26dd728d2c9aa19d803e43f16ca4d1492bad4dd5b1afa304dc81af6bfef78a6a

Analysis

max time kernel
1552s
max time network
1505s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19-11-2024 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

514KB
MD5

1c7c3be7bc041d78fd211ba3b8f93a2a
SHA1

cadbcbddfaa13f47b0a9f6c1fc0074d32aba600c
SHA256

26dd728d2c9aa19d803e43f16ca4d1492bad4dd5b1afa304dc81af6bfef78a6a
SHA512

fa62a636443af7b92378f690abb7b371175e88c72f6610341885f01fec0bd82ead09719557bd877752f063bc568c6c071ae524d4211c508e20f17f62753f36c4
SSDEEP

6144:5U6pGOpGepG7pGCpG7pG/pGfpGupG8pGvwh1:5ppZpTpWpZpGpGpwphp9pSwh1

Score

8^/10

steam defense_evasion phishing

Malware Config

Signatures

Downloads MZ/PE file
Detected potential entity reuse from brand STEAM.
phishing steam

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	firefox.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4536	firefox.exe
Token: SeDebugPrivilege	4536	firefox.exe
Token: SeDebugPrivilege	4536	firefox.exe
Token: SeDebugPrivilege	4536	firefox.exe
Token: SeDebugPrivilege	4536	firefox.exe
Token: SeDebugPrivilege	4536	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 4536	1028	firefox.exe	83
PID 1028 wrote to memory of 4536	1028	firefox.exe	83
PID 1028 wrote to memory of 4536	1028	firefox.exe	83
PID 1028 wrote to memory of 4536	1028	firefox.exe	83
PID 1028 wrote to memory of 4536	1028	firefox.exe	83
PID 1028 wrote to memory of 4536	1028	firefox.exe	83
PID 1028 wrote to memory of 4536	1028	firefox.exe	83
PID 1028 wrote to memory of 4536	1028	firefox.exe	83
PID 1028 wrote to memory of 4536	1028	firefox.exe	83
PID 1028 wrote to memory of 4536	1028	firefox.exe	83
PID 1028 wrote to memory of 4536	1028	firefox.exe	83
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 4280	4536	firefox.exe	84
PID 4536 wrote to memory of 3448	4536	firefox.exe	85
PID 4536 wrote to memory of 3448	4536	firefox.exe	85
PID 4536 wrote to memory of 3448	4536	firefox.exe	85
PID 4536 wrote to memory of 3448	4536	firefox.exe	85
PID 4536 wrote to memory of 3448	4536	firefox.exe	85
PID 4536 wrote to memory of 3448	4536	firefox.exe	85
PID 4536 wrote to memory of 3448	4536	firefox.exe	85
PID 4536 wrote to memory of 3448	4536	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\.html
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23603 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b5aba67-46ed-4528-b3de-f05f484310fa} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" gpu
    3⤵
    PID:4280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2496 -parentBuildID 20240401114208 -prefsHandle 2472 -prefMapHandle 2468 -prefsLen 24523 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be361c4c-b0c7-481e-bbf9-651052e76d4e} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" socket
    3⤵
    PID:3448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3180 -childID 1 -isForBrowser -prefsHandle 2636 -prefMapHandle 3116 -prefsLen 24664 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {410850dc-a260-4946-9e61-d379ddebd1c7} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" tab
    3⤵
    PID:3904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3588 -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 29013 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26275b20-ba15-447b-bc20-26522816b5aa} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" tab
    3⤵
    PID:4828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4888 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4880 -prefMapHandle 4876 -prefsLen 29013 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0433500b-22dd-490f-88ca-4fe8e1333e3d} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" utility
    3⤵
    - Checks processor information in registry
    PID:1192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 3 -isForBrowser -prefsHandle 5316 -prefMapHandle 5312 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a31c7a39-ca29-4c7a-9ca6-2bdab1c5e626} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" tab
    3⤵
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5480 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dd6c6e4-db69-419a-a9af-2a363588c8eb} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" tab
    3⤵
    PID:4488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 5 -isForBrowser -prefsHandle 5656 -prefMapHandle 5660 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c2bda4a-9a8a-45e7-b705-0a67160461aa} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" tab
    3⤵
    PID:2688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5216 -childID 6 -isForBrowser -prefsHandle 5212 -prefMapHandle 5208 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5772f85f-40de-47d3-9a99-2f2543303827} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" tab
    3⤵
    PID:4324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6452 -childID 7 -isForBrowser -prefsHandle 6216 -prefMapHandle 6268 -prefsLen 29162 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b14c8c7b-6d7b-4609-b8ee-702fa5b87438} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" tab
    3⤵
    PID:1868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6216 -childID 8 -isForBrowser -prefsHandle 6760 -prefMapHandle 6200 -prefsLen 27110 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e7593ca-60eb-49df-9313-d80e83d2b4c4} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" tab
    3⤵
    PID:1872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7252 -childID 9 -isForBrowser -prefsHandle 7212 -prefMapHandle 4728 -prefsLen 28040 -prefMapSize 244628 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aaee40f-7778-4894-b5be-73bcfa4594ab} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" tab
    3⤵
    PID:5896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6368 -parentBuildID 20240401114208 -prefsHandle 6768 -prefMapHandle 6376 -prefsLen 30575 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac744598-6c9d-4e0a-9142-37110a3f1ee2} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" rdd
    3⤵
    PID:5904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
296c0afc1f706cccb04bd8068c4d2f18

