hxxps://telegra[.]ph/Happy-New-Year-01-06-37

Resubmissions

06-01-2025 10:36

250106-mnqkmswqgp 5

06-01-2025 10:32

250106-mlb98strcs 7

06-01-2025 10:30

250106-mjxhdstqhs 7

Analysis

max time kernel
255s
max time network
220s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06-01-2025 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://telegra.ph/Happy-New-Year-01-06-37

Score

5^/10

steam phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3829776853-2076861744-2973657197-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeDebugPrivilege	1716	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1716	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 1716	3492	firefox.exe	81
PID 3492 wrote to memory of 1716	3492	firefox.exe	81
PID 3492 wrote to memory of 1716	3492	firefox.exe	81
PID 3492 wrote to memory of 1716	3492	firefox.exe	81
PID 3492 wrote to memory of 1716	3492	firefox.exe	81
PID 3492 wrote to memory of 1716	3492	firefox.exe	81
PID 3492 wrote to memory of 1716	3492	firefox.exe	81
PID 3492 wrote to memory of 1716	3492	firefox.exe	81
PID 3492 wrote to memory of 1716	3492	firefox.exe	81
PID 3492 wrote to memory of 1716	3492	firefox.exe	81
PID 3492 wrote to memory of 1716	3492	firefox.exe	81
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1620	1716	firefox.exe	82
PID 1716 wrote to memory of 1944	1716	firefox.exe	83
PID 1716 wrote to memory of 1944	1716	firefox.exe	83
PID 1716 wrote to memory of 1944	1716	firefox.exe	83
PID 1716 wrote to memory of 1944	1716	firefox.exe	83
PID 1716 wrote to memory of 1944	1716	firefox.exe	83
PID 1716 wrote to memory of 1944	1716	firefox.exe	83
PID 1716 wrote to memory of 1944	1716	firefox.exe	83
PID 1716 wrote to memory of 1944	1716	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://telegra.ph/Happy-New-Year-01-06-37"
1⤵
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://telegra.ph/Happy-New-Year-01-06-37
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a316b50-2389-4623-9c47-82b892e21c99} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" gpu
    3⤵
    PID:1620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2520 -parentBuildID 20240401114208 -prefsHandle 2512 -prefMapHandle 2508 -prefsLen 24759 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4216b78e-8d70-4de3-a355-7432e95b7f7e} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" socket
    3⤵
    PID:1944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3304 -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2880 -prefsLen 22700 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df0e976d-b441-4cde-a1e8-566c796486ac} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" tab
    3⤵
    PID:3260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2744 -childID 2 -isForBrowser -prefsHandle 2836 -prefMapHandle 3696 -prefsLen 29249 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac314cf7-4cb6-42d5-9325-655082ae9747} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" tab
    3⤵
    PID:3516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4408 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4472 -prefMapHandle 4468 -prefsLen 29249 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73b0e5e2-e9a0-4f9f-9bcb-abed5282fbd3} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" utility
    3⤵
    - Checks processor information in registry
    PID:1256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5168 -childID 3 -isForBrowser -prefsHandle 5452 -prefMapHandle 5440 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6f5b7a5-34f2-4861-bcb6-cbab464fef5c} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" tab
    3⤵
    PID:1940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 4 -isForBrowser -prefsHandle 5584 -prefMapHandle 5588 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f36dc92-84b1-4e75-9783-c0d0552972b5} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" tab
    3⤵
    PID:3712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5776 -childID 5 -isForBrowser -prefsHandle 5784 -prefMapHandle 5788 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f15bf209-aeb7-40f6-baa6-1760a29b1b69} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" tab
    3⤵
    PID:744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6276 -childID 6 -isForBrowser -prefsHandle 5060 -prefMapHandle 5088 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b2d4919-9598-4741-a6ae-94e65725f348} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" tab
    3⤵
    PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
06c1f7fba10b415c1942260fbf5b2846

SHA1
2d9881cc37a0a7d10b19a4d7b535f0a8151b1982

SHA256
fc32328d95b4e6f1d3c2cd48c7fc29f00fea3c21f0ca0033411292b10f50a647

SHA512
590df0dce9870b92cfd87961e05542c379a234ca8005704ecdec05c108558c8d036944e147061a443cd615a7e0a472894450ebea478d6f216eccd4b811bd3470

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\cache2\entries\51C15E82D91CCC38B95AFC771E4779BA241453B3

