Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
15-08-2024 11:30
Behavioral task
behavioral1
Sample
R B X 1 2 5/Roblox Executor.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
R B X 1 2 5/Roblox Executor.exe
Resource
win10v2004-20240802-en
General
-
Target
R B X 1 2 5/Roblox Executor.exe
-
Size
610KB
-
MD5
2744b07299dfa1999cff269ea72a2b80
-
SHA1
8f1527af2b2b9f0134d834ab959902ac99b9783f
-
SHA256
91791c26f8831977e9d0b64d25e4e699b6b4e8360377ce3bfec803c5683470ce
-
SHA512
724d7154965865a626b5369afff7d911198d9d9bef728cde2680a0f09565520b69044d21bf063bce5246b52bdad5c46636dd1c1b73a1e0183272a9c1f27be3ab
-
SSDEEP
12288:s/4LI3Kvjc6xh0J5P4bEPcL9XTWMsmNkBFV2KpkL9nI9rNtFamI3v6WZDtWdD+A5:4B3P6IR4bEPU
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2680 Roblox Executor.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Roblox Executor.exe -
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 30 IoCs
pid Process 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2824 chrome.exe 2824 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2208 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2208 taskmgr.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2208 taskmgr.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2824 wrote to memory of 2920 2824 chrome.exe 34 PID 2824 wrote to memory of 2920 2824 chrome.exe 34 PID 2824 wrote to memory of 2920 2824 chrome.exe 34 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2672 2824 chrome.exe 36 PID 2824 wrote to memory of 2348 2824 chrome.exe 37 PID 2824 wrote to memory of 2348 2824 chrome.exe 37 PID 2824 wrote to memory of 2348 2824 chrome.exe 37 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 PID 2824 wrote to memory of 3032 2824 chrome.exe 38 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\R B X 1 2 5\Roblox Executor.exe"C:\Users\Admin\AppData\Local\Temp\R B X 1 2 5\Roblox Executor.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2680
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2208
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7809758,0x7fef7809768,0x7fef78097782⤵PID:2920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:22⤵PID:2672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:82⤵PID:2348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:82⤵PID:3032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2092 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:1636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2100 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:1592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1720 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:22⤵PID:3052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1552 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:2172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:82⤵PID:1968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3776 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3708 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:2132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2088 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2948 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:1048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3864 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:1532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3736 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:82⤵PID:2904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2316 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:1828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2260 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:3064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3920 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3956 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:2468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4140 --field-trial-handle=1412,i,13119388801515889918,15348770629307433779,131072 /prefetch:12⤵PID:1520
