hxxps://steamtickets100[.]com/s/KQRA

Analysis

max time kernel
67s
max time network
71s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26-01-2025 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamtickets100.com/s/KQRA

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
65	4784	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3982764349-3037452555-3708423086-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4784	firefox.exe
Token: SeDebugPrivilege	4784	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 4784	1424	firefox.exe	81
PID 1424 wrote to memory of 4784	1424	firefox.exe	81
PID 1424 wrote to memory of 4784	1424	firefox.exe	81
PID 1424 wrote to memory of 4784	1424	firefox.exe	81
PID 1424 wrote to memory of 4784	1424	firefox.exe	81
PID 1424 wrote to memory of 4784	1424	firefox.exe	81
PID 1424 wrote to memory of 4784	1424	firefox.exe	81
PID 1424 wrote to memory of 4784	1424	firefox.exe	81
PID 1424 wrote to memory of 4784	1424	firefox.exe	81
PID 1424 wrote to memory of 4784	1424	firefox.exe	81
PID 1424 wrote to memory of 4784	1424	firefox.exe	81
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 2076	4784	firefox.exe	82
PID 4784 wrote to memory of 4336	4784	firefox.exe	83
PID 4784 wrote to memory of 4336	4784	firefox.exe	83
PID 4784 wrote to memory of 4336	4784	firefox.exe	83
PID 4784 wrote to memory of 4336	4784	firefox.exe	83
PID 4784 wrote to memory of 4336	4784	firefox.exe	83
PID 4784 wrote to memory of 4336	4784	firefox.exe	83
PID 4784 wrote to memory of 4336	4784	firefox.exe	83
PID 4784 wrote to memory of 4336	4784	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://steamtickets100.com/s/KQRA"
1⤵
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://steamtickets100.com/s/KQRA
  2⤵
  - Detected potential entity reuse from brand STEAM.
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82f169c1-f079-49dc-889a-fe9224615efd} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" gpu
    3⤵
    PID:2076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2368 -prefsLen 28057 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e36513c2-ff72-4298-967a-c40d92bbe22f} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" socket
    3⤵
    PID:4336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2756 -childID 1 -isForBrowser -prefsHandle 2656 -prefMapHandle 3324 -prefsLen 22746 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ac416c-0627-431a-b85f-880ba237437b} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
    3⤵
    PID:1616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3716 -childID 2 -isForBrowser -prefsHandle 3228 -prefMapHandle 3704 -prefsLen 32547 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ac84089-5d28-4108-9f91-293cf89bee2d} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
    3⤵
    PID:4632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4568 -prefMapHandle 4564 -prefsLen 32547 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d82e2be-171a-4dea-ae0f-830f34235c3c} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" utility
    3⤵
    - Checks processor information in registry
    PID:2264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5284 -childID 3 -isForBrowser -prefsHandle 5276 -prefMapHandle 5272 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9480efcd-8563-4ac4-b9a5-a46fa2523cb6} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
    3⤵
    PID:4472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 4 -isForBrowser -prefsHandle 5692 -prefMapHandle 5688 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c140a539-b389-4d03-9544-c0d3e82547b3} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
    3⤵
    PID:3376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 5 -isForBrowser -prefsHandle 5740 -prefMapHandle 5744 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e4b8674-960a-498f-a2a4-8a1acb527c95} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
    3⤵
    PID:3828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6012 -childID 6 -isForBrowser -prefsHandle 5932 -prefMapHandle 5936 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcb03a40-13aa-4cfe-923d-9ff26908f9f3} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
    3⤵
    PID:3744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6452 -childID 7 -isForBrowser -prefsHandle 4036 -prefMapHandle 6444 -prefsLen 28142 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97e7951b-b5ca-45d1-b1fe-d3ef975458f0} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
    3⤵
    PID:4508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
f2356f30f25c02d5e297981cc8441b19