SHA1
3fb090185ff7fb5779bccdcd3e51359396edb10f

SHA256
288d1061a7103447b781096b5c68e468efcbb6b3607edc7c0978734c1b7e30c2

SHA512
ca1f6b3ad00772bbb4c4b4d287d7abcdb75c18eaa82e16b9178ea1586261df376aed72bd57c6eda7d8f7e132cc913389334869f904960212188c8d50336fb267

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\40402525EA9983CE956CDB0692E01E2A7E829259

Filesize
12KB

MD5
5acb45bf6f3a05446391e2281fe8fe69

SHA1
7041bea24ad9a121572e26347f2e68c847279c14

SHA256
ba100b9b7c8abba0f1453600bb47ca6a31d7300d6cd964580afe44af32f97541

SHA512
0fb7777d948b5af2f84aa950f4ff5c4235a5a3c9b7ee120edac9815c08585a3ceb6941099e7fa636ec57c305aa4891e526630a0395862040f64642120030bda7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\AMUUEK1W2ZL451IDSJMJ.temp

Filesize
15KB

MD5
6fcd510cd432bea189c7baceb0541441

SHA1
b66c4d97271f065a5e90798ab47b4b44f1d2973e

SHA256
2b4f7f6bf1238fbbddb58c71e1794ea1ad1416a3218fec43d3c453c02a35282b

SHA512
bef98780f6d0c5cbdf8f1338e89227e7f362d1ba175aca1e9c5df8773b66baff3ce7425ceb833f61ad9008a09f755a0fb9b4e444974e15a9a80e734e1cdd6131

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin

Filesize
7KB

MD5
44c1894a1f5e0cd1eb1b44a901b8fd1a

SHA1
e73e66ea99bbd83adb631dcbb3b2dec14720aea1

SHA256
a69ddbd30bf7910023e32791e8f1c261c53982e4f229db8fcab118b7044acedc

SHA512
e335373c98bbd9d46d608b2ddc54348efe276220cf9c6bdfcc12adb0fe7436847715188cab9949b37bc8d715e711730c4fc3f6c028babe15d83bd87185a33821

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin

Filesize
10KB

MD5
6c0e8d53abb21e8a86057973dd5aed89

SHA1
b60c25ed4d8cb149f2764313a53c590b397d0563

SHA256
b07f210ba3cd5179f20c6df5faae4ddab26b8ae601370a62031faa29d0b34ca0

SHA512
55ba043356e52587180a8b3df6915d71112f068d3d578d3e13da92d1187e8c3e4c8c8497098d266c80777f209e26f30e1abe567414d68d6e1bc34d2ed97ed89c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin

Filesize
18KB

MD5
bf429525792e2dc6f79f38ba72561598

SHA1
dce61d1c313c1ead7e0a3c388f1d9a506183f00b

SHA256
ce2ecc3abc8a2c4f01817828916176993084caf27c2ae373c1594fed2076a6c5

SHA512
2826feab1480219288b5bec7d11cb82279f309d14d07126ac6368da78cd5e25658c5a9692f3050fba9a742e7e248b7daff023e202d00aa41a0911055fe039374

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\bookmarkbackups\bookmarks-2024-11-19_11_9Wjjk6dVHEXmN2e0y9xqkQ==.jsonlz4

Filesize
1018B

MD5
427573570ae858b5260bbf40ea56c79e

SHA1
509bff11959acc4e04993903dd4f3e3f40aaaa85

SHA256
f9757b8a1b6afe2b69ee71722b2346f0303453b5f98e92f2b71c2947f2478f14

SHA512
d0fe0974532613da358fe221b7ee372088ca5d3fc2fea68c9754f9cb174fc7a439b26c28e2b0a28331db2ea0bb31399d9fe12c43cbc0bce1b6e94f4dba557616

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
796c1ec229d90527ca429d577029aa07