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2140
-
C:\Windows\system32\SndVol.exeSndVol.exe -f 46007444 60141⤵PID:984
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:2780
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
PID:1484 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1484.0.1970399652\1859355094" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fc1d74d-b683-470b-a35b-a787f034653f} 1484 "\\.\pipe\gecko-crash-server-pipe.1484" 1316 fc09858 gpu3⤵PID:2784
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1484.1.1724797138\1632571317" -parentBuildID 20221007134813 -prefsHandle 1528 -prefMapHandle 1524 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40fc08cf-33e3-4043-a429-87852d52477c} 1484 "\\.\pipe\gecko-crash-server-pipe.1484" 1540 f3ed658 socket3⤵PID:1236
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1484.2.1075252048\12677730" -childID 1 -isForBrowser -prefsHandle 1896 -prefMapHandle 1892 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1924b4f-291d-498d-b486-2a614825f62a} 1484 "\\.\pipe\gecko-crash-server-pipe.1484" 1908 1a1bf458 tab3⤵PID:2592
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1484.3.1346099083\1202473079" -childID 2 -isForBrowser -prefsHandle 2536 -prefMapHandle 2512 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a12fcc3f-ab42-45c8-ab26-f18ad1d8a3a1} 1484 "\\.\pipe\gecko-crash-server-pipe.1484" 2604 1ce47558 tab3⤵PID:1096
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1484.4.1686298579\1435827154" -childID 3 -isForBrowser -prefsHandle 2844 -prefMapHandle 2840 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2be2e264-2f5a-4982-b360-19633dfa78c3} 1484 "\\.\pipe\gecko-crash-server-pipe.1484" 2856 1cc1fe58 tab3⤵PID:472
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1484.5.1497364150\1879246689" -childID 4 -isForBrowser -prefsHandle 3872 -prefMapHandle 3868 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dbeb306-ae5b-4275-9e4b-8333dc650b16} 1484 "\\.\pipe\gecko-crash-server-pipe.1484" 3884 1ed58458 tab3⤵PID:2860
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1484.6.1494093576\260598613" -childID 5 -isForBrowser -prefsHandle 3984 -prefMapHandle 3988 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad656d2d-df28-4d7f-8956-d9aadb1d7e69} 1484 "\\.\pipe\gecko-crash-server-pipe.1484" 3972 1ed59058 tab3⤵PID:1860
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1484.7.706783247\1017301755" -childID 6 -isForBrowser -prefsHandle 4168 -prefMapHandle 4172 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {195d5114-b33c-4e93-a34b-6f8c1115ceed} 1484 "\\.\pipe\gecko-crash-server-pipe.1484" 4160 1ed59c58 tab3⤵PID:2932
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1484.8.1397149294\735100823" -childID 7 -isForBrowser -prefsHandle 4340 -prefMapHandle 4044 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb9bdfb0-9541-4c46-a4a6-1cae9423f59b} 1484 "\\.\pipe\gecko-crash-server-pipe.1484" 4352 21222258 tab3⤵PID:2808
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1484.9.250669202\256218985" -parentBuildID 20221007134813 -prefsHandle 4688 -prefMapHandle 4684 -prefsLen 26356 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {453ba231-d9d4-4ab0-96fe-8efea7dc9c84} 1484 "\\.\pipe\gecko-crash-server-pipe.1484" 4700 22271a58 rdd3⤵PID:2712
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1484.10.708395654\124239826" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4716 -prefMapHandle 4720 -prefsLen 26356 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca26942c-593d-4c51-92bf-ad67fbb74b0d} 1484 "\\.\pipe\gecko-crash-server-pipe.1484" 4796 22271d58 utility3⤵PID:3076
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
24KB
MD5c594a826934b9505d591d0f7a7df80b7
SHA1c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA51204a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961
-
Filesize
335KB
MD5e2066b1c3c04de44be813b03c797a4b2
SHA16068b3bd9e17d142a48f1277d2c530a76aa95cbe
SHA2562934683a9146472f751259500177f726a034fcf657f378a55b1b993c342dc38f
SHA5126c6b6b3f0d9a62b6676952335600bf396574daa71c4e92d48551e0268e83dae63d606487ca55a1bc5f99e6a926d6d10ad81c1b8a03e0bafa71832d865c7097fa
-
Filesize
280B
MD51bb7a63f861bd4b79669d448013de029
SHA13e929570cefe7c1337ded42f1642265df49b988e
SHA2562089ca6d7bba74d3172854af325c05797b1f4795d7ca558f99b2b3a1836ff3a9
SHA5122047ce39e58188df83e6a3c042aa6f030c0031075f49c133bb989d6e44032e5525ff0010ac4ac6e67dd168835c4f0262685c13b245cd4e00a4c84e5c3e228f33
-
Filesize
19KB
MD5c74622ae5ae76782005be39264de1f4d
SHA112f09806e0af369d9a5948055110594be6c4543f
SHA2562f8f841cb9e5449b2338020917a0409becfec044569c77dbacb3094165a95d39
SHA5125a989a602cc59082dfb81b3d7efa79d43a7d3130fab5d1649d32be970b7aee1fb4a5b40e7f2c1cbc9985457d6bc0d0d931839b17f4be2371d85254c647dfcaf4
-
Filesize
289B
MD581669c113191298a5c3a4b1a16053a04
SHA1957884b0082d83b3b8390543c44d604fc8158de8
SHA256ae3571e23f6318050940404b5f92f253d94dff09a4f978546012c095a69016f1
SHA51288002faa501172a7658ba7444a1900b26d2db728242cda77724e0565c8bdef1069a36c3389fa37c76c4d2ec4416ebeb8d37d463099f265a471dad631691a7bae
-
Filesize
168B
MD5e7bbb0e3b624d783c2ad6770ef2dc495
SHA16c9ac0f2f181957256cb6fd94868d167cdbab100
SHA256fcf5bcfa44d2487eeb0deb4eb9b7965be28dec3f7d91204bc65cceacb474633c
SHA512b6e6f18899569c1c1089da3fa9646cf2b3adb5895d119a1e64082fa9599f9b56cb4f2358600f4f59163897e01d93578603ee6205b49d110c4b0e51ae5cb0a598
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_developers.google.com_0.indexeddb.leveldb\000002.dbtmp
Filesize16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
1KB
MD531a37be07c64ac43f9cbb2b0ec05a8dd
SHA111c4c016f5d9fe1914e70da92f3e88f60c9d1fcc
SHA256ea6e3e805acfb603ea3dedc69479d3e3f422916a823d91a8e6afca82036be6ad
SHA512275edb117dd2c6558719e783f6434d5580fcef4d32ff4fdb4450458bffe09bc88c8bcd3bd1f60fc7cc9559bcf61015314a767fad05e410589068d8c0eecf1833
-
Filesize
363B
MD5f3728a3143096da4e83f75b45f048d85
SHA14eee6d929e38837bd5901f765f1ef1ea5a574eb0
SHA2569f60e6da5bd0b471b0261a0cd3a03fd822b6cc33c71efc2da619a74f78e89789
SHA512b41109de134d2bea4abd435e0a6e286320a79f3982cf2529a97dfa946308f737db7a49283705582234fde730346bd2a415a2237f09896427593ab91a7e880377
-
Filesize
363B
MD520feff1f9ec143157da576fb26e16775
SHA1330ae1c8695921e6e7a315ad4d1c25b53f05a42d
SHA2563618b4ae9fc5589c5b764b81f0c804f36d3e694cc0ceb8ac990c168b197ac43c
SHA512d7d00290a36345b4eb6ca0c26b902594562a76c8d71f55a1237fd2cf6be3080ec7de7508350f6c84426909547b31a70bbd035d921edf50b938148090006376be
-
Filesize
363B
MD587dc8b323ffffe92f75d2ec6ffc3b385
SHA1e9986ddbccdc6ca67630988fccdb5fae518b57a6
SHA2567cac17cee57612c17e7901ff04cee4acfa14d832ecccc163d73b456ff5be3ebe
SHA51202e7e2bd916f9ada064414c1abdf9ca07c90b691cd741087525d2d7df06c86e212648ccc26e50933ca77eb8f3be4581850e0912e41ecdb95aca38e826560fada
-
Filesize
363B
MD51065cef6e8c841e1fdb026a5e2280ef5
SHA12a09b2482bd0927af1b7ddc3a8f12558d1892b8b
SHA2565162235759a61e637b6e2e7082873f0b5a5e22e8b2f40e5b077493a7757159a4
SHA5120c37a457a2446d64fc2105e73288ed00f4a5062d7225ba7f5452ce03b1f981d7893ef4fb1ae5953a03d09d078e979a52d81770a22543508ba05aa1983fd229f3
-
Filesize
6KB
MD51e4c102c6dec246fa01b2af40ffc353f
SHA1fb425ca7eab6107b5db4d72261b999368ceae6ce
SHA256307d689cb9f2af8d9294b411b458df09e53bc5100a5f3550f8a1cea13d984957
SHA512929040b23496dc2735c0076f04156313626f4bf01995c104fa194b370b11864380ac4cf48d19a64296029addf63e2d3521756a1be54585700ef48b6ea4f73242
-
Filesize
5KB
MD5bc7e05d426376b0806447f052108d7cb
SHA197d0969be13e7f6aacb768f9fc2384a645c39f46
SHA256d9012c3af764834e40d5adb61e0fff6119fe16330010be332a69b1fd762413c1
SHA5120141a396a558534a77b26973434f49ab771d61804dd36d7f707a31b1ce86e56dc8b2e8213cb2a0d24fcd56825b1ecfe601103fee32d70eb11a940b58f1826706
-
Filesize
6KB
MD52fdc6737e69c08ab8168bd48863e05b6
SHA116b9567ceabe591e080866a855a52f0e38fc43c9
SHA25662b687844167238f0148b4bb35f691c32c8667fe0b37c73ce1aa4ac445541b33
SHA512fac63daa669ce543c3334cfe1fbe7e445795708dbc99bf29718eebf7e0d38bd4c44c93d258fe01abe7b73d0de04482d0960b24a327284cc47047bbe75e2c3e63
-
Filesize
6KB
MD5ea04eb82d5b30c99309a75666c14b61a
SHA13ad84e01365702d55cdd8c07f6dc353013767881
SHA256c973e26e809ceff36d28ded72b51bb7fe849fec1f6e3d59558ea028b8bcf8d94
SHA51225b9620516fd852a895ad40b602aa5f4e92d76fc861d28d0871df19615f387edf474f5e7ba15de12e8daacf841abcab2730311613bdc0fb97ffa99c97e0319a9
-
Filesize
6KB
MD5b6e4a80f1b37bcecd30b1ea072c93a39
SHA1a87348065b2906333ca8bd4f1023950d1673dc7a
SHA25679c9b46dc2dcb4a261309c11b9f71a5e06d74e0c90c24493c20ecaace34dcc8b
SHA5125c732c61c83e5a7bb6569af1db7d72442b8542a517b2190dedf08e03f46ab346f4fd4551e9da39e87af2e093d1453f35712054ea6cc11d3bf6e3967024883780
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf7862a9.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
312KB
MD546bdebb2ab738d8e90aac6515de97787
SHA1e00668f11cedabf39d48443b43b2790aeed0b32c
SHA256e218f125e9a8773d161bd09389168592946e6d47aa27a6a946a4037701a1a406
SHA512f960856a0e3bf52b00627ed063a3b87948920563de5c557c974a2833d014e1cba549b20a082353531df9c0c2ab228b0d13a7b3b9f412ded9ed681c83c11d723e
-
Filesize
312KB
MD52cad56f7dd7ef73395206e5b3f5fda31
SHA19e97d8c2c03607849bbbec4bcd188c7d8922c375
SHA25648d48e33e29976969e4865a7d1132721b02b34bab0b0219006ff41ee43b4eb2c
SHA512bdcb10a75832742dbd90ee8a0fb2857e5810bec7c6d92fc47d10832ca2d7383e7d4ff10daf507c59f73db67c512fd625c945e6b936cf5a927aa87f8e7b8a42f2
-
Filesize
312KB
MD5625ff05e674b6255926d47bcab9da05d
SHA17589b7ad5dc240064831acd8c89c8035d03dc949
SHA256b7b09189c0664e3f707b9097cbf9a6e099a7a2b18e22062446b2bcd056c9c2b5
SHA512698ba2d456e9a2858647aa88e2598bc9592c05dcc04f2231aa937e9696a3193a1461c7596e7e8a252c4fb9a7e61f17fb16d7d3629a048ad25092d5c4e5ee1b9c
-
Filesize
312KB
MD534544037b6e86b22b3fc7a55d199077e
SHA16cb4f4ec2a9ccf77184e9ed39d0b746da85144f5
SHA256903342f8683309096445b84af681b7b9b726d69cb834c40ecd9fff6971a8210b
SHA512e36a3a4f746ea79c9362ee68a5270f2c185427dbb8917db49658c2a5042c8d7baaf5be323da4c1ef1a8b87c85cb8e509fba2ec59fae3037955d6ded98896c9fd
-
Filesize
312KB