SHA1
859673d5fb1d67d49501e63758ad4f5584120e93

SHA256
fdb77da04d74b3de528c42803d8aa86a13b94938647af4ed1c3b3e0813035dbd

SHA512
e9364b29ce58162420b0ee169994451c9ed12ed11e3e02b815333b92a305d4fca4f8d9d5db937d6cc4129fe395b0aa687be9665892033cf31d36e1a8f6c99bd4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\doomed\27990

Filesize
29KB

MD5
4d947a101eea471d2f5fba0539b76714

SHA1
e1baaa67bbce5b84bc1ec4246d15b87adcc11c40

SHA256
a786d4ae32686aaac8815c526c734657fc453d17132dd5e29f809e28226de33b

SHA512
b1f1f8c1553dadc6537996349a8f8fbd8569e1cc2141950306bf2bbbe6b68b2d1c739565d7a5ce1e27c87dc082f2068bbbcd4b27c0c8f4e01ac9761519f4c388

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\1414C9648BADAC11B7FFE3117F3567FB25A93DB7

Filesize
50KB

MD5
b20579ce822910a3b7a17fb9c33787dc

SHA1
e07e2da71b468220999b357cdf033c53d5d48a75

SHA256
074a1b62e0106b7c3fa22938fb5888a856647014297c11202f05377d82d5041b

SHA512
32eaaf58f13e1288a6a8d83aa8c62fa10911866c67f36432efb90c767e4cefd4f13123a42ced14b3d5415ac334ceb12b28db033b684305d0a1ceb566feb6ae2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\21F3521E463A30FA7CC458D08EB1458AE25AA83A

Filesize
11KB

MD5
4a2287ff1925b8397278a870e492e455

SHA1
443ba99432d81d8bb21eca2c64d34a1014011cfd

SHA256
617c08193b2f39e7cf175c68a8ed82f5322cd9820cb167ed933914596a92c485

SHA512
72f48bc29ba887e13f8131239d1e510ccc7ee77345cc41d409dc19f1c84c12cef5d72e99a3d0bcbae39ad8a62a664a3c0eece9b96aba7fdc69255af1e69d3355

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\2A8816BAA7BCEB43D5104231B45007F783DADD9C

Filesize
14KB

MD5
97b55d18ad51364861d4092ac8f0b014

SHA1
c4f6d0dc14cb03ae29aa8032e6298705c8ba403d

SHA256
211768d2513c7800bc4abcba9fd54b194c8f52ff585c51957ab1da8ecf687a93

SHA512
2902558900cb223e9c38cffa072c6f436946f1abdbfc384de675ed7f6bec27c5d7990070ab7b4f34972704842a46f97e6790999dd0f53763ed1989c80ca5d19e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\2DA8703621D0F3B23A8479F5220737DFCD8FF8D5

Filesize
30KB

MD5
ab6c9f4ab1a54fe77bd1e998ca174a87

SHA1
f99235e49ee80d1df6af7c8966481bfae61416db

SHA256
c021f7d2db86efe6cd95670376164303b9ddcebceefa01e32646c02d4a9bc289

SHA512
8e89addfd5be77bea8606ca9a9ccb690dd9735828c2a01141e9b438f7401a86399dbd70c3747e4553f33d7b5f8834de5631475a99111b448dce358038fe2ac99

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\33D2AF1C774258898D5A97FB604DE9F9A093C893

Filesize
46KB

MD5
d251d2289a7b3e87790e055f1f52a0ec

SHA1
72a39d9135e5ae069a71ec5871861eefcbe7aec4

SHA256
4289ceac84ce3d243a3b2139fc07e8e12acaa39ded5755f93a2d2b1d0ed2152a

SHA512
4db8c77f65efd7f804bcd7b2e3e78cf9d4622cdf17c2182210efe672a3f44d010e9097ae9ca9e5cc41e30801d4fc993944599b84c5d3352981a27ead29cf5ae2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\3BA1309693C70DAEA35E0B310E2D199DDB2CB709