SHA1
8f91d6e4576bde4f56d5f3fdf5be631aec08fe6c

SHA256
6b466c658d317357847f39e7b9b122844f95f7922005b1a24962a2abbb4102db

SHA512
5f2b8898c281b0880092fb57b2b4a391f1ff5ace3b4442d6952db1b7560f642e1fbe0a55db26902b770f12b2b14ebd6ac1b769cbab2fc645036a5d0d1b78015a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c9566bb5984166cf87f44faea70616e2

SHA1
b036bb997c965ff353a3c8c4737a11a3280d2ab8

SHA256
5412fe42f8b88be0bad50ff01e111169d6e856f8e4e638f90f9aa6245a0b6c1a

SHA512
34a8acd09730d3e110a0882174400df206aee60c2287f59079b4a5f8855e04f077bcd0920711cf7d9f9ee32eb4b397b666f598049636b6c1ca0a0bd7e865382e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
b95714c3d6878f7799511528f6cca0d1

SHA1
ac15c1c217113d50fde9336f95d2a5e434235f26

SHA256
88b45b68ac55a04c058c89ea6577f7e93075079555b2f843f0bda84c5517ae34

SHA512
6b419fd1555cd2715fad1acdf0f358bce0e79c1612c90966a206be5aafb91b7cc28eae268185d65bf7ec488aa826d7f203bbfb1521ee9753d1c66b907abeb276

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
ae8f80bc75cac49675705927ee61adae

SHA1
2a7e5828774f20fd5555f77b2ed0f28197048f94

SHA256
a65f657452662509aa2d94473f6608c6d21481fc0f360a8e63dd77e6aab6279d

SHA512
b64b0b3616c0817cfbc6ca4bfb887321b00a811ba56e1cc2c0b6eafff39df6f5787ce320e92d069711de18e97a31194c9aa00a7d1c1d593d760ac593648d81bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
77KB

MD5
8aef84b803af27c08811b9222d87258b

SHA1
c3d42ebc0b9f07ffaf1635cdce76bbd23ac73dec

SHA256
386672193bfa7b3e38391a47a1547eef46b5d9ecbafb90dd11a7c9c54c4aa846

SHA512
0582f5fe5665e35f08923f79b2b5515b65509d436c0d6d1a3ec435f5da99094988911d26a03a079c1f2a9f83f0fe557c405c961fcf28480858e8f2340d92650c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
77KB

MD5
ad8513ee70d3c1110c30267cf8eb01d6

SHA1
8c42d7b1c04a624199cfcf0fce7cb93c03e65de1

SHA256
21d7a3b0f1d099dd08211908ec82ae52f4b2f330284a9924ecc244871a280641

SHA512
916df66fec357fe18b0a3108df82ed7ab0717a851e43cf81e26c513d7442efc0b7ca31950dafb0c602153141207389dd1fe8f938dd9272ab052dcf85f1cd9587

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\4b1bf910-e55e-49d9-b744-36b463974dc9

Filesize
982B

MD5
77f72a30a426a6df8b9144ed76ccec51

SHA1
fe9a2a1bd797f63c8ea2899dfc28819f29b6234b

SHA256
35d9c7061a039bde42a269d7ae572f7c555fecac2bb66aa63d2085f387807275

SHA512
40666fcccd2ee28855c20321cbff975c702bde25a803a92277005df81ef4ac957b18fcec8d7ab37175e15b768d2f853aa7d1ca2a6a3b6b40a2bfd1a321a53585

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\7a991a19-59aa-46ba-8298-1f29e394538a

Filesize
27KB

MD5
883c085dcb7c59d41811d569bdd697d8

SHA1
0d13b7ba0456bf8af14c49cfbeadf9eb3782b8a3

SHA256
417f04762ffc5bc544df40c4620b5ff6ee3a8bef690cf19ec930c419a1754ac5

SHA512
9d416b75a48159e7a4453371e528a5424d062a182b01d56c8d06503a4e850a0a3b21963d28229ca81f8e1bb38a4ef5132369017e838fdc306bb8b26e79e82d5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\c8fbf674-437a-41db-92a1-86f8d404f0a5

Filesize
671B

MD5
630435b52b599e36e39dd6d1dc888238

SHA1
c321367da07c8d06767c9eefa69a28163171e9c6

SHA256
1e9173afa789379ed025fab09499eea567f3d8c9220acc6dacd7aabede725cf1

SHA512
fcb1a9b78c90a62a4edb7886e1cc8bc47b82db793c7b74c0b0c57e82a64316ed9e3ca0fc1f81d15d85bf3bce3c17d0a0f21cfd9fc7b43411b4e836a1e35259b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

