hxxp://steamcommunmutty[.]com/gift/activation=Dor5Fhnm9w

Analysis

max time kernel
345s
max time network
340s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
05-01-2025 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommunmutty.com/gift/activation=Dor5Fhnm9w

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4140	firefox.exe
Token: SeDebugPrivilege	4140	firefox.exe
Token: SeDebugPrivilege	4140	firefox.exe
Token: SeDebugPrivilege	4140	firefox.exe
Token: SeDebugPrivilege	4140	firefox.exe
Token: SeDebugPrivilege	4140	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 4140	3272	firefox.exe	77
PID 3272 wrote to memory of 4140	3272	firefox.exe	77
PID 3272 wrote to memory of 4140	3272	firefox.exe	77
PID 3272 wrote to memory of 4140	3272	firefox.exe	77
PID 3272 wrote to memory of 4140	3272	firefox.exe	77
PID 3272 wrote to memory of 4140	3272	firefox.exe	77
PID 3272 wrote to memory of 4140	3272	firefox.exe	77
PID 3272 wrote to memory of 4140	3272	firefox.exe	77
PID 3272 wrote to memory of 4140	3272	firefox.exe	77
PID 3272 wrote to memory of 4140	3272	firefox.exe	77
PID 3272 wrote to memory of 4140	3272	firefox.exe	77
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 2216	4140	firefox.exe	78
PID 4140 wrote to memory of 3560	4140	firefox.exe	79
PID 4140 wrote to memory of 3560	4140	firefox.exe	79
PID 4140 wrote to memory of 3560	4140	firefox.exe	79
PID 4140 wrote to memory of 3560	4140	firefox.exe	79
PID 4140 wrote to memory of 3560	4140	firefox.exe	79
PID 4140 wrote to memory of 3560	4140	firefox.exe	79
PID 4140 wrote to memory of 3560	4140	firefox.exe	79
PID 4140 wrote to memory of 3560	4140	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://steamcommunmutty.com/gift/activation=Dor5Fhnm9w"
1⤵
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://steamcommunmutty.com/gift/activation=Dor5Fhnm9w
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1952 -prefMapHandle 1948 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1059fc98-81f5-4933-ad30-6dcdb687dfb3} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" gpu
    3⤵
    PID:2216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e280add0-7072-4f4f-b171-492cf57d34cb} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" socket
    3⤵
    PID:3560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3152 -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3132 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3bd797e-077e-4477-905a-01e8a0710ef9} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
    3⤵
    PID:1392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2511a02c-0da4-4753-a112-dc6bbb1a4f15} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
    3⤵
    PID:5008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4836 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 4632 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dad9194a-fecb-4ffa-af57-6fb7f9a9bf80} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" utility
    3⤵
    - Checks processor information in registry
    PID:1032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 3 -isForBrowser -prefsHandle 5344 -prefMapHandle 5328 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a34bb819-ce1e-48ec-b5e6-644f2d7f595b} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
    3⤵
    PID:2772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 4 -isForBrowser -prefsHandle 5516 -prefMapHandle 5512 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22dcee10-7343-4297-a88e-260c78a5219d} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
    3⤵
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5732 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {732759ed-46de-442b-9522-cea713d192d9} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
    3⤵
    PID:336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5904 -childID 6 -isForBrowser -prefsHandle 5896 -prefMapHandle 5592 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6da15a6f-ee6a-474f-ab0f-347fd442d019} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
    3⤵
    PID:4044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
a6c953cfb87d5ba52279f04aed04125d

SHA1
5644d4f1325df0d8f3f37dede340f30247c83ddb

SHA256
fa396a721a94193d75507e487e38991a97cf4f6f03860972c177437f58f1a9e8

SHA512
7d7edfad62236a429acf8b77b5415b5a09ae210bf9edcf5593dad4fc7225b24ddeea91bfc137de355a3018c4c2ed114d0fa6068fd60da7a028af001c90945237

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
408272a37b2cb9e2346042be59b7eb31

SHA1
960be39501a24c7eaed30dbafd8c2f1d8f6bcd24

SHA256
3edf44c4ba615a441a54e6466dd52d04288040ac0706892c5afd30c792236afd

SHA512
564c85f2a371657512568f038ce3d391fee702f006e900148be4ca36ee8713af5dc04ccf9404528f3b319ad704052cb9a01e0ef1c1aff649f8e6ec901221d2e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\A1FE6CA07B4FF7AB1340B291DCC89142190EE0E4