Filesize
12KB

MD5
048fcad19f4e2a438bc305971ab49c86

SHA1
7b3c64631de758fc0a4e9a411c0332d04c57f03c

SHA256
537bbd0620e87515a64033530ca40b296d7face74e68be8841b618a66c989192

SHA512
18b7cc9748ce3614889c683586a18239ca91888a97fd6bf081159ac11cafc7b0641b5935eb2e0541435be6003f3f5429182ad95be5898e17ecd38c4a9ba91cd5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\7F043FFFFAC1A5BC98FEEF1B179FEB29B8E696FA

Filesize
31KB

MD5
71531f8c6db50754d81ce391b1a42b3e

SHA1
be9a58cb7c6aaec22300f376dcc07154ddd6f636

SHA256
f660c9bd675c3433f2c2f47f49f555e627cef3a2369208fe125fad0310a150cd

SHA512
56adea16aec2c1a26ea09228adc24e43a5b1efb342ec5fa7641f3055cbf8c9d70dd48eeb55e941b40f54022c70ff2c048d517f0e7e8df91c35a7b73de30bf17c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\85A81E8D316EA0F55F508AA0D58D312969345E00

Filesize
13KB

MD5
8ad9a45e357fbc00e112abcc9c5f1a6b

SHA1
fe1b78ca7bbe90f2e597ddce2860deadf75a10d2

SHA256
6a5ecb13249249bf1e8e9e86bfe5496155edcdeaddef036e5b077973caa7c854

SHA512
b0f2baf36178a74c353764ae9157821cbbbb07dda4040e7c1e54c3a97994eb136c59bfe217a85e671a82edeefeb523d10815147fc510eb7ebf88215fca63eec8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\86254BE5C4605A6368B6E91A664F0C6BB10599B0

Filesize
118KB

MD5
4b9691dbe1998c90fba8f33ba9bf4390

SHA1
956dc2e1965236908298dfe645d79f5e991968f5

SHA256
7f0ed7d261e40f84e60cec640e273039e3f5d3ad5d668877be3c014b1121d5cf

SHA512
4cd2557ae86670bd7f22860b6a0f5b26f1b92448dd3588129bd9d61ee5d5515f5d84cde8f310bc4026766bf7e188b79f0603f6b1ae87d4e7c13e6af7191e8c74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\96370859D15ECC736F51CA7D677D390BCE7C9883

Filesize
30KB

MD5
e9468c9c68f3c7bb3ae7c40cad347267

SHA1
3635fa676b6de9875106045f84682570aa02f17c

SHA256
36f0017f01db1870addde3738e285fb081b2e8fd07a58643c7b1f87c590e9a3d

SHA512
3e53ae86add68324e87b41260187b5c94ae5756694d7ff8170c8099561c4bc36ba65cd53da3d35a0005734c63847b0e61e59ea885d8bb5d36fffcd92d9f1eb0d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\B792BB19981BD501A06FB3275CE858B623ADA264

Filesize
36KB

MD5
2fe95b60cf7be51cf5bbd8714a4b80de

SHA1
ce3738fddcfdd2587e3ca4a92a4f9f7ba6ba32fb

SHA256
d35a797b7326ad433b8bc2b1e253cf1011dec7cf0e0f7fe97b0bebd224bc7919

SHA512
6c5f47eef515b8af60557c9a7b2f88db3447c9bca2f30bebfdb0490267deb42b101799eeb1815196cd1686f8a8b7bf21bb083022d268e082863373877880d866

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\BDBFAF694C30FC9FD0B5D03F0456B4CA5FF7B159

Filesize
33KB

MD5
c1280faecb9aea044e29308f55c4ae04

SHA1
3ca82e88bd8d8ca57b069084463f1bb7b23e0dde

SHA256
d68115213f727722f832c6a7ab4322b34b80265fcbf261e889524c8da508625b

SHA512
6c45c66f72772f490b1272843ee3762fe92badc06122a4a776a90b88059b75c40ccd98c5ca122cb9ee6fa18efc2bb70e0d5a81a4871b2b1c5c9d4ca80c5ae726

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lz7hko67.default-release\cache2\entries\CEBE8D770C16A20481495EF97EF1493415038AAB

