hxxp://steamcommunity[.]com/gift/61842

Analysis

max time kernel
69s
max time network
70s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
22-01-2025 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommunity.com/gift/61842

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "186"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1668	firefox.exe
Token: SeDebugPrivilege	1668	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1668	firefox.exe
4688	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 1668	4396	firefox.exe	77
PID 4396 wrote to memory of 1668	4396	firefox.exe	77
PID 4396 wrote to memory of 1668	4396	firefox.exe	77
PID 4396 wrote to memory of 1668	4396	firefox.exe	77
PID 4396 wrote to memory of 1668	4396	firefox.exe	77
PID 4396 wrote to memory of 1668	4396	firefox.exe	77
PID 4396 wrote to memory of 1668	4396	firefox.exe	77
PID 4396 wrote to memory of 1668	4396	firefox.exe	77
PID 4396 wrote to memory of 1668	4396	firefox.exe	77
PID 4396 wrote to memory of 1668	4396	firefox.exe	77
PID 4396 wrote to memory of 1668	4396	firefox.exe	77
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 1760	1668	firefox.exe	78
PID 1668 wrote to memory of 2008	1668	firefox.exe	79
PID 1668 wrote to memory of 2008	1668	firefox.exe	79
PID 1668 wrote to memory of 2008	1668	firefox.exe	79
PID 1668 wrote to memory of 2008	1668	firefox.exe	79
PID 1668 wrote to memory of 2008	1668	firefox.exe	79
PID 1668 wrote to memory of 2008	1668	firefox.exe	79
PID 1668 wrote to memory of 2008	1668	firefox.exe	79
PID 1668 wrote to memory of 2008	1668	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://steamcommunity.com/gift/61842"
1⤵
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://steamcommunity.com/gift/61842
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6d5edeb-2dc8-454a-8db5-c79b1969cf8f} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" gpu
    3⤵
    PID:1760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {511a44d4-77b2-4906-8284-f89f91f5117b} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" socket
    3⤵
    PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3168 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3140 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f13d0241-aa52-428b-8bc3-d19a3fc82f39} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" tab
    3⤵
    PID:4688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3964 -childID 2 -isForBrowser -prefsHandle 2584 -prefMapHandle 1240 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efae8f94-fc67-43d0-895e-f134a6598e34} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" tab
    3⤵
    PID:4928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4964 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4984 -prefMapHandle 4980 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {891f6def-8c38-4e15-8175-2fc927a2b845} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" utility
    3⤵
    - Checks processor information in registry
    PID:3600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 3 -isForBrowser -prefsHandle 5408 -prefMapHandle 5420 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3503c25-efa1-494a-9e59-e76fa3e13649} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" tab
    3⤵
    PID:2076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 4 -isForBrowser -prefsHandle 5664 -prefMapHandle 5124 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de1e89bd-183d-4c4c-975b-7c06e3229158} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" tab
    3⤵
    PID:2632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 5 -isForBrowser -prefsHandle 3092 -prefMapHandle 3368 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e31ff5a7-4ee0-42ac-93f1-a27ce29d80de} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" tab
    3⤵
    PID:1524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5840 -childID 6 -isForBrowser -prefsHandle 5916 -prefMapHandle 5912 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51b9ef87-e33d-4b96-971c-91f76555cb67} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" tab
    3⤵
    PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5856 -childID 7 -isForBrowser -prefsHandle 5092 -prefMapHandle 5352 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30ad4b4d-b88d-4076-890f-b6fa9fcccdd9} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" tab
    3⤵
    PID:72

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a03055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
12f7632a17e0ebb294ac140369339f7e

SHA1
948919f6c76812f24b1825108dd7c9c7515a9929

SHA256
79b9b40830e72423b8ee2f630db60a3bf43963341e0ae645fc1c3cb6d53bb3f5

SHA512
fb873b135185e31bb4956b37e7c67ea1a388bacab3ad9a6722fc99debd37cb18ad63adcedc2339ddfeb5e0238760aca829b2bc10859105b766d0f069963bc85d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\cache2\entries\33D2AF1C774258898D5A97FB604DE9F9A093C893

