b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1

Analysis

max time kernel
118s
max time network
177s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13-12-2024 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The-MALWARE-Repo-master/Trojan/WindowsXPHorrorEdition.txt
Size

123B
MD5

49f5ddbf0748e69f30a2909276418311
SHA1

c3205cccffe909f2a60560d6179cc096d4907386
SHA256

1e9637fc91b1fe4a13401c4bbb1919f0fc951c55b8d120df51854df02f8fcd6d
SHA512

dc741df9988212c362315d82a686dc0b4085890cdccce98bda8ec617a671b737f954b4530a424816cf5fb3affe3355022b1b1acae16fbd7dea33adac7cec80c8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
524	chrome.exe
524	chrome.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe
Token: SeShutdownPrivilege	524	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe
524	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2424 wrote to memory of 2212	2424	firefox.exe	32
PID 2212 wrote to memory of 2812	2212	firefox.exe	33
PID 2212 wrote to memory of 2812	2212	firefox.exe	33
PID 2212 wrote to memory of 2812	2212	firefox.exe	33
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 2800	2212	firefox.exe	34
PID 2212 wrote to memory of 660	2212	firefox.exe	35
PID 2212 wrote to memory of 660	2212	firefox.exe	35
PID 2212 wrote to memory of 660	2212	firefox.exe	35
PID 2212 wrote to memory of 660	2212	firefox.exe	35
PID 2212 wrote to memory of 660	2212	firefox.exe	35

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\WindowsXPHorrorEdition.txt
1⤵
PID:2620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.0.1898971612\902266769" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd8a63de-04b0-45d9-90eb-35b50437cc77} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1284 111d8558 gpu
    3⤵
    PID:2812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.1.1170905575\1452918831" -parentBuildID 20221007134813 -prefsHandle 1476 -prefMapHandle 1472 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fb0b08e-4303-4e32-9cdb-97096e27db27} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1488 d6fb58 socket
    3⤵
    - Checks processor information in registry
    PID:2800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.2.1668127389\1517863256" -childID 1 -isForBrowser -prefsHandle 2004 -prefMapHandle 1768 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74694337-2cbc-445a-a901-0e7cdb45132d} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1892 d64458 tab
    3⤵
    PID:660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.3.1108107416\1881576477" -childID 2 -isForBrowser -prefsHandle 1636 -prefMapHandle 1632 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df3bb40e-a1ca-4397-abb7-0540a2969a96} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 776 d63858 tab
    3⤵
    PID:2072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.4.804127143\617197619" -childID 3 -isForBrowser -prefsHandle 2532 -prefMapHandle 2512 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17ec4e28-41f9-442e-ad2c-0923824d5a95} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2564 1aad2758 tab
    3⤵
    PID:3048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.5.857141288\1432718274" -childID 4 -isForBrowser -prefsHandle 3928 -prefMapHandle 3932 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {958725b1-04e1-4e83-a712-20a3d4c55884} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3944 1f123758 tab
    3⤵
    PID:1036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.6.369251569\959325677" -childID 5 -isForBrowser -prefsHandle 4052 -prefMapHandle 4056 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce632bce-8b0c-462b-84fc-428bb85f76c9} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4040 1f123158 tab
    3⤵
    PID:1920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.7.1463897026\1812938645" -childID 6 -isForBrowser -prefsHandle 4224 -prefMapHandle 4228 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17280edf-571e-4e55-a097-6f35d777f088} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4212 1f123d58 tab
    3⤵
    PID:1700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.8.1038427237\709673075" -childID 7 -isForBrowser -prefsHandle 780 -prefMapHandle 3904 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc1922a1-d56e-4041-8c64-c57597c0107b} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2320 114cb458 tab
    3⤵
    PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70b9758,0x7fef70b9768,0x7fef70b9778
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1320,i,7743869498682360230,13212759425812292272,131072 /prefetch:2
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1320,i,7743869498682360230,13212759425812292272,131072 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1320,i,7743869498682360230,13212759425812292272,131072 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1320,i,7743869498682360230,13212759425812292272,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1320,i,7743869498682360230,13212759425812292272,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1320,i,7743869498682360230,13212759425812292272,131072 /prefetch:2
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1268 --field-trial-handle=1320,i,7743869498682360230,13212759425812292272,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1320,i,7743869498682360230,13212759425812292272,131072 /prefetch:8
  2⤵
  PID:2780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
fe0c08d6a092bf5071eecd10255f7612

SHA1
7e4df96697ba30bfe67cac3192c97efb321d257b

SHA256
df9eac2b7a78825fe287ac4b59e154ebc704a4815d3de7087bcc88cabce57cc4

SHA512
9bf5948d91b24b56805b42abd3a024e87bcda8802a1dafe273320edcb605c08b97cdb77b94f06e0b724e1a950427894c4215430e8460386106e8cb4e09a1c245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
8930f2d6a3ed21728ca2a786da1413de

SHA1
4ccad4670939a09aa1bc15b17dc595a5c8ecc4b6

SHA256
0abbb317c5154d0a29b7d45a40444422b1c8bb9dc46d0b33de1477bf1f011748

SHA512
26a84fd06402c2e5ffc834ccc89ccce529d9a52425060e2193771cc6ca146758bc90af4c58a1708068ca31b19bc08f842659b1ecfeae1932dc990c8234ffa146

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
eada133bb7a0c22040a15511e0413d64

SHA1
e90c900a55c40d33779932d2ac1109f8adfedd65

SHA256
e4edb2f04defa8bfa2c30c624e0d57d3016904b6c0e23269346c62c980262a52

SHA512
b694bad003fce2a0f709e50d59d3d8758ef9a0f7a8b2c619dadbc72bbaf752363c42244cb2ad7c8a72a49a36a84ee24d490452ceebd33b617c220b4a193207d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
37f64e38928dd714c38899b2808d55ef

