| SHA256 | 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14 |
| SHA512 | d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json
| MD5 | 6ccd943214682ac8c4ec08b7ec6dbcbd |
| SHA1 | 18417647f7c76581d79b537a70bf64f614f60fa2 |
| SHA256 | ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b |
| SHA512 | e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 40d61d9448d1af4962da5f055ea638d9 |
| SHA1 | 7d92ac937784a0a64944a148a4d59e8949bc1279 |
| SHA256 | 8263f0786fa0c2e7e62700bad1f61dff31591292d3f039cce937398f5c34737d |
| SHA512 | 3ee85504b8a1f70a93a3f2e729aa47adf14258e0acd524e08d07805ebd9281ec12223495b587bada74b4eea3881dc7d719ef62f18b040c2123e7ba7752299863 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 902e377dd0dcc5b53411843eab9b427c |
| SHA1 | 7bf84e55a4989a31a878386e62efb28bf97e6e7d |
| SHA256 | 40669d7a8e6dd17a7616fe5d7a05b9f6f87965784f98614631d7bbca84cdb6f8 |
| SHA512 | 59141dc283f78f2f2daf8064d11e24f0dd38dab5da03f5c01a6136eecd96493ecd76f8f6f33742ad6e1679eea540f951ba8b13f4300fc54f858f0ca32df62e92 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_science.json
| MD5 | 7a8fd079bb1aeb4710a285ec909c62b9 |
| SHA1 | 8429335e5866c7c21d752a11f57f76399e5634b6 |
| SHA256 | 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32 |
| SHA512 | 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json
| MD5 | 2d69892acde24ad6383082243efa3d37 |
| SHA1 | d8edc1c15739e34232012bb255872991edb72bc7 |
| SHA256 | 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a |
| SHA512 | da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_real_estate.json
| MD5 | 9899942e9cd28bcb9bf5074800eae2d0 |
| SHA1 | 15e5071e5ed58001011652befc224aed06ee068f |
| SHA256 | efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a |
| SHA512 | 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_shopping.json
| MD5 | 97d4a0fd003e123df601b5fd205e97f8 |
| SHA1 | a802a515d04442b6bde60614e3d515d2983d4c00 |
| SHA256 | bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6 |
| SHA512 | 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_people_and_society.json
| MD5 | b1bd26cf5575ebb7ca511a05ea13fbd2 |
| SHA1 | e83d7f64b2884ea73357b4a15d25902517e51da8 |
| SHA256 | 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0 |
| SHA512 | edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json
| MD5 | 39b73a66581c5a481a64f4dedf5b4f5c |
| SHA1 | 90e4a0883bb3f050dba2fee218450390d46f35e2 |
| SHA256 | 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17 |
| SHA512 | cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json
| MD5 | 36689de6804ca5af92224681ee9ea137 |
| SHA1 | 729d590068e9c891939fc17921930630cd4938dd |
| SHA256 | e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52 |
| SHA512 | 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json
| MD5 | 5b26aca80818dd92509f6a9013c4c662 |
| SHA1 | 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f |
| SHA256 | dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671 |
| SHA512 | 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_online_communities.json
| MD5 | 37a74ab20e8447abd6ca918b6b39bb04 |
| SHA1 | b50986e6bb542f5eca8b805328be51eaa77e6c39 |
| SHA256 | 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f |
| SHA512 | 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json
| MD5 | df96946198f092c029fd6880e5e6c6ec |
| SHA1 | 9aee90b66b8f9656063f9476ff7b87d2d267dcda |
| SHA256 | df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996 |
| SHA512 | 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_games.json
| MD5 | 4182a69a05463f9c388527a7db4201de |
| SHA1 | 5a0044aed787086c0b79ff0f51368d78c36f76bc |
| SHA256 | 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85 |
| SHA512 | 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json
| MD5 | 0ed0473b23b5a9e7d1116e8d4d5ca567 |
| SHA1 | 4eb5e948ac28453c4b90607e223f9e7d901301c4 |
| SHA256 | eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b |
| SHA512 | 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_finance.json
| MD5 | e95c2d2fc654b87e77b0a8a37aaa7fcf |
| SHA1 | b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc |
| SHA256 | 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e |
| SHA512 | 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json
| MD5 | 6c651609d367b10d1b25ef4c5f2b3318 |
| SHA1 | 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4 |
| SHA256 | 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9 |
| SHA512 | 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_law_and_government.json
| MD5 | 80c49b0f2d195f702e5707ba632ae188 |
| SHA1 | e65161da245318d1f6fdc001e8b97b4fd0bc50e7 |
| SHA256 | 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63 |
| SHA512 | 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_health.json
| MD5 | 11711337d2acc6c6a10e2fb79ac90187 |
| SHA1 | 5583047c473c8045324519a4a432d06643de055d |
| SHA256 | 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565 |
| SHA512 | c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json
| MD5 | a92a0fffc831e6c20431b070a7d16d5a |
| SHA1 | da5bbe65f10e5385cbe09db3630ae636413b4e39 |
| SHA256 | 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c |
| SHA512 | 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json
| MD5 | 70ba02dedd216430894d29940fc627c2 |
| SHA1 | f0c9aa816c6b0e171525a984fd844d3a8cabd505 |
| SHA256 | 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34 |
| SHA512 | 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_reference.json
| MD5 | 567eaa19be0963b28b000826e8dd6c77 |
| SHA1 | 7e4524c36113bbbafee34e38367b919964649583 |
| SHA256 | 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49 |
| SHA512 | 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json
| MD5 | 250acc54f92176775d6bdd8412432d9f |
| SHA1 | a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65 |
| SHA256 | 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54 |
| SHA512 | a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json
| MD5 | c82700fcfcd9b5117176362d25f3e6f6 |
| SHA1 | a7ad40b40c7e8e5e11878f4702952a4014c5d22a |
| SHA256 | c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780 |
| SHA512 | d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json
| MD5 | bb45971231bd3501aba1cd07715e4c95 |
| SHA1 | ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a |
| SHA256 | 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d |
| SHA512 | 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\personality-provider\nb_model_build_attachment_travel.json
| MD5 | 48139e5ba1c595568f59fe880d6e4e83 |
| SHA1 | 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78 |
| SHA256 | 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa |
| SHA512 | 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\bookmarkbackups\bookmarks-2024-11-02_11_at9c8Qmh-ynm3VahB8A2dQ==.jsonlz4
| MD5 | 15271c9e9c2c8e60d35578eb6977d772 |
| SHA1 | 345d74c98febb2350ceda5ce64aa14a1184adfa8 |
| SHA256 | a0169f40953ee7d7a033040ec27def10df161871627a54522f94a1acd778b1ce |
| SHA512 | d16b98728d5689f3fb26754113e6b6ead58fc1d3f56a19ff57f7c5d5b37ff57c015bede48e248576034642c67d01c32b44aa76945c7b5cda19958cf8ef424641 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9YQU8AJG4E9J45YB488L.temp
| MD5 | 74e8c5d422283af8e33622ea8d3a9d33 |
| SHA1 | 062f1b70119afb44fc8a03882a69bacd1eeb8e56 |
| SHA256 | cdbceb1d5cdbd941179d4b2e7cf15a2e023984332f81c3cccc93d42b8b829d8e |
| SHA512 | a3e464bf7ba9154e4a57a773b80f2afbcd581762db7d7948d5cd50f2dc6565f9dc405bb66a8c411088bf6849c4a92afc0809d93ae6a453517b75914ad6cbc9b2 |