hxxp://Roblox | Triage

Analysis

max time kernel
125s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Roblox

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4068	firefox.exe
Token: SeDebugPrivilege	4068	firefox.exe
Token: SeDebugPrivilege	4068	firefox.exe
Token: SeDebugPrivilege	4068	firefox.exe
Token: SeDebugPrivilege	4068	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4068	firefox.exe
4068	firefox.exe
4068	firefox.exe
4068	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4068	firefox.exe
4068	firefox.exe
4068	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4068	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 4068	4300	firefox.exe	90
PID 4300 wrote to memory of 4068	4300	firefox.exe	90
PID 4300 wrote to memory of 4068	4300	firefox.exe	90
PID 4300 wrote to memory of 4068	4300	firefox.exe	90
PID 4300 wrote to memory of 4068	4300	firefox.exe	90
PID 4300 wrote to memory of 4068	4300	firefox.exe	90
PID 4300 wrote to memory of 4068	4300	firefox.exe	90
PID 4300 wrote to memory of 4068	4300	firefox.exe	90
PID 4300 wrote to memory of 4068	4300	firefox.exe	90
PID 4300 wrote to memory of 4068	4300	firefox.exe	90
PID 4300 wrote to memory of 4068	4300	firefox.exe	90
PID 4068 wrote to memory of 4764	4068	firefox.exe	91
PID 4068 wrote to memory of 4764	4068	firefox.exe	91
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 868	4068	firefox.exe	92
PID 4068 wrote to memory of 3920	4068	firefox.exe	93
PID 4068 wrote to memory of 3920	4068	firefox.exe	93
PID 4068 wrote to memory of 3920	4068	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://Roblox"
1⤵
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://Roblox
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.0.1459485582\1744823209" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff469e62-ef1a-4cd2-99c3-53cfcc984fa6} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 1964 25ab6bb3b58 gpu
    3⤵
    PID:4764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.1.1970714965\992419176" -parentBuildID 20221007134813 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {541d1411-e98a-4eed-b19b-c98a8dc24326} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 2388 25ab68fa258 socket
    3⤵
    PID:868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.2.1854843533\1191439098" -childID 1 -isForBrowser -prefsHandle 3296 -prefMapHandle 3292 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d64a9600-aa0e-4624-adf6-b14e8c9b4c8a} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 3304 25aba9d8958 tab
    3⤵
    PID:3920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.3.1411162546\1700506032" -childID 2 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da26ead9-d32d-4793-968f-92504facff5d} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 3948 25abb968558 tab
    3⤵
    PID:2024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.4.1642973185\1851006470" -childID 3 -isForBrowser -prefsHandle 5056 -prefMapHandle 5052 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e34fc1a-6680-4e8f-be47-79f78d63b690} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5032 25abd0bdd58 tab
    3⤵
    PID:3024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.5.717667221\1814344930" -childID 4 -isForBrowser -prefsHandle 4952 -prefMapHandle 4980 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41d717a1-5112-42fb-9c1a-64866236c9b6} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5064 25abd0be658 tab
    3⤵
    PID:2880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.6.1905535364\1285644190" -childID 5 -isForBrowser -prefsHandle 5180 -prefMapHandle 5064 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abf9abdc-a2a3-47ec-90ee-29679bc26345} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5436 25abd0bec58 tab
    3⤵
    PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3844 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:5636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
8c5622b59aae09ccdeae54b808542a3b

SHA1
dfc3d46203b97dafe51fbb6ec5868e692839c581

SHA256
08fda79430f6d45b3981a5677b7ae37891223f53f17845cf806b0db03ce9ab53

SHA512
2c6019cb49e8608bf25648f3c908d8a2b07f71f678d81e08473085cc00d34ed97eedce09d2614635630262ba6317e14aa76dfc7eb48b00cd81446b3da9d362b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
6133fed135ebc1e2e662c1f19a5880f5

SHA1
2c23e09f2d6abcf1283e6b1d3046916190d545fc

SHA256
36e229caf7555b85a6a89fa0a2f6530b0ee7b5056da21015944f1d0d42f8efdf

SHA512
29946fc76bb79b1b40a02da157aefa39f739718cea4944665a008e6e338c083ec2e05674892cb27f1433c0e017de075325ede6061d740af794b9a6f8e4a274b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\38264317-41e5-446e-9e78-b8228b914033