Filesize
34KB

MD5
9ef20ed6be237033d4af57cdbe9744e4

SHA1
48272689af0c5c15f09a7bb5dd7fe3ab98a0f984

SHA256
a025e9d2df6eff095733d142d91b4fc5a182f89b4f9c20ff6e6889d01d01a031

SHA512
c4ca3a1fa28ea29f3e862a8263b8401f9459353d4dd0af1d4247d531d1f8d352dcaa80bae00f55beb1c2cb1a114e57aa66f8d73d5f7c8d46f9cd78dc9a04b755

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\AB2B92F18FC703A6B3EE0A1E1BC1E38E048CDE16

Filesize
118KB

MD5
c879199eb29d534f7ef5a3fd4b12967b

SHA1
9561c213193d29200a935f3df91753679aca6183

SHA256
a12eb69fe765ca513040d60c18e19b523947209d9e80719e650b5cc9aa36f34a

SHA512
2ed781e8544c5ba1313c2bda40f686f1c9496883c67125d2130277e6e20cffbba7d26f64edf972e259caba359c425192ee32cd0dceb0974699bc048290f7465d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UHJTIGUZQAR94O97479B.temp

Filesize
7KB

MD5
723c757d8fbd0aca81acea1a167bb575

SHA1
b92eedaf18838b462cd51847113edfc3bd99428d

SHA256
94db248550c20f40a51493bc9c41f011605cbbc868f1ecc9aa8cf25b79c5d689

SHA512
f45197c0e1d9d1cddddd0f7054813d05dc72a7c3dfd4a77e15351c03e2397d797eff7c9b0b2eae79a19071e352a9229dbfa6c894e06ac5c499c44bf527ea6788

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
6KB

MD5
5e7507a7ceb64470b2addc902893fcb6

SHA1
d4f27dc1bae7278ca5b179b34ff0c36e501a4c63

SHA256
b055e68864eed3fb0adb29dc351d34577f712b13faae9592b02f4e8daa71aa7e

SHA512
80ffc223e6570468687c0f6cd3d8db1eaef860ec29a48d0aea63a202650a4d14d1c781d376bc6d801c6fd2e9dba9279f358b29163de6be90552865bed9dab43d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
8KB

MD5
0e7c58258812def36c844c460c80d4f0

SHA1
9c4c0da1b066c554d48b6e685c6e31f94969339f

SHA256
3630e8e2f56f92481a9894966abbb5a686315b43630e8a9dc926d76a4458e84a

SHA512
733923f6c0151b412e5db8f4be76e56d47e22d59f0b7ecc7fa33c26a2da864228b847b03d13c5e02037ad4e7b9002494a67393b8f837abeec490effff8b63d4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
12KB

MD5
3849de80563afb77a0bc0776804e4eae

SHA1
9e2f74655de6655e5701d9411038c4e72d87db88

SHA256
9a6dc91bde3d217db0ddecf7dd25e6995590fef48b77ecc491e71f296e1a4551

SHA512
e5b0335e952ca55ef771d0a5ff206d68197b0fef3a17caccb3e47b76bc316d2461a2ff18b6ccfa65b57dff9e2dee65fed30a19d1f11e267e15ea70f4aeffd9cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
26fcd53ffdf62145b49663da9dd705a8

SHA1
b3e051ac72843a2242c9412dcc06c8f0279eede7

SHA256
c8c4f96fcc895cbf0bd3f2835bb534413bafb241bc8d17fe76ea323bcee4645d

SHA512
77b8ca203df072f80fb1664042b90b48162a40746a84e9f86b967c0ad28a28142205c801694a20b83dfc384d8c2157914c9c08fa6c07e71a695e171baefcff2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
17caab9f906b8be0b26636987a8b69f6

SHA1
d33eb0fdc729a3b5d73c65e05fe62462997bce04

SHA256
30cd4fbb0c3adf07eb5d1c11cb15c4ec1a79849ed6a40a38172cb2d41dc5f549

SHA512
128f8165e456bda64ff7027c00b9287c5b50919f0a1069a1e1ae6dff7e112e976987e43783d899641e5b08e97ba5afdbbdf44fdf91d678db47c9c7bf4f51ac7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
41KB

MD5
d95f07da114fdc509f68a85b7fb894d5

SHA1
bb25e20c600f1927cba43cb79bc1ed5520a481b1

SHA256
f4d51d3e61be6684491289a9d60dd0930a0076e1ef3d3cdd446dac5fdaf5eec1

SHA512
c8c9d2e2722af8d68bc7ea0c5d66371977063429f1d925233919f4af8efbb33af400908a649cc80b0179809ee499838b35f8265ede69ba36692cc6e3e3976d53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
ea8f463ec5fe87a7835ca03152dd15e5

