Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 18:32

General

  • Target

    Free-Robux-EXE

  • Size

    253KB

  • MD5

    8701e5e1960097c6ef3a286d5d948f0a

  • SHA1

    10b55179c9863d4c88777efbe3e07b6236efc951

  • SHA256

    55fc468737e15de1b24b0bf2c6fcec653ae9399eaefd613b6a62bdf89fcecd38

  • SHA512

    8540d1b0ac75aff29cd58710a3543b679d0769226f60cee4d33f1b9b835adfa8e83510f70b7754078f7f8859f48c2f64e9fac47b3fa3b7daf26fc9e0dfe68518

  • SSDEEP

    6144:7ZoPY2n9dH5M2vkm0aWyRv3pId9RxH9mvZJT3CqbMrhryfQNRPaCieMjAkvCJv1E:toPY2n9dH5M2vkm0aWyRv3pId9RxH9mD

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 55 IoCs
  • Suspicious use of SendNotifyMessage 51 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Free-Robux-EXE
    1⤵
      PID:2708
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4896
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6e7b46f8,0x7ffc6e7b4708,0x7ffc6e7b4718
        2⤵
          PID:3080
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16200592390998209127,6084530895591820315,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
          2⤵
            PID:4356
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,16200592390998209127,6084530895591820315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1988
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,16200592390998209127,6084530895591820315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
            2⤵
              PID:1652
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16200592390998209127,6084530895591820315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
              2⤵
                PID:1356
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16200592390998209127,6084530895591820315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                2⤵
                  PID:4028
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16200592390998209127,6084530895591820315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
                  2⤵
                    PID:4724
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16200592390998209127,6084530895591820315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
                    2⤵
                      PID:640
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16200592390998209127,6084530895591820315,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3604 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:6068
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:2912
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4484
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe"
                        1⤵
                          PID:3436
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe"
                            2⤵
                            • Checks processor information in registry
                            • Modifies registry class
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            • Suspicious use of SetWindowsHookEx
                            PID:3020
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.0.386991422\1615273299" -parentBuildID 20230214051806 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c762f4b-c49a-492d-b96e-6a432eaf49cc} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 1888 29a1c0b0f58 gpu
                              3⤵
                                PID:4940
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.1.1588672995\2093572871" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ec5a038-a0ae-4b16-9545-21401394df62} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 2436 29a07d86258 socket
                                3⤵
                                  PID:2688
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.2.257653460\1626823709" -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1258775d-d0e1-4065-a060-4736a1373dbd} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 2976 29a1e8f7158 tab
                                  3⤵
                                    PID:3940
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.3.1960682621\1622563271" -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b78007d9-ab94-453b-9c4a-1ce1fa46411e} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 3680 29a07d76b58 tab
                                    3⤵
                                      PID:2612
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.4.1121927017\721836528" -childID 3 -isForBrowser -prefsHandle 4956 -prefMapHandle 4932 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c12a59e-230f-4139-975b-01a7f651209e} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 4964 29a22e1f758 tab
                                      3⤵
                                        PID:4792
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.5.1747363688\1897095577" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5104 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f0892ad-89f8-40e8-b6b0-a22ea87f8d49} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 5088 29a22e20058 tab
                                        3⤵
                                          PID:3720
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.6.1089070221\577694696" -childID 5 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf3b3e7f-811a-405d-94d4-d9efa3f49c4c} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 5272 29a22e21258 tab
                                          3⤵
                                            PID:3532
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                        1⤵
                                        • Enumerates system info in registry
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        PID:1416
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5d80ab58,0x7ffc5d80ab68,0x7ffc5d80ab78
                                          2⤵
                                            PID:512
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=2024,i,17108230462573328136,4717012228254174365,131072 /prefetch:2
                                            2⤵
                                              PID:5252
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=2024,i,17108230462573328136,4717012228254174365,131072 /prefetch:8
                                              2⤵
                                                PID:5260
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=2024,i,17108230462573328136,4717012228254174365,131072 /prefetch:8
                                                2⤵
                                                  PID:5304
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=2024,i,17108230462573328136,4717012228254174365,131072 /prefetch:1
                                                  2⤵
                                                    PID:5448
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=2024,i,17108230462573328136,4717012228254174365,131072 /prefetch:1
                                                    2⤵
                                                      PID:5456
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3608 --field-trial-handle=2024,i,17108230462573328136,4717012228254174365,131072 /prefetch:1
                                                      2⤵
                                                        PID:5684
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=2024,i,17108230462573328136,4717012228254174365,131072 /prefetch:8
                                                        2⤵
                                                          PID:5312
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=2024,i,17108230462573328136,4717012228254174365,131072 /prefetch:8
                                                          2⤵
                                                            PID:6040
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=2024,i,17108230462573328136,4717012228254174365,131072 /prefetch:2
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:3492
                                                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                          1⤵
                                                            PID:5636