Filesize
11KB

MD5
f82c26ba86f10533ca7489bee334233b

SHA1
22dd59e3bd9ace5b824f126d2f5c4641b4170b72

SHA256
043568985b9d124c44f3b9b558a1af6d7acee86552271e02292f2cb6bfd3b9fb

SHA512
cfc131cf7c0d9e0038ca2e25b15b901f9438201fe59487d8ce33605609fa1bd7ba5922f38e1e358b5bad910968d8df2d3868b250c10b8753466e9dcb32c978f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\75500059-0f86-42ba-9c74-d9624b34bb08

Filesize
746B

MD5
bfd8977b512f0d30442faeecb5e8f6c8

SHA1
78f15ecfa250665fdab4dd59637355c46e506000

SHA256
5a86f2e013a34a06832d5233856e5ef0e27055b3168cec760266131540c0568b

SHA512
88b87f85add709b2e00d0f125ab31fae628316b65f49506b7c47006576c01ab0b0c29ff50a2c35d0f8bf0ad8e23ce9c3c26a94bb805500629c2be651f971e692

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
9f2f588de91307db7d8a412f5c80f19a

SHA1
e71c68a9bebc5c2cea68318599dc34a4d196b22a

SHA256
3aed42f0ab7841d74e620a0e998a65faeb751d476db27a01105e101c3d9bda03

SHA512
2fe14bbb664256cda176e1e0102f1565deedddf3ee92069ba88530231e470aa7678b939dde4d610ffee3bc5e2a90c4525cce8f302a6b571f136332a39040faa1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
9KB

MD5
30ab742aac9ebad243f8e2d677831df6

SHA1
4653dd1a07308406d69f07c548100e2ba08d3400

SHA256
d9a9eb7809f3904789d56433f67cacb75371b3ae8b35a94e9953743a3f5d9dfb

SHA512
a65943c09c06da2ceac5c151d54ac033b49f2ebb6fcfc6c61a6c7e5d901f055a6c9b5bd489a09e68a6195148fefb4218d5cb9caac0ab7fdd5da893373960f479

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
8d12575d4612cc7ea71ae6d010259387

SHA1
4dd3d7bd95745e0b9173195b659a8792581810b1

SHA256
2f091e6af9208627a6ed568f17aa4de4e086e593d91ce03debc8ba45e7c9f6f8

SHA512
9c5cac3cb9aa3ab60db1f35ff11f29071840e5d9015e5044b9737b823b4b96a8e8dfdfc00723f94d4f1eebabe3da5d0a4d7d3f681bfdfda9c9b71c3ddd6098fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
a4f517f3624d9216fcd38fe80c6d9eee

SHA1
e5d3cbd60882def7481e62e05a75b9e7e5506202

SHA256
20ff3a41987dc41bd631a621ae35ddec04f7fd66845df7f1f418f899028f9f9e

SHA512
3decab9329398cf741d8d86db80d73202daa9231edf6e00a8f3c3c37c47f4c88d826d7635218248df5d21e0d05d338dc984affc116aebf64f7071f5f94fb31a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
e046146d05805648e94b3fbbb054f16c

SHA1
ff596ab850bc5517593442b97bc0ba0e6a95ef7d

SHA256
ed9ef50885fab7eddcad734fe4279821c9e9f3176c6b4b692c38049237a63170

SHA512
5f1a76dbd70b819858d4635f19bd8b7d77b4a621ca882c5dd859968937f5c2c7d18b86f6653f599e4da0b1956dfc5b68aec7fd9248f5332f49a408ee13370c05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
276ac8431271850cc2fab6fce25aa6a8

SHA1
9d6457d6c4c082e11642d4dbd181d99a8d38f1bb

SHA256
5e732dccc54bbc663b08a28cecd8fae38f93e76861d3b8a71e0202cc8efb612f

SHA512
fdc6ee6d8753e106dc669ee40282e5a9721c5bf779fec531b035a70c176137407c7dc27221e67a0b991657f1e6c3b29dd4b7c3bd916ec11d2f0fc3ad62b05536

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7ba52be29cf5bf66b9d7d19e855be857

SHA1
09dff51f4d0262fecd25925694fc65bb8ae57c13

SHA256
3a9b2f776e55b55b027e0fa113f6677f8c9f5f35678817c5de4ef27627c1d0a2

SHA512
795e091ed410d89aabc1a094833a50c76e49234e85f159f496d3f8e347ed156be17c861926689a695ee8a9fdd905ffbc3a307812c6efb0f9d45de5a017a2ed61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
89fb414d778d11d3a12991de60301815

SHA1
1d7a63ca92d9ad28930ce2feaac8c71c3f699ef7

SHA256
935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be

SHA512
49f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b

Download Submit