Filesize
17KB

MD5
6e78dda1276c3aedd65b78231867609a

SHA1
66355ec5310314c56081da525a025778fa5c0b4c

SHA256
dabb3798c6a28acf33496a348fdb998b62bece1021b91d9053731ed068739db2

SHA512
0d3d9a93929728e32a466ca505c3f8f6954563483f5b1cc30455b179bac7db578e3a1190caa8bf33c5f4511bb9fe56c26dfff0883153a5baa8924bf4ccc0008e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\AlternateServices.bin

Filesize
7KB

MD5
e38c9ef2246f618a04362ae5eff6cbc8

SHA1
51c02189debaf753c3d6f861839b7fa9a861a7d8

SHA256
e0446c3ce46e124be910e67e94ad38b4eabc20a3d44adad72314f87e2b368085

SHA512
61a76544bceb23bc6efefde4a24c6b59a9f4b76dc679b1841c0332b6c87067133464e47d61a49ffeacb82f25d05e681a19ad4d799f63ff05ce4a6ae1d65f13ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\AlternateServices.bin

Filesize
10KB

MD5
27aa9053281988108378f60af1f9f4de

SHA1
aca7f8acc2129498f1d1544b3685f615bab83ff0

SHA256
eb4bff940f507171b1418619bc34534d6f6d1f0fb33e9b4c06e89948f132156e

SHA512
1208b5fb2e3b81ba04b9d84b1d0772e2b0e98482d132669bf80f644eca41ff469d8489196a422231f5a9701e003b94adc26f35a53d92b1328ce5e8656c0acf28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\AlternateServices.bin

Filesize
15KB

MD5
50897e2c6f6989c85e7c7a60200e7f40

SHA1
f2a7cbbf360679af2edbbd19d197d8134b2fa409

SHA256
d4c787b89949e1a395dcad94e194e1c2437bbd65fea0683a63050431e4e49c00

SHA512
a5650f0d2404accd0f4edbc61ac1dc8bbc610e469991a8ab2d9eb577bf8a8944b2a5fefa5587e0c7c725625b3f1c53caa0db63c23c1bf74cb6857aa015356fd6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8affec6ca1511f15f26b9c2b3cdb0c09

SHA1
5284055df2994dc09ffa6033329673961a371034

SHA256
5326be173c222679d4bd1df8eff2f69279bb21ad532c0555915d3f0b31126e81

SHA512
0c3f8669f76f696adfb1598a09603d20debc9e1a844f56366a8f0f3828b5d6d13ad1f7ab4f4176534a1f3f0b9d235fbe90425817dc576b464178a337d2b7e9d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
e1b644741a14a6febb2dd011a639a6f4

SHA1
adcc6ddea0e2f65c37d2d4a0a05119c13265c0eb

SHA256
8384260407509b7a6ccf6635f1493171dd2cc8d205a71f90e0be9facb64350f3

SHA512
d9be4f9a924c1945c927b82b97a677c0424d1ec1dfa567aacf2dba408eb52a554d8975cb9d0690d03b7b25230bbd8f218830fe9a117fbb807ba07cfa454753fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\datareporting\glean\pending_pings\21cca6a5-ba95-483b-8b7d-8392799ebae4

Filesize
25KB

MD5
55f7f7bcdcdb1a617dbd7dc8b2ab5dd6

SHA1
fce3ce4c04012f3e70bcea1f849397874383953e

SHA256
69d83c688edcaa55185cd7834f47b2c69a6ffb65ab730d0ddbfc253e82688d70

SHA512
32f064aa77211d316c0b98a69b51504222f9697f0b8601a3ced215b399052627a174a066b55df390b15772db4c254d2aecc54dc02eedfdd6052abca9d759dcda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\datareporting\glean\pending_pings\af794d4c-1edd-49f1-b0b1-735dfb77e7b6

Filesize
671B

MD5
c24d94904827baadc0bf2e4845e4e53d

SHA1
6a567ffa39906e63b3a65f4282a5e0c1f1304af5

SHA256
5d6173718427fa39647e9ad42e40632f6ccb8a4c5913d1b9e6b738a4d5a38b59

SHA512
e9ff3f2f6dee3fab9dfd1884783a970237097242de0df93e6934d45e0ec65a0775b2c39b951b604651c695221ecd40eefc3cee6d5dc1093968268e77fa2a8b39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\datareporting\glean\pending_pings\f55e2ef9-7763-46bb-a8b6-0d785bc2b8ec