Filesize
33KB

MD5
41c460943819d5810d3345e72cbd1aad

SHA1
07b524836a176aba8bfeed15836c5c74832d9b61

SHA256
bba0bde2ab44f3b0f594f75ec51701faa0d26e5e14952bfa0e264f6a10947ebc

SHA512
4b91e34f900c012a5aa7f7ae76a8317c5b315435f54487a2828cf8116874f1cedf3dd46798b6995d7037bee487ab14e5d73cc5d17e81933f78ccc0d62cf85947

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\cache2\entries\A2A535CEE2EE65519C5241D9E0186A778B89D718

Filesize
118KB

MD5
cb623d712ec31d7da0c5e605f7de2b66

SHA1
77cb5f5bcfcfa5976c7270c2a0957f5e42254996

SHA256
9b16f4377b31e5872daf3bebd390d09e65ee3ec283ec379ba830fa7d23a438ea

SHA512
4ac1b8d789525be81a0c9d64d4e45fdd01e6a9497547e707d1e5848d993d82e888316d1d7bcb6cad417c850ea38d8ced6062c72f1c332f2fa5601da32f4124a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\W8D2O2SE7GS6HH2PPBQF.temp

Filesize
9KB

MD5
4915fffd00a17b7c2401eafa39bdae50

SHA1
f7816078ee21926a3b323f8afa79e4371de54f19

SHA256
43b08fc14a4e65ae18730eed9c2f3a258e9749866bd53574cbf222f8577e13c9

SHA512
8220cae1fd6d04150dcf0a2e573af832e911cc089cb671bdf5f34008bb783365b9f721eea5034a895ecc278201d444dec5c0903b91bcf0e5e8549b3bb4e41363

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\AlternateServices.bin

Filesize
7KB

MD5
3b63879a7d4e12dd66a8589a615c1af8

SHA1
4c7023c88194725f5ec60a10ea9c6108643cca27

SHA256
9598094beab46fb4cc645b2e6e8fc618ed592b600b92a0bde9f0607d0ae9930e

SHA512
d16c383647b4f89b4b400aa92f46a7d228466f4e64f0534f745f276762b02aaf5badb4bd83937023f023911f796d2e71119da9e563d6fb561f729e423f3854d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\AlternateServices.bin

Filesize
10KB

MD5
5418003bb70349b57523296397ccc036

SHA1
4fe5e23dd3b6a7d5da7eb49b6cc6e27d899a3d4c

SHA256
232069645570e7a3e59796090b870bbb18081e6b01a4cce1011cdc68525bfb6e

SHA512
deda14e4c4dcd351c3ab42dd3fab1e5f808bd9077807e0ba6b877f1f3eab15c459ebffdfc6fd5d0d30c9a810f6c176efc58dd9f017763c3a3c5e33e34d5183aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
93d6d4e90126888a03b92efa823c03c9

SHA1
987a2dde14c681181a8d0aa9e589064f0a714c66

SHA256
701b61b16bbc132f15feb89ffd7f26bbd97cfd955d807d6cf9e0cfd248bfbfdd

SHA512
6a983668e79cb9dee0393249e76ea6d02e6b9f55cf26bcea3fc3f2d1b4bac1ce0bbbe8897960ee94322286eca746818be8be8d46057628c7947eac430749f398

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4bef6de39678975282ffa6585cddb4e1

SHA1
62bcf4279b730b94689f47d3f466f9d8333268b4

SHA256
13ff8d16eb26447331d5d44cad5ba225194f8687378879f9e86c58c9931eddb6

SHA512
1a95351dd1971d00226c7da74974db4f7151b98c67c1023ba36621389fe664d207aa6ebe925b01ad1ec82597672413397ed31fbcb6161c8551bc25c46a5f4217

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
a76b6da7f3adf495ef3f8f380735245b

SHA1
cb00700b2794325e844eb73bb73e8e0504dcb5ee

SHA256
ecba3510810d22ff171eef8972a83cb6c3b10ebc9226910d728ed852b534a481

SHA512
8e4fa5d6df49e3137aaac9d0bbdd86d8f2000bd2167fe3ae517c6eae141c85162388b8a3d8e319296dafcbefb2f8515f8030e2be65f67d647b468e8e3c11fd29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\datareporting\glean\pending_pings\57bb7bc8-3fdb-4bbd-96b3-e59b40be28d7