Filesize
46KB

MD5
99ca3cb3fbeff19a4388d2f427feff0d

SHA1
5b11876e9ac72cc737bac14b32f338afa5c1f341

SHA256
32504123d045d079e0cf894881be9cfaba147b5b91bb4eef30e36a24c93e8d21

SHA512
0f96787941dbbd21607c064875a311e13e79388062809d31e5c5535c998d7ab329cd8cd6008029ae3276ade41dca890deff57b5ee50b5b76e71da89a2a27854c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\AlternateServices.bin

Filesize
6KB

MD5
3b9c5e550b5ee4dd0966727d165b00ec

SHA1
013f486accea44ab30d88cbc3baa0328960e902b

SHA256
fe743217b6c0e01d8a98828a0155b1c1440bc9b3cec72cc5aaf06666e67d899b

SHA512
7ccd6b444fcd7dcdbe81b137a83259771b76e3a8ee520a5f57ab934e15685cd1fa868dab972aae4f320ba498bf7b01ecdffc4f66a0439ec16f5e525dc83997ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\AlternateServices.bin

Filesize
8KB

MD5
69ddfaf2a7debd27c80586e4191f3f59

SHA1
3d43b8fdfea390733cb4a85b1db906fd203d1196

SHA256
0badd769dac32250c3002cfa5f50ed18e2126180adce69dcc8b27cc3bd7745df

SHA512
48e18b2b628bdbe21968062a918d01dc0640f087e3caa901f7fa67183e88945d176722132a3cd70b46f66f711d6fbf28ee9ee6ef92afd20db576036d4d4c50e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2bde6e98aa1912525c5b86ec13799d8e

SHA1
666bbf88a7bd94e9bc5b8eeb58ae1ce0a5fef2b6

SHA256
442aa29bb7ff36564ef80ea456d0c94e35e242f7db538cf91440dc88914f3ed9

SHA512
a6a0a8bb969596ad5bd6a994add782c97b7ca58119fbc0b148b42552522cdc1e9dc9020aa0d8017411fb371f3aacd2eb6a3cb5d5c671f5c36b0b8d3f9a5ef71a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
1f047ad8165945fa39360ce816de6158

SHA1
294122856b5e6f082234defe5d368a95324648d0

SHA256
99d2edc20aab6d3c4f8d3e8bef8f23c36375a3760a5a478bc692a01084258597

SHA512
b2c63e3a06329a65f90a5740e6bd7939204b188d50599f64ff1fb69fbecd9e462672fd06249a7c1f5b9199e789d3a04eff79730c71f171e2b48b7f57fb339bc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
84da7d25abcbe06df753fb75120fe90a

SHA1
fd50763e49e879e4546f6e1a914b2a5436912840

SHA256
d95f815a6d1402c307bd3ee46ae488bc0890e5d34f64adb4ccda4bad88814690

SHA512
bb9d7d7cd5f040cd7a44b14c53b9be430c8420173f2f935eb1b992b170975cd091622e324939f83e8e5a1285dd9efdeafe6cc002c3f0b10d09e6c96e32165621

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
679d7bc932751915fbe734b9d2d16598

SHA1
cd85d07bd73cd7798ca95b5d38a3bada5188844c

SHA256
4ede83367d12441d2baefbd78526285a6c5b80f3bf28dcb7887befb63bff3a43

SHA512
8c977a5b79c9fc1f657d1ea4aebe9ca22ae8f6c926c806e00f5df9f8806b8f89559c7844725c8584247446f3a3f0cba2d0bf0279ad935387867595cf2e6d79c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\49892a0b-e650-4c5c-baa6-200a85f502a4