                                                          Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                            Filesize

                                                            2B

                                                            MD5

                                                            d751713988987e9331980363e24189ce

                                                            SHA1

                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                            SHA256

                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                            SHA512

                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                            Filesize

                                                            6KB

                                                            MD5

                                                            7a9a0283bf0c6a7828f4fb125fa7a730

                                                            SHA1

                                                            3951497d56482fe0c0f99a4930421994381856e2

                                                            SHA256

                                                            ab6a915dc11f782edc2e069dcbfd45017c0303f5a1926539ba3f4111a99ca28c

                                                            SHA512

                                                            89737fba9f5814c080415354aeb1252672faa75a9715ef91df17743940a87bf6b14020cc924289ff8546f7c810e37cc2198ae48dfe037d60f844a68dd93c27c6

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                            Filesize

                                                            257KB

                                                            MD5

                                                            465bf4b183cf7905d656af65d40ebaef

                                                            SHA1

                                                            f5e53400ae9cdcdc9b0e733748180f369fe020bc

                                                            SHA256

                                                            88123793f676d99b5522375ea7e6f94d81c570b99ff7d97ab921005f948db326

                                                            SHA512

                                                            a11c2fe670d956ee43c0b7ddb9f64bc9e5bb15dd2e20ae0775006c635caceb623bb9485d3f2c7a51ef111d12c74409ba23c5655dbf10e4cd56168f3c0dce1c05

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                            Filesize

                                                            257KB

                                                            MD5

                                                            4c7853e5205fd92bfdfdf15c03ae6114

                                                            SHA1

                                                            fe119b0e988b15550692c5baf23da64b44e7dc65

                                                            SHA256

                                                            342bc7cf0cb60041940943d3a93f0bd2a1cf52121615e4363ec10ebc3c086e2a

                                                            SHA512

                                                            a9430d29ac455e7107d3953846f81faf65c1ba9b96d868331d9f82af5d38df91cfec6846bd0bcf6757e692563d6577c66fb2a7b1ebedb31a2cf21ba36fe0f8d0

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                            Filesize

                                                            152B

                                                            MD5

                                                            56641592f6e69f5f5fb06f2319384490

                                                            SHA1

                                                            6a86be42e2c6d26b7830ad9f4e2627995fd91069

                                                            SHA256

                                                            02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

                                                            SHA512

                                                            c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                            Filesize

                                                            152B

                                                            MD5

                                                            612a6c4247ef652299b376221c984213

                                                            SHA1

                                                            d306f3b16bde39708aa862aee372345feb559750

                                                            SHA256

                                                            9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

                                                            SHA512

                                                            34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                            Filesize

                                                            5KB

                                                            MD5

                                                            f50065af2d59e9d504f29c592c7d0e87

                                                            SHA1

                                                            dd39db9d901f0389c04711489be5d888b46c6602

                                                            SHA256

                                                            171cc2f51b8484fd9c4f6fdcc3b800394b9feb95c403d28d59530d9c3eefcb8b

                                                            SHA512

                                                            987ca45c3ff5414fd5b6320a66d102c07c38f0a06ebb8ae1c9df817cebebb4dd682748cbd53e109c7b56d3b52b788789b521109d73dcd5f71adb138ad64d7be7

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                            Filesize

                                                            8KB

                                                            MD5

                                                            f5fa170d0b40e862160631f9a7dec934

                                                            SHA1

                                                            02c782c5bf55af8f92d6f7f35b8e14ca722fe2d9

                                                            SHA256

                                                            28d7554ebcca0fd9eb5c49b6f96e19de4367f7ed81b59e10b5d058c02a183891

                                                            SHA512

                                                            71f65562e4e503a3183041a35b0d2e6921de917c189cd52c66b59979ce65e97d441a0186519bbd7700cfdeb6f45b2fa0a10d38e48b1b4e4fce30957abf04922c

                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\activity-stream.discovery_stream.json.tmp

                                                            Filesize

                                                            23KB

                                                            MD5

                                                            96d3dbb9960c87e740a8f5d984f10608

                                                            SHA1

                                                            08dfbda952dcee8f33ab66ec13f247f834498402

                                                            SHA256

                                                            797dc0e02cb1c31949caf169d0beece8f8c279813371dd706668b9dc0df35285

                                                            SHA512

                                                            f3353493e2256afabe1889b756044e75d511b36f40e87e72a6c400bd97728982b874a7107b04d7b4374b549b27574db2c812fc7e2af45ba5d9e9ca410857ddb0

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js

                                                            Filesize

                                                            7KB

                                                            MD5

                                                            c93fa2e8f4f8992251a356d8e3aad02f

                                                            SHA1

                                                            f79bc97603ab8624d1a34bf300a7610392cb11dd

                                                            SHA256

                                                            834f558d45353e3ee15930d38f76457768aad7c01c5787f7d217cfcdaaf91f1e

                                                            SHA512

                                                            ca00b95bc51e7ab4cff16387f3670ce873752318b80cefc6f058d6123918c22a3e89568592af2beac824a4a0f13b7b52b61ac80820ca097ed1ae3bd035aebbe8

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs.js

                                                            Filesize

                                                            7KB

                                                            MD5

                                                            bbda8eca4de94d55eb9c90f501d06de0

                                                            SHA1

                                                            ca1045923e0ecf0a354457052b32da79820fdc7f

                                                            SHA256

                                                            4c3ca24eb15f42efae5ac0891d247c4a6666a644b4e05691183a1707e209e112

                                                            SHA512

                                                            e1bfaf3a71d2b48575c77a4a50f2ea17385b66b9e3f6792b53935bacdd1a46893949e768172fcef088dc10a45af8604b3e2ba544644d35681a9fd1b5893c5966

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs.js

                                                            Filesize

                                                            6KB

                                                            MD5

                                                            cef41f58d64a47cde7b2843e98583c96

                                                            SHA1

                                                            bea018b8c46feee4207ba7f24315d1c10b40f2cf

                                                            SHA256

                                                            978b8be4454b91617199ebc44113c3da686574de8951108977b3b66232b2a4b1

                                                            SHA512

                                                            3ae7d77599c8c34fa89798fd28c48a512f3a128c8b9e6f522fbca64a21fbd79c02e61893ea7228dc2d2647f0a65c85209d1490498d958078cf8ed254de263b0b

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionstore-backups\recovery.jsonlz4

                                                            Filesize

                                                            1KB

                                                            MD5

                                                            6a16b13a16fad4d42a0f87f8ba72250a

                                                            SHA1

                                                            88bcdb2ebe0e235a39cb0f7b9805dd0714cc39cf

                                                            SHA256

                                                            cbb866cae92b3e4cb8a658d00b64e7024789f2056031b739d529ba401a349bd8

                                                            SHA512

                                                            a7bce4279495966d46bf3db1ecccc1f41509f779922fe5ff80abead18c2bd07ff9b98e40858b0109d00677d3245423679e5876a21b7b4527d9177ab603ba4d32

                                                          • \??\pipe\LOCAL\crashpad_4896_UIEBVWVAOFASCQIU

                                                            MD5

                                                            d41d8cd98f00b204e9800998ecf8427e

                                                            SHA1

                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                            SHA256

                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                            SHA512

                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e