hxxps://steamgift[.]cfd/105394106

Analysis

max time kernel
76s
max time network
92s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
31/03/2025, 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamgift.cfd/105394106

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
30	1140	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1140	firefox.exe
Token: SeDebugPrivilege	1140	firefox.exe

Suspicious use of FindShellTrayWindow 20 IoCs

pid	Process
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 1140	3364	firefox.exe	82
PID 3364 wrote to memory of 1140	3364	firefox.exe	82
PID 3364 wrote to memory of 1140	3364	firefox.exe	82
PID 3364 wrote to memory of 1140	3364	firefox.exe	82
PID 3364 wrote to memory of 1140	3364	firefox.exe	82
PID 3364 wrote to memory of 1140	3364	firefox.exe	82
PID 3364 wrote to memory of 1140	3364	firefox.exe	82
PID 3364 wrote to memory of 1140	3364	firefox.exe	82
PID 3364 wrote to memory of 1140	3364	firefox.exe	82
PID 3364 wrote to memory of 1140	3364	firefox.exe	82
PID 3364 wrote to memory of 1140	3364	firefox.exe	82
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 5112	1140	firefox.exe	84
PID 1140 wrote to memory of 2492	1140	firefox.exe	85
PID 1140 wrote to memory of 2492	1140	firefox.exe	85
PID 1140 wrote to memory of 2492	1140	firefox.exe	85
PID 1140 wrote to memory of 2492	1140	firefox.exe	85
PID 1140 wrote to memory of 2492	1140	firefox.exe	85
PID 1140 wrote to memory of 2492	1140	firefox.exe	85
PID 1140 wrote to memory of 2492	1140	firefox.exe	85
PID 1140 wrote to memory of 2492	1140	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://steamgift.cfd/105394106"
1⤵
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://steamgift.cfd/105394106
  2⤵
  - Detected potential entity reuse from brand STEAM.
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1980 -prefsLen 27097 -prefMapHandle 1984 -prefMapSize 270279 -ipcHandle 2044 -initialChannelId {f8ed26ec-84c5-48e7-b734-d16702574a37} -parentPid 1140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1140" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:5112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2440 -prefsLen 27133 -prefMapHandle 2444 -prefMapSize 270279 -ipcHandle 2452 -initialChannelId {ade6db86-1cb9-4f7a-8746-fb4c8fdc4e21} -parentPid 1140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    PID:2492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3836 -prefsLen 25164 -prefMapHandle 3840 -prefMapSize 270279 -jsInitHandle 3844 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3852 -initialChannelId {6af783c6-1ff3-4c2d-b677-d4cd2cbf98a0} -parentPid 1140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:3120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4036 -prefsLen 27274 -prefMapHandle 4040 -prefMapSize 270279 -ipcHandle 3980 -initialChannelId {e470a316-1f6e-496d-969f-f57588bac5cd} -parentPid 1140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1140" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:4212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2580 -prefsLen 34773 -prefMapHandle 2832 -prefMapSize 270279 -jsInitHandle 3128 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2812 -initialChannelId {cc7bfcdc-2971-43a4-8f76-a5095e1ef603} -parentPid 1140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5084 -prefsLen 35010 -prefMapHandle 5088 -prefMapSize 270279 -ipcHandle 5076 -initialChannelId {8801af68-c144-4555-aeab-40dd502114f4} -parentPid 1140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:1436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3192 -prefsLen 32952 -prefMapHandle 3196 -prefMapSize 270279 -jsInitHandle 3200 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5536 -initialChannelId {68d8138d-1b1d-4372-add3-a92fbdbb4f1d} -parentPid 1140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:5800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2904 -prefsLen 32952 -prefMapHandle 2908 -prefMapSize 270279 -jsInitHandle 5660 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5668 -initialChannelId {e2037a3b-67e1-41d0-bd5f-e7028b6d7511} -parentPid 1140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:5824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5844 -prefsLen 32952 -prefMapHandle 5848 -prefMapSize 270279 -jsInitHandle 5852 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5860 -initialChannelId {79066085-d324-4023-b265-f99bcda708cd} -parentPid 1140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:5228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s50w9h92.default-release\activity-stream.discovery_stream.json.tmp

Filesize
29KB

MD5
f97cfe8655d558c13a835cb29e535a08

SHA1
9aea865450a84635c4ee9c4634c9c8d3c86cd974

SHA256
a4df9a3ee280ee58097961e604d0bbb7ccfac79422b2ab6e813c6039226c0abb

SHA512
4385faed975ab01bbabfdbf0bdad68357d7a02a2aca851a8bbb498dcc46807a1db57765d7f1394f17e216f92d7929a548082b8bd20649f275998c8be71a9ea6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s50w9h92.default-release\cache2\entries\019241C1069094C3C49E65C12E2F2F3CE88E3A54

Filesize
33KB

MD5
62994b32b2fc289ed703661dc4acb97f

SHA1
d646e1310f8ce9ea17e5a7631246192b2e34f342

SHA256
85080eb8caa1edd6ee71359ebc9e25b9ec624217e7be8b33480d2c248a3e95bd

SHA512
b996630ac0b26479fae9e968fd60ad367c04323d4cc9aef61e627095c26c8a269f6a15b21368331a8581decacc5e65ae5d3a8d0e507c8719682bc02a619a990d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s50w9h92.default-release\cache2\entries\9FC5BC90A8B92874E11C18EE198341C9CEA593E3

Filesize
118KB

MD5
0afa9518ca7dc24774adad04f42d6f7d

SHA1
2926d20541de58915351f2a2e1d17462d3492b84

SHA256
a5713e4ae7ec4b9cb3fe14c0322953a8015b0816a33f404c6faff6eea092e78c

SHA512
bcba56277afd0695a34d8210d0c3e1768bedc668a77bbd9b2f7f47bc37c735e1da93a81c47a8b2cc8b60de2ea50774716e5b0e0e4f6afca0d508949ec0903118

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s50w9h92.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
13KB

MD5
4f85862c91c92083d0c734e9cedb453e

SHA1
41dae8cd6d243117ff8754782a29c76dd2f937cd

SHA256
b6b676186fadf42a9f7109c16c8f57c76db57ca7ccb633c0a1471ca941a759c9

SHA512
e546f8206e0a285fc178323a27ea142f84014dd788bef3d3cbcc0c4f182c7e1f1de58a36da4f68424465dd58de93b609f4969a16962ce43f743c581fb6fe04be

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
11KB

MD5
25e8156b7f7ca8dad999ee2b93a32b71

SHA1
db587e9e9559b433cee57435cb97a83963659430

SHA256
ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

SHA512
1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\AlternateServices.bin

Filesize
7KB

MD5
e091b6ae2104bd0960cb0ceb7a6beed4

SHA1
898b8c013acc2cebb33dd2e956c7dabf419c2ca3

SHA256
bfbd3e9c97b06c9a70e4ac26a0eae3411007395da244c5bfe78dbd79ca39dc74

SHA512
bcf7a61860f249ff86e629e1e77466e4a045ce329af2afd08e9713c179312ddb033a779b4ff3d3565b0ac63d4e2d2b1d061b4762c9d3f68a8f8d296b419f6904

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
bfc1b198f2aa60db934d169a71b3cf94

SHA1
a7d37b4efaec3f03c20760b75f9f42a999cdacbb

SHA256
4d09df983c44aa45ac0b4e94a194d828b677a0f85b8d7d42d60fc6c7f268dc29

SHA512
56c253ad938685aa06a8e57c0e845713a47999616617a11a845c515067266cd0fa5eb701fd5f14fb243053e47e734095c2d172411924f1eac833ecb44548ae22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
614d9ac7609ec13c1e529c68788e79c3

SHA1
136e5d0e7f5751d739675622b12767fa80374c56

SHA256
c84bd07b86036db3a6dc3d6b82bcbddab2f5b2ad6bef2b589e1ef891d750c4ee

SHA512
a38505fc38adcccfb754b1111fa5daa85da20c21deebd38fdf472ec2feb3d68cf2803556ac4d1b27c1b87297c1c65869a093603cc0a51c06edf30b052df79255

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\pending_pings\0c2b235e-0b39-4382-a249-36a3a2ee1bf0

Filesize
871B

MD5
67e79edaa82714397e644ac751e714ae

SHA1
c40e735d1f6b699b8a9e1fd80d0744093a4657ff

SHA256
bd069fc56f7a0a321fe32a0c8275419e5e09b074a13448f64367257680dc7f89

SHA512
143550930b4bd199b98c1c49e43a80e6ebb15473c7315f25cc8cd2e93987fc80e353bfc7470e0390939c6f802ca2c7895fcebc17ca521daafaf1a9c265c2733a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\pending_pings\1735bf9d-bb9a-4026-a9d6-001c8902dabb

Filesize
2KB

MD5
d19e8606040c79566a524b732c3daa3b

SHA1
69a27151b84e2cfaea6df7250ae3a601e891799d

SHA256
5926f5519c7eae7560bce6c095dd9f4e7a2e33de4692cb713f61ccb74a0b17e8

SHA512
abb3a50f42d9404c970c3910116d416003f9bbcc7b26b586e5fe5b264b98dd402ab68ef90dbf737d79ee49dd52289c0426246a6c2ae9f3147cd0ac2d9873f681

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\pending_pings\9f641758-de81-467b-9bf0-f77dbace4e75

Filesize
886B

MD5
656b5bc9ef3e7e0d810eabde29c2a863

SHA1
1322712514b26795e3f5c4fd5e642c1aff2cb826

SHA256
123d3427a7c3824906707a07a2cbd30324b2ead45030b78c920130b70ffdd570

SHA512
7a307edc595338986ba5ccbfcb9c86c2afe111802d1df40625c7507e5a6c59f959d645c3b60e868e8e84505c939f84a69e4a78f949f2604c14611bf4a8e19e70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\pending_pings\b22b1487-4fc9-4727-9003-153e1cbee19c

Filesize
235B

MD5
eb48386bb19c63e90f8558e713d4f933

SHA1
c30c06fb20a7dc8444c58bd03667041fd60c08d2

SHA256
e776b1166c9a8ebd77b3925f993c4bcc5eed11165ca068863e6e88a149fc58b8

SHA512
b0788d014c8d69637f183acf91b625c9c2fa1b2424f872f1a21812efcf45837e61320cd202d25fa6daf8e1e2dc80cfad9c8f6810d2f202591c1278325eb10ba2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\pending_pings\ea935819-e667-45fd-ba14-9278fe3c41db

Filesize
235B

MD5
6ab9feee2c75126208cccc35d60badc3

SHA1
1251ac110e27db6cf5247be5b531c10621023baf

SHA256
6121588cc2c75cd0763536966bc60213480cee4a6a799bc65aaff0c499ed7b7c

SHA512
3efb608d3de9fb7ff9e4cf2f6c4c8b18688c4f5c8e5e76346e77e21a02fb1f623f1dbcabf7459d9c544ded78efe1dd2b5ab1f3ebae165c6b9532017b43faf193

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\extensions.json

Filesize
16KB

MD5
cab3a3fc9d14aff6901fdfece6a5111c

SHA1
ad5480b787eaccb12f773643c52268c932c72751

SHA256
bb0c6dcb7dffe2aae97c242cf5f7bf0a455855d4089648a33a66ae1fef8d92c2

SHA512
7d0dbcb9440a7ca51b6be9bbf97f95f95bda0c8b243f348aa48a71822aa3ad21539dba10183c29a24fc16a39a3b12fe152f3d8269e6175c0291f50e60b67b2d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\prefs-1.js

Filesize
6KB

MD5
c21571bfb262cfa7a483e72c1c21b4cf

SHA1
70b4da8e1793c7254bd4183061eb7f7d57a0359a

SHA256
52d5e82b8dbe69f047d2142d6418ddbe585971b22f94e071042f31bdd61ffb50

SHA512
6c47ae201492e4f37c9e5f9ec5b45c1d931acaf8a229dfdc34d2842c0a9f8f2a303a927d463e16e37a43b51f2c227233e8fa9893c4799ab527ab5772c300367a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\prefs-1.js

Filesize
8KB

MD5
ef766b6cc2ecc18cd67343a301115f51

SHA1
3cc9a9e37968e5f84825cc2ad97b6eee71633e71

SHA256
1c00bc22c894ce506b77d839ddbeed063a691c21ba202580506e6850164640f0

SHA512
7d355b7e137b1dc61f60dcfe9200c2da32004c1d78405476d16a7e9ce0694177b87329831a6fe30fff6073a72918427d3038d8037b2c2081ff210d94fdd07857

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\prefs.js

Filesize
6KB

MD5
6f89d4fb1d06c76f59196a95a27249a9

SHA1
e2b37f00db0aec28e2b737f74adf58b48993343b

SHA256
b7114eb584c8c6c79c3a1e3063e0c657efa2dcd0d0227d3ac6e480da7d68f4be

SHA512
d24a8fc69eff178e7f4f1c178fb2e6089646fbe63a9fad3eed8f8e2acc7c00cda545ce585a305623f0e7889e8aac806b88980dc12f3a6116734d1b2134c2ca12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
9e483deb9cbf1231e94a689d110fbfcf

SHA1
fedfd88f6ccf45262f3fbc2e9810301a1a8a00bf

SHA256
0fc0561aafac7a37d06616de7bf0c177ef07dc47c3481870fb324f455c63358e

SHA512
ef926cce7dc8e4e0e446769a65beb71b233d8623688cd7bb5996b0130c075fc6902c869daeeae72cfe029dc53988688c1b8f98c2a3144c0bd5ea206695581df1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
153d4ea561787cac0dbce11d917b4b56

SHA1
70908b6ea9ea6ff9cf4555f8bfc92387ba0ee0d5

SHA256
64ed24517caad8f43aed007058c8cf7ce587fcf82305486ac20c9c7bedd8e98a

SHA512
b30682a322cc6eadb5e18f95c25c3f9023fddb6436d15ba0b9e4dd7f3a418589df6f4b63ac9940dfcb674bae4d4e484b4159f74f64dc0cd5557b44dd860d2bf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\storage\default\https+++steamgift.cfd\ls\usage

Filesize
12B

MD5
c14b5c57472b92f120f0c4772de266f0

SHA1
27df6989d0aca394f4392a5948f224b02c264027

SHA256
937b09e309d2ca54bf86dae0877dd2d032e028970dd78ab72f5d3eb42516ec41

SHA512
d7f541cbc5ead372ea401d81daff177519e3f01bdef0d01783662180a932ef45444ae29af408563b33b0655ac40b8b8e1f5be2129986469053281f608518a763

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.5MB

MD5
76310157b36c50395f371b1548968b3e

SHA1
9d3341fe3affeaef6446997887ff79cab528bfd1

SHA256
a0b8178cffd6faa46355dad9c3116f0861148fb4de05850821cdec9ff76106e5

SHA512
ce1a54192e6aaf0014d12422f5079b2ffa0692f52a9e1b89ade11dafc46979d09fec6f98fe22acaf55b528b4eec40d178a478ddc1c4e0e5b3d382d9a302db671

Download Submit