SHA1
5081c871aef7ed3676f6251bc3dd8e4360119ae0

SHA256
e7d89fb5774b55f7a0235778873c45225b952cc71f99e8081fdbc5dbb49887f3

SHA512
6fbf8e57a6ad57e06fb238b82f49e1ada6a065ef1037a4992ab5d32ad7d1cb7fe6c6493007c791c07644a8038c7ada2f6e26c93e87a8d96a9432cf8e590062d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\38695e33-3cbd-4e6b-b8d0-54da7d22a0e6

Filesize
745B

MD5
3e754dab51a18a2484b00b3286c186d6

SHA1
2881b8836ec17a86a56d14efe9abd29384d30557

SHA256
bb385245c0f7bbbeb1b4045a44184a053a605a48b8e8f749ebe2ca6b6a75696d

SHA512
92bbb0ed2b60483236d3f406e5cf6de451a7315b4e5ece9f6b641a92ba746f16b4d740ea86339fc3b691bf82d075677254bdd7c4b2cff04768295dbd9ef9f4bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\92342354-0046-4ed6-9c49-4667da0675af

Filesize
11KB

MD5
f4e7e17e7864ebfddf1204007e2570b6

SHA1
1e4c5d15ad9d3bbb7c9adb3cf6fa56a4b9c7a94d

SHA256
53e572105ba5ad231eec4c7208aa3865bb4cd8b78bc916161b6465d36ec65bff

SHA512
c1a8ee807827c0bbf1a12712b723334d037568cfebc8e450be4b7187aed13a4e026fc1b957d749ab4a4f6ca012ee33f1e362ccdc1c9cc1ff5f82a41e5f4d5524

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs-1.js

Filesize
6KB

MD5
a4d5d5c09c31006fd298ebbf892ecc9e

SHA1
579942be492a98d95b10a1eb5c733cbc49152aa6

SHA256
9c9bd4e3731654f1f9ea43e3458dbd99e272dc572ffadf10757689bd21cd50e4

SHA512
ec634b9e71e05175d4706cbb6b71a013d31cadb9e9f313e7c2363226b8cf8baeb474379b9ae0ab5416ceeb9ff1eee0a824602d96542aedb6c4478a6db0bbfbd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs.js

Filesize
6KB

MD5
6f971f1f4315914309adecb20c712c75

SHA1
04b2d057eb87545f3617a4512f8b1c0059c69a40

SHA256
e0b17292e7409ce996f3a8459a89d26d412a48a206d0dcfc21ce91f099815729

SHA512
92de4dcc574c090af739938b10f39316009c5816c3f36eb7466524238949073a4f694f846495ed3bf3b42b944901874e94a797e591f775815b475ce67f5d338f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs.js

Filesize
6KB

MD5
f91e8839070144a60f18511e87765279

SHA1
97fa9fd0a86b1c5ef4b44d70f26b4d7b53ba4a24

SHA256
dc2fbba63ed30a40eaf0fe569b4a9c2e2c29791051f9daee1dac79ea1547f9a7

SHA512
8ea6f496a44187d5f1c741eec7c5ff42f124225bd5dd09deb15ec283ac54bfba88ad13d8539689c8710535bd4bc30c87aedd1d5464e2043b86286b5d8fddf005

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
38c772ed1cf1a26e55e4d798e7072ccc

SHA1
53e528a4d477d980d6e77820ac057a84753f243a

SHA256
287a6bc5ce9124333ec8404a711069a63395fcdc8db182561fd8a3b1669a345b

SHA512
3ecfb5290e21ac114e0dbcd95a98e62fe1785d0f110501591b7ab058b7a336018f2223d2dff7ad97cf8c24b5fd353c855c0a8f3af2436bd331819e828b95f4ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
dc0795ef0ced5f13de7ea6adf6c90472

SHA1
d8fb6edec5858e11b9875aba47659e944247de3f

SHA256
e84bf7243522db67ef714fe4621bfebae2f9d8bd8be412ad780920b33c69ec31

SHA512
98d0d2d47ebee224c0c279a209739dbd7fe61bc99b32cfb6a6c0ff314e9c9406a33d36c6f3b7d95232ebfb7fe4b12634eb9b02244a3f1acd57d26b287ccf1a38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
ba05930ab77db6179277fef24e6c74b0

SHA1
2505be9f3445b5b5bf6501beb1376d52dbcb95a5

SHA256
0d90055f84383b18a55795c22e294814923e0b3dc393f8844fb8a5883b34efd6

SHA512
e424bf14777d15a9ccfe4b04fd1782f45d7aa6df6ca687bf4517eff4b81a221e3283b5232aaa80854cd9e29e21aeb46aed2411023939ceb0791465230744a454

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
bda6375fa4c3e66f6d0a16dae82dd67f

SHA1
c1bd3487935f2e27a758c4867762ab094eff9c2e

SHA256
3a3851a3966b3a6587efc9ccb87a53eb7a1ff9c20d7b8048416bceca6448207e

SHA512
fcf52bc641dff33e623900f40508379807141839215525a01ac01c628804deb94a923ef0fc872f028bdf269bed4880635795117f52595718d05e240852fc5892

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
2491ae2294ceb09a920245b3a670895a

SHA1
8463760d6a147764005784d6789c5b900a61dbad

SHA256
add79ab7e59b5e9aa9856aa3ac98744bbe98cb6cb778ffa0b6dc6d24f7fddbdc

SHA512
aeabf6c8ab546eebb6f249c065918c1e2f6699deee3577add90b9ce7369b8c76b44f3fcfa0f57d2ef0dbb8e5911c749f6572666d0d19af0ce1773308497200ff

Download Submit