MD5d37c62ce297160f94b4bb3660fbda1bd
SHA1d53d97e0fdad375c306c2478f406456cbb95c43a
SHA2568c54ad94a85dbcc1b618c365583832915c0da5a75ef73a845f12ea87ed9f3248
SHA5127d55f6a1e907d3f27bf2a53123ab9a19909ee184ded5f96e7758d0a6cfb46d90d3a1739fa5818b79a3f363eaa0e8f613cf4c48525d558e2e9b6f28b43174bf5a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\activity-stream.discovery_stream.json.tmp
Filesize38KB
MD53540dd9686a0eb5ff7bb9202d19e32eb
SHA1746024808fd257f45087b7fbc8dd4bcda8c49d43
SHA256f2864cbb8c9f41b4b0219982cfb21e9dfb3f81a849f3f7bc6cb36c6951ad3ef8
SHA512d0287a9b7529448d5db6e170666d08707540a700fce2657b5e4f94ed97a4280173bf0a2d5fc859f0b6b1306434e2688ec0dd804d260b650d58b066cae0bf1d24
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5db0b02b265b72c43f2a799585b9c5064
SHA13914700379abfb7a87771e125ebdd98cccaa2771
SHA25615b5d58ef3ad713e78f63b47f3437fd948078c90d6cdcd5fedc1359766591f13
SHA51262807eb7fe2373af9e820f74dd5adb8953d639d24f18dc8faef2ecafbe5707cfcd13c9d666233ec62ad36417b5799392dcacd8507f10618586fbfee23b241aa8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5e8f3f79e0fc0eb1af91c20fffa01620c
SHA1470e5dd088292551917c18e00eb6e1914ed8c53c
SHA256340326f126d88d2af7799246fea28a3658623b0537a782ce3be94a83bfe98b75
SHA512f078ed9e9bad9341d3f357d1374e541b34caf87b1c1802113e7037da29d631c856a11516bca14ca0dc05ff1b72ae151b60aee98c9ae73908c93933059c54b459
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\datareporting\glean\pending_pings\063abb60-90f0-44cb-a1d9-3ef3dabcb660
Filesize13KB
MD5f2a90f70804add81b23c9d632031096d
SHA1525a047ce55ed85a482f6ed9742c048d0e4f3e7f
SHA256cc97bc98ff7d0b452b816f8191e48688aad77063b43322fac60543f93e4c964a
SHA512cffcc076e79e2dad6515c83d9dabe45ea677ed22a0e66a98f91df8a97ac6e2b0b47128d3defd8534e5fac493227311e1abd446dd10ce8fec76d2b95a4acfb8be
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\datareporting\glean\pending_pings\0c144300-c6d6-44bb-9ffe-c7a028e86a5f
Filesize745B
MD5ac2cfb967634ce7e46046a2ff6aef18c
SHA119e532a6ee4855c7dde3f27aa69a56cf4e4b33b6
SHA2565c226d57efdfaab1a85cf7fd1f8e865b1a09008476215843329afb0ba259049a
SHA5122197ae3c0732487de93eefc357f469676c7ff38694154e500a0d83bec29111e94482575e04e6f44c09f3728e8e507cfa6940b7dd5628237e49df21f2239c776b
-
Filesize
6KB
MD5d8573e8b479b41d4fd3b1a8a3f42b2e5
SHA1ae2efe9089c17a46cfb1854f8575a2f8d136a328
SHA256e0fe13a63a65ff31cb34c24e249b0e0cd2e4b72b29896bf80b8f28e49379d176
SHA5125895836f6ee038ed8f41c548d6791012a9155e0ee7a499f02639612d0a4957447a7d3bea18a0ecb177b9304b6701906c279c88525c52fecaad45767e7d783bc6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD528358240422a8f21d4a155ce505e1867
SHA1add47ff8d4df040de6330657cd07b0d10e4051ad
SHA2563804dfffca30da4393d8aca2e6687c1c2c16102e861367819fd2a10c55d8f3fb
SHA5121abec58ead2ecb7591b8baf9fe6a59495e8a6408c6a950aa6423c977a4fa3071c05de8c3d7859b06debc5b30b3b6e5afdb372cfe22e748ba93ffbc393fd105a4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD58b08d5db6115eeac9f905d9b0172511e
SHA1ad7caa6a41b3a137ba79fe9397dbc5edf3dc6476
SHA25668621fcf5df083821c4c1e37d648f6df5cc7ee1bec440037eb5d2e09bb6b50bf
SHA512b20d42a7f0e0bd95b15cc1882969a8d842ce37bd322d3385f538df6e0f1a7fffcdc8b39eff96c9dd3463327bd4bd13667aea29b3cd3910d64b599eb6cc166173
-
Filesize
508KB
MD527e1b4e12893e15184853ab2a3fef0ea
SHA1394dcd236b89875581cbfa6d3317235f62fb629d
SHA256aeb9f95c5379963ca1d7fcf564fb83f3156aabe75c4569f5e5627012a902a7f2
SHA512a19b025bdad5972ed9225ca49e9e1dec14d68b0b52f86a22df410224cb4fdaa8fa65b084e465df1087bebcd4127b60dc2e6b3e4f05081fde5d59e7cb7c9b3e23