Filesize
11KB

MD5
85782d3a008a9c90518e61773e5c9619

SHA1
9d779bc38c8d9cd65408591b8bf9d75f9552029c

SHA256
a3233e1f343041a5292d75d5342b351e4d1be5430902e32f56d27fc8dc4cea52

SHA512
e1fc739ccc084751b7bd87798b34a64d4f4ed6c4dc44376d72bae9cef926adb3109f0fbf9447bdd8e0baed532714170564ea18fe2b830b4be40e2220ae13a9e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

Filesize
12KB

MD5
2035dbf3cd4e76cc1b0d365fcf0a552d

SHA1
9ee6f24712682133463487924c18338b452c35b8

SHA256
a161a35b22e6c2f6be2d6540674bcb4a9d9a2a9c80e4b7fa422238b283c80877

SHA512
322149df2a2dfb9c2cd0ba29bd1eb973f980ce4f38538ddf99d8080fd05be50b6f7d1c5583843ea7f8d4bfc83733a2c6657980a8e2b4ff19ba20dd86ac01ee72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs.js

Filesize
10KB

MD5
ea3564596f2dbf684aa2f497d0ac1d8a

SHA1
8eb23b228bc68779ab6be3192d40c9d7ccf2e0e4

SHA256
4e764ac1ca584edd79e4cc8a6e7c256a9e61be03b8341c58465377880800ede9

SHA512
6230f14be787ac432fcad44b4bdeb801cae43b9d0b974da2502e77657def70a3a1f93a6b17689c2b76991b7f27a566be6db8231b277287f1358a071e99bd0249

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs.js

Filesize
10KB

MD5
e2fdbd394139187f56861c60f7cdfbd9

SHA1
07e4919990cab40fdcdafcf3703dedb52af13bfb

SHA256
a57a16fb3f2dca88389ae7b8ddbb72a82d7104de4cb243a52d0de2f7958b2f73

SHA512
d291a3b78ab3d5093e96431c63b4842a5613c13f4c057c2f08e94161f0506cb24f7c6745a5fd865d02cc721ad72a61c237e3c3fcb55a0fa2ac72ad9a6e24dfd0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
42KB

MD5
d286f0aa7745af0d190d6cc00fcbade8

SHA1
102e5d134e15809b2cef4e13658050b445eca6e4

SHA256
2f7d78f7a6b1161f6fdf17a77e87b0c37d6310b3ccb082734e83ddc3c1b77b97

SHA512
dd82e12adc53f7b8a64ba8924a127cdcc22670509312a60eec830015daeca7cb5d691e8a9104d310c62901d8bac5c895ebf5afe770bda94a5e14dc38dbc9c0bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
2e3afd87738b52e7808c7786474fe1aa

SHA1
6861b857a0ba86eda6c2db2479a89a9f51d2a334

SHA256
25e9631f48753d7173500fa19c509ba93a75e066379fa823337d5c7f8aaa6709

SHA512
97c7769a9f06a21dbd050a9c51e883277f9ad521044d098d89f038084e4aca7e0ac490d892a6f7c6f4d45109f63cb501034e60d4a084c8852869e3b83bdbdc37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
7b3038470015db47da572611eef12447

SHA1
db8b1da4dff5ebdba76897f38549fa7d31d310b5

SHA256
77c3fff3ae73e26377da79af3c1f066b176e9e7112568125b0342684e84aa4bd

SHA512
7b7ec55205080cdd85166cdbbd2f37f48fa8104ab85eb37abf3c115f0cab9175f480edd8c86eaf4a44b9d02421b24061e0d77e0362619fb2ae701bec95f69285

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\file++++C++Users+Admin+AppData+Local+Temp+.html\idb\1972125614yCt7-%iCt7-%r8e8sdp8o.sqlite

Filesize
48KB

MD5
1c58bc9026c7735d6a3d2b100332ec0d

SHA1
91e29f7367c4026e1650799ffae33a18dfd1b354

SHA256
4906e6bea75c97f89c8ef5fe18db9957c8081cf2cba7b89b281af49a0dac3271

SHA512
60e575db4de375c12100c835b32a162e19d05d94b35da19bc1fa5cadce2a46c241689b361793844a49c9874a5be7f848eac9c463746f2e128fe1dd8a2da6b5a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
2c0e8ad96616395c7a32c46a67ee57ca

SHA1
1336d73190a77f7623f861b6998804bfa82d763a

SHA256
bd2c42d487e7164a0fceb78295659818adb3fbff22aff4725db58a140539b622

SHA512
7f94729f3d0baa2408058c4699161b53bcd5c354251b56e57b0c26cc981d02a366af341a52c8de34007d03643d3aad4225c9bb80503704bcad3ec28e13920b60

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit