Analysis
-
max time kernel
144s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
23-06-2024 07:39
General
-
Target
https://roblox.com.py/users/8701596163/profile
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com.py/users/8701596163/profile1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1344 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4116 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5448 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2340.0.160151942\668806241" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {243af234-f590-4596-9777-ef7e7da78e1d} 2340 "\\.\pipe\gecko-crash-server-pipe.2340" 1928 1b31a4bae58 gpu2⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2340.1.801457713\1339351482" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b97569b-356c-483b-8892-1f3695eae6f3} 2340 "\\.\pipe\gecko-crash-server-pipe.2340" 2316 1b319fe3258 socket2⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2340.2.1044490069\146056918" -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de15405f-43c1-483f-aa81-4bb34cb5a290} 2340 "\\.\pipe\gecko-crash-server-pipe.2340" 3196 1b31db7b258 tab2⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2340.3.1671610528\733832204" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 3416 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9379fef3-03fb-488d-92c2-ee54a5bd2289} 2340 "\\.\pipe\gecko-crash-server-pipe.2340" 3392 1b31e8f9958 tab2⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2340.4.180058292\952094193" -childID 3 -isForBrowser -prefsHandle 3576 -prefMapHandle 3580 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70dcd263-0c6c-4031-a274-c1f4d2761e64} 2340 "\\.\pipe\gecko-crash-server-pipe.2340" 3564 1b31e8f8a58 tab2⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2340.5.1292317447\1464669735" -childID 4 -isForBrowser -prefsHandle 3776 -prefMapHandle 3556 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {470060ad-c897-4026-a106-cea93651a68e} 2340 "\\.\pipe\gecko-crash-server-pipe.2340" 3764 1b31e8f8158 tab2⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2340.6.279767039\1113090097" -childID 5 -isForBrowser -prefsHandle 4516 -prefMapHandle 4512 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d065e6fa-0955-40ea-8477-ab68979d8c9a} 2340 "\\.\pipe\gecko-crash-server-pipe.2340" 4528 1b31fb7e858 tab2⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2340.7.131787682\2109143462" -childID 6 -isForBrowser -prefsHandle 4700 -prefMapHandle 4704 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23786746-e5ac-4f73-adab-9b5be14af12c} 2340 "\\.\pipe\gecko-crash-server-pipe.2340" 3956 1b31cb46458 tab2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5560 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5884 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4248 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5920 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5948 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ff825262e98,0x7ff825262ea4,0x7ff825262eb02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2168 --field-trial-handle=2216,i,18379664260399803831,8882918343459829880,262144 --variations-seed-version /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2312 --field-trial-handle=2216,i,18379664260399803831,8882918343459829880,262144 --variations-seed-version /prefetch:32⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2436 --field-trial-handle=2216,i,18379664260399803831,8882918343459829880,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2216,i,18379664260399803831,8882918343459829880,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2216,i,18379664260399803831,8882918343459829880,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4288 --field-trial-handle=2216,i,18379664260399803831,8882918343459829880,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4316 --field-trial-handle=2216,i,18379664260399803831,8882918343459829880,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4628 --field-trial-handle=2216,i,18379664260399803831,8882918343459829880,262144 --variations-seed-version /prefetch:82⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
280B
MD54d17d485678cddb2ec95e17ce7b4633f
SHA1a525d3298132e1503b755bc64360e38ddb7d752a
SHA25623f1b62a5fadada01401be7127b3c3d3b4782a8fd0ebadbc7afd8de8975fb02c
SHA512bae3e56860a79f67b1aab398a69c1422573a3e5e4b593d8f210cac61a4b00983340519e14892b17199c71d7f5ad36efafa8760f97d0366572c139a03399f58fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent StateFilesize
4KB
MD5629dff23f0208468e6076d2be5136033
SHA1e430a9aff99c99278d0b108c9ea10681492cabfe
SHA256eba26bfec9922928169f836f34c2846890c547cbd06e6629367042f8bc5637e3
SHA51246bebd9a65efbc18794f75bb62579d59c7502a183af1efd4114883910642d541394f2b9651f7e71d8936acd4ad015f7362492b8360bdc7a3b66fd8e17440d70f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch DictionariesFilesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
11KB
MD56ea6559cd348425e58085629482a7c42
SHA1d44d20a0bfdfd23afe6ff4cc5dd5b94fb449b039
SHA256463edf1cce5b6667612a6371b7a68602001e8427105f4c2c713fab2f68fab437
SHA512f6dcbd138994afe067150ea930e9d04da83859661e91342da00cd265728dd3bf59d36d43f6937077131ac64c19808985335534661b0fc3474d781931f2546a3a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
30KB
MD56152e2b9f38ce7ebe076aa3d386d0b9c
SHA14abae69e8ca623ef6ff9249cb0925542d6bfc8bc
SHA256658e104bf98866fdb7637c5df7cdb8d0d9e519cf428d2a713aa96e7f5012ec34
SHA51239fd5bfab0be3e194cf7f8e34ada936347c341097b1ab680c3cfb2ac22c6a77561bd2d338807d00c10933ddb6d52a5f65a246c1fea15c3488bf429ae6f287345
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
79KB
MD5a6ec38b7dd08ceac7b386e5afefaeca6
SHA132b2858cb9b42d497498ce07e92885f20b08ed98
SHA256399143fccfece128877961ef2ed00fd3391347445aa032678604ccac04dbeb38
SHA5123d1a6bc858343cd00b18bcb7eab8856f4bd8f4576211e409e35f0cb5d6310617995aa15eff9faa859d1ca0d039ce44b831bc6631a9cef12a51c87f840f7c5d8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
70KB
MD53bd4bb1e76ccf100db7e2ec0dda8bf04
SHA19b59e7c30fdcdb1cd3adeceeab92199bcfa4d37b
SHA256509f211093d813e6351fcba94f246a842a9899be2c7e0b0488d7118f956e150a
SHA512714f3ef31dee3127d732f5760fa112a12573b44a2f7e6052c223dd43c734c513d8517b568255392a33ad02533367aaded29e962512a3fe516e3ab2d3e4ae8bb7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD5a1f29bbb9d9267aff91b930557970dc7
SHA1efa2458fbd61645e9486261db973c73faf861242
SHA2563db5783ad9e43664bfa6abf5dd83fd30a9e05cfee4fc3eeb485a8ba3bd10353f
SHA5120ae6ee950c93184b2eca1b167468f8b5d2a4b320fe4eb6a8ad52a46f1f367443c69e608547ef20d29abc4817dd3d7ad3e3459905a7ff6b4ce253ab2bd5ab9a9b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\851e71f8-7aaf-4250-84b1-55ec25becb51Filesize
10KB
MD5a5f6ec1e17f6e1df3aa82e1f6e252a9f
SHA1f6988b1d7b7834567face67c0bf6189742dc058e
SHA2565752f8f9dac87c79f13fd8afc7d7684fa740796614ef487db51aa319fbcf4e27
SHA5125d13dfe27564e7852330e2d66e01b68eaddc16afe5319664841f4548e68129e88b9ede816fc167989dc08bb8c488633dc72c353edb3b431c2eee82e3390b7c0b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\c4b0e05a-67af-4b93-aa3d-7dc0f9b6f1a4Filesize
746B
MD545b7fa8481345111883c300e60a448c6
SHA19d1d9ddd5eb6562b966e3c10c362b4ee8e26e004
SHA256a49b069cdbe7c9a8751c05a7d31eefc135ecba9cd09fe2837b83f94abdf37774
SHA512078e49c8e8c067f3ae9ecd9d34461685776a35c554ce95333d9614c37cdba197f0d1766a1685b9fb1e68b2460eff0f6c6b388672fc960494229bc86357cbcdd2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.jsFilesize
6KB
MD5fb5bcca88752770838b64fd3913b4ce0
SHA1c8e3e491146e0135431ccad1e3116af2a720f7c5
SHA25601902bbaaa8fa6d8bb4b06bbab040a1e536a43848362f903ee1914cb3eab398b
SHA512fbb7e84c2fdb3b95b9702f4075ef0cad102e6523da3e574e9f9f4e316a61276bf1ac3d0027ee78cd89a3a0add2f5910d9d6414b73748b4255044cbf0bf9841d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4Filesize
886B
MD516636f6b3585240856f8c54a85c5833d
SHA1a658e4dbf810b2bb873df18701945f30583680a0
SHA256148cd882d1b69052553dbee6707b5f0ed1017bb68bcafe357e3d893786cfc4a4
SHA5123f354773f08fc9c413e89d3a8796a5a80f13a08178b31511743795da5e8e33d674af62bb46e08637012078d409d48dfd6f60a177e207209cca7f9dc2689d1ca5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
184KB
MD5b01efd0877d8bb4a5d754d6d5a5922cf
SHA16dfaecd4219afbb206185171c64c777e9c73ae21
SHA256ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90
SHA5126f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086
-
\??\pipe\crashpad_4200_ULSJSTWFZTPFISGCMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e