Filesize
982B

MD5
f4d3e6a20f62cb7719374915644da897

SHA1
12607368c2885e15cd962c744a176e94d6820197

SHA256
04145ec494be28bf50543992492d0d4be83d72ce986d734d7fa628cd15ebf8fe

SHA512
4f2e20c9ffaa8a1d1c47713dac383d4628b04bbfa18997fee9dba1567594eef9bb0117581df34bd4ea31c9c48ebcfd00868311410b1a42824fcd7b178588764e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\97c05d0e-31f7-4d92-8375-c3b9eea33260

Filesize
671B

MD5
b5207def350baa062a2850c644b45bd9

SHA1
49fb078197b46f09e05db538b081b7e82044c0bf

SHA256
971ccf7f4578bd26bd22fb4b23605e5b45050635678412cbcd85ea016368a5ed

SHA512
24a5a1513bbf9c72961d477c3a468ae1749ea6a849866a3a5ca57146b84adbf111255bbd85c81c0fc030a139b0b88f7b0f1600662e69cadef3dae08eebacbeb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\a1c9b8bb-10ea-461c-8dea-8272f5f89734

Filesize
24KB

MD5
6a1333223e5c17c101a665cd8d580f39

SHA1
ddfaffbe3c18d38e5c317fc50456e940d2d5ae54

SHA256
b2ce09fa29666859b9ec86bea4a263cce6dca9a26fd3b77d904b35e55903872c

SHA512
802fba964773f548d842db57224de985b4c0f59c95eb98f78c830dc8d92b63b921287ed226ac7bf02be2e0ce150f3d14bd1a52b2d6361ceded15f2594e1ac611

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs-1.js

Filesize
10KB

MD5
179afb362f0bc270f3f990cfc34c705c

SHA1
98225afa94e935492a157f4a6a88a48d61d1e086

SHA256
8c8bab1856a7a4c05fefed90e4a3640a778f514fb802da08ffffdb5b600ac16e

SHA512
a8b49b1f2738d32137d9d462a769757a4bb2d1523119c184ab38e2028131f9afd7f7f1cfd7c434dc4f798238affffe418d1d549eb2061f70556eeb095e0ceb8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs-1.js

Filesize
10KB

MD5
d3eb31d2cd62581d5b14e7729636c0a5

SHA1
d9004a923968a44f82a15bba3d480d3e46c2db25

SHA256
375ffb1272222b9d3f75522e2c715d132e9fd334bc2b2986505995088ce78b5f

SHA512
d6adb4d160639b3faefc1fc5774f8a3abce4e02ed3aa56b0d5c468d3545a576530e5c790d9202f49ee7644143ed7a1517adda20cb58f4c28dc7dd63c82c1ae43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
57f85bbc5d4dd65e8026d7a73d53e446

SHA1
18b779ff7b55c44c09bb50de5e4e324c5008e882

SHA256
04ebfa97df1362a3f34cfcab34910a0108a39d64fafdba69e8d79d56e98f26a5

SHA512
e9c42f18ab95d0fe0bc8a6f45fc4bcf0230b02efab6f558f6f7bd32a961b0c347f4540589349bc5ee424c0303a412fffce0b1f760192c8640f21d5da0be80fee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionstore-backups\recovery.baklz4

Filesize
43KB

MD5
5114d3658c928b6fbe50dc165537338f

SHA1
fa4f06b2f1939600aaa1d8aca7e7f96cccfedb1b

SHA256
bd89a6b28ab3561d33b1cd7ff6b8fd4ae8b74c5776baf05dedea1242a1a1e63f

SHA512
c3218d4855e5c6492a69f816e8628d585b8429c82912901591959d5bdf0530a15bf8eac31749d52a5d058d433241fd2f5b1657e233c871fe6d9abba4e9173044

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
797631f54e01e6581277fb579058ed1e

SHA1
1d7a33c62cec4d7e19966c862679802a826ac26e

SHA256
be8470eb112c5d62823bc4df0b9d1622cf4c5f307e31da235d462997cbf96134

SHA512
a438d256300947e24ee285b45ba1765cc80515aedff463518867708187fb63e9fc8226b41d403a6413e7ec9abcec91ffcfeaa9be2d6ca22d7e466f6c15eb2802

Download Submit