SHA1
cb6daf04d99e8637e54db61e82259d10a1129d7c

SHA256
59097f33b575b27548509095f3f3270882c3633f9ae5f85f4d1e210eb9b814d1

SHA512
cff786dbe4f3f74e6b08ba58a045f27abd581b33ba214886010b66f90e6e83417da187fdbe43e0511f18c5c6bb38347202ae36ef997424abaac53e6d15d8aaca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\2a5d0240-c540-4749-b757-9a1bfec013b6

Filesize
24KB

MD5
8c77876b59ba0547fdd2205898bdf39a

SHA1
a829aab51eef67f4df6777747ce8ebecd48b9235

SHA256
e93b04627c3a10abeaac8475733cc6cc33ba1ab9d57ee5e4b09a80820291f845

SHA512
6f65179e2ffcb05cba28ad2dc12bb096ef7c7f3f15c39cb3fa78cb0a87adb9608fd7b1e4ee36530116db13b6fe4c01746c60cd0ab41b0885c341847f660d887f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\9ebe38d7-4274-425f-a81e-10457a78347c

Filesize
671B

MD5
ccad1947af1fb6120112a89ecee3ef3e

SHA1
234330f14fe7969d8f1539a3ac816954b8056fa2

SHA256
0d299edd84daac13e8e8921f4329dbd4d769ba882fc3db4348fcb859241e2d53

SHA512
c9186d5dc73ccd8aa2f6796e38ef1ab98cb3fc6ad7ae1cc9e4954add00b8e03f2fe79fc3dce0503f0f0bc626ebf3cd2c7ef170125f5e0be578e84f1cb706c951

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\bccac104-6258-4ceb-aabd-4d1328375b99

Filesize
982B

MD5
51cba1776664d14ad85e5a23c4a47fbc

SHA1
43a0287bffc0eafe9b381c8e858b3410988cc8e8

SHA256
9b710de4964c5594d2b0b42a23eaa71880e5af033725978cc31295cde234f217

SHA512
671529e5e00135ac621c4596cf35279dc1a2573cf204c15ddf3d133fbb4a80faa44f4fa6f84f6d0589f0a4418ab3a7a030c582f10ff80b78c31ad0e59ae27ec1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
10KB

MD5
775fd4b2c0bb03c9aa6700097fd253cf

SHA1
4db0cd69aab602630a9606488371848540a7d314

SHA256
8720b3107cb064ed422bb6825d15533f09d980bb089e3eb273e10d5aee24fb45

SHA512
fe9363e76ac4b08bdfe53031667e4669568078ce1fad02cb68da63d89122833e975bd1b4ebf1a20e23848340ddcc9d9b5542acd103a96510b2eb6e018b2a616c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
10KB

MD5
d496cb8da149aa2a26f3aabecc3dac1d

SHA1
6b4db3d4051d2c7137d72cb4d19e37a8f72e3856

SHA256
abf06cb10e38c0613900dce97b848d0b593971893dbff3c672f088b2e11aa3c7

SHA512
5d9b4db5ace9efd31b3431b5f4064b67231d217ca97f4ae1345434cd2fef1b38a8085a66ffd9f17eca97e3a291bd5ec516ed5a062b035f2a470e463a204a2609

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

Filesize
12KB

MD5
47ee742203c12aa0efc4af0bdda0cd87

SHA1
6e0fac3c1dd01e3819340e749ceb508a4f4647d9

SHA256
d6b40a0db05eafb436dcf302bfb63a89f2d4ae222f40a9e884000b3adf722751

SHA512
5d7d4d47706267a295594f7303b2d1d5a517633284ed6a6119c5ee5c22cc030d2fc6e6b0ec9a75197fd817850698dc29b3e01998961cf1bb8c98b2316d925245

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\storage\default\http+++steamcomunutty.com\ls\usage

Filesize
12B

MD5
c14b5c57472b92f120f0c4772de266f0

SHA1
27df6989d0aca394f4392a5948f224b02c264027

SHA256
937b09e309d2ca54bf86dae0877dd2d032e028970dd78ab72f5d3eb42516ec41

SHA512
d7f541cbc5ead372ea401d81daff177519e3f01bdef0d01783662180a932ef45444ae29af408563b33b0655ac40b8b8e1f5be2129986469053281f608518a763

Download Submit