Filesize
671B

MD5
cdf682a82b6093923edc1b6c29178ff3

SHA1
56f66ebf4169b76c06f014590e3fbadd35f183e0

SHA256
6d3fee6d2df359ae0465a860782b10ec9492488e275c3d13427c9b51fcef1a7e

SHA512
ec0a01eae34111c031311844fde68bf6c4e3e831158f207d42e34a1c07458997699e67e298ec945374bffc5d737337d9438460b6a69d6b65c82fefe689cc6563

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\datareporting\glean\pending_pings\6a637b28-e56f-4853-870b-c334fea295f6

Filesize
25KB

MD5
5506daa23af857d26e8be084c630ca1c

SHA1
cc551ab89d637806122faeb851233066f543ea8c

SHA256
093b9bbc78ab90669c892e343ef6496a95fd465ef69ef893b1fe4044f441e8a8

SHA512
29086cf85ba806b2f353867e3e2d2126be19f5d638994c05598fd081ecb2c7a1dba1e0c1035f0de76571d9f71805d6f4cd37284bb77dd4fd5074955112db9e07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\datareporting\glean\pending_pings\87e92680-bad4-4d84-acce-43b7d12aac56

Filesize
982B

MD5
5c0f3db5028cbfc976aa25f871bed7db

SHA1
ee65dc2ae1f2c13d6e7951404c3a448c8df5f763

SHA256
3bc819b472fc972fd0b6c758ad1f24fddfd0a5c1f64ec934de5aaeb694fbb46d

SHA512
2097ff347ba49fd27ac4a5a7a3f7a0474133d22b137ad0f37114760fc0eb711336093eabc2f5585250c64c83714ac3bb38bc95438b09193e896a9675a19fdfa0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\prefs-1.js

Filesize
10KB

MD5
01478221ed644c1176d3ba6672299cdd

SHA1
00e54531bc97ebe61d2b57fcaa902c4571babeaa

SHA256
a2212371fab4442c6dc422977ab77d591e19cad5f7fd031daef4423360aaa435

SHA512
72ff1b1de4835c192611be61d89f6925d5b9f2b941b97c9a8d87dbd8b33518ed6f7d5702f251c2ed48dd2590e892261a2e3beddc7547939b7f13947fed4018fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\prefs-1.js

Filesize
12KB

MD5
6da655b7f3cfe4b89acbbc42f7f98f27

SHA1
8e8c4d24659be924f940a2b6420a26dbda27c150

SHA256
fd2be02001d332ea228c9584fc95425b0f6733e8b9fad8b890cf03b8bb1a1c0a

SHA512
9ad6aab949a3bc1dcc687ae12b4975fa162f437523f74463a187cd315be3ab0847c2410405979a12d30ee1e638e82b46d7d8fc55d6c917af7a91e41229f85708

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\prefs.js

Filesize
10KB

MD5
58c8210291bd0f4e2dc5cfb81e6397db

SHA1
46f9e6c03eea23e499aea7a35aa5534477018004

SHA256
25dba411026c20f6495a0c6a7047d5e04229bb495068a9a0cd9c796a2b4cff38

SHA512
20404acd2a5fde5b8f5c85c29be9892bf55d3c92377dddcb993bf978c65d6f72e1b2a8a7cd401b4b44612c3c8533c062e561ecfd1e5a0870ee913456adee9356

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
6f2a7ea5421efa84709baee77e2b3ce4

SHA1
34fdee00a639b1e8cb8e4f89d872d913484dbaf0

SHA256
a882e5682bab2a0ea0aa62ce7cb7832d750532112c283e58e1f0c97b6c19df6c

SHA512
6c8e8a49e38f9934ae9641295fb6c5f9fe37041fdf80c97579e33fd16e7de88e9919d2b6f06dd6881c5b85641b72509264ed0db83d4b417c5b930e17d4e6bfc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kx4f0sbu.default-release\storage\default\http+++steeamcommunitii.com\ls\usage

Filesize
12B

MD5
cdd578b59a5e7d64e1d6bf0b98b3e81d

SHA1
280b1d7aae0947a448c68e6ec22d9b68a0a005c0

SHA256
043cc32ecdbb208c7481c554e8165c85d89eb1385f5541929dadd5ef6bcc3486

SHA512
b6f04959ec6eff93b6adc9b610aed13926d0e2c767bf335c2e3da2ab5bb6901ce1bfe7be3ca619c6a8f86e4b301cc9b39511ab959d0b388d38dd87bbe066327b

Download Submit