Filesize
982B

MD5
64a6a1145e0a3c9b6ce51046e029aa4f

SHA1
6da3cccd33dea365047c78bccb893248a6443124

SHA256
4bc09dfa52b07c01718a9f117bd7ff102384f4e9a569ba446414f544b7b1d8d1

SHA512
de3db1dcc5e5c5ff612aa0534fb090d5d316e3a954365d2acdde04d5dd79ae77eb7973781aabf8d31db1be60a757c14433eefbc3510f3c6cfbc6f4056d2d4b4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\prefs-1.js

Filesize
9KB

MD5
e9e18860763fbdfb1cfb4ff98d020298

SHA1
aca30e8d70723f33099c00e93b35b7e5b25aecb9

SHA256
c24188f49a1d50abde99228da3aade1fa0db6e3069c5e856bc980e051a186632

SHA512
871da7707a9302869dd85453bc7ad787451569e6dc63ac90c1afbe25b47c1acf6b635a02c39ebceafdeb25c04fb01004a8a9113580f603cea7cbb0580a345443

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\prefs-1.js

Filesize
10KB

MD5
540334738fa305c4779405eb9466d751

SHA1
34537b6555e7c132ca74a6d42078845ae2cbc1de

SHA256
71fe3c20a4f9799cb86ebc0bbff7775ddc8e0bf62bedadf14708a81c81d08355

SHA512
8479d8b7d51dca877fd247f0ca1087a82dae9fddef5f1dde5f803decb4241ad032240b975a052cb7157e85798afb07dc63afedd21e05ab80030caf05d04570e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\prefs.js

Filesize
9KB

MD5
af6adb64d28358a12c4946b91fa67fba

SHA1
9fdb666f9dc6168fabe56fc9b26d4175b9d0ebff

SHA256
037e3b240d60dcb3674733b244876d61655d3512d2ebe65a66fbc7336788a9ad

SHA512
51a78acc09c76c1b4ec5339d9950e638c13e61e77cee45cdea1e573c8ca320737193efcec8a6d1ea33b34364851dc14900308b70f2172338d7bc1599d1d181a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\sessionstore-backups\recovery.baklz4

Filesize
41KB

MD5
eac6ecf7c38f05704a54bf6f08c75e0d

SHA1
9a878e09485812f8f7790c62ba89a506e34afcd1

SHA256
0f20204155d0e42396d63548887d842ba832d09bf618abdbb07e5e77abe9f163

SHA512
857ef0a5681036b35891e9df94b6bd18dd5701e35fd2d1c99b3ed1b2cf838019d3c1ac56a4fb760d02464afac82d6270618a21d57a002e8f388d866e929fa96b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\sessionstore-backups\recovery.baklz4

Filesize
41KB

MD5
1e39575ee6bd92a8dd78f95f7de3d483

SHA1
26dad65296579d522395d59d479643fb54e77c38

SHA256
51fe6489acc9d14841ae8e1ebb61279a6e4911347046eafa4ac76317af189104

SHA512
ff53a8100160c562fdc99272a6fe2355cf07ef4bf2a338a3506178a28931cf516ca15de2f6e82e624a2c55b837ce60366d23d5fa492b4405c03a0cf755a101a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lz7hko67.default-release\sessionstore-backups\recovery.baklz4

Filesize
41KB

MD5
9a1f1934c53a7915e25d653f776d2ee6

SHA1
e8892c99dd8c891552444051ff99d1b4744c639d

SHA256
2e2b3d220b9689497eeddfcf737a9ac33b1a9963cb55416e956deb4da926726c

SHA512
01836a6a061c48449d11bce57f86687cf16a1fa28028aec79511b3e19cb634f5376c0996ec30cc0bd0286b279e331d15466f4fd3ef6233d8a741a5a714885fbf

Download Submit