903f05f235949f39cda49abc046d129e65696c76b21387f983a16c9cb92017c3

Analysis

max time kernel
1795s
max time network
1804s
platform
windows10-2004_x64
resource
win10v2004-20240226-de
resource tags

arch:x64arch:x86image:win10v2004-20240226-delocale:de-deos:windows10-2004-x64systemwindows
submitted
25/05/2024, 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

591f53dff6db856bcc2a4d68_st_james_park_2.jpg
Size

122KB
MD5

4288a3b2d71560d16b36e3d8a1bcc9ad
SHA1

d1b92c755dac103b6f7c65de555151b20c2d1df2
SHA256

903f05f235949f39cda49abc046d129e65696c76b21387f983a16c9cb92017c3
SHA512

44653bdba192e9f04364afd0c75d1f439008a2ddd9811e0f22d62c0e24dbf459a89a0ef48619635de7d5656c63bffbb961a20d1efa2dafa94c36203bdf479593
SSDEEP

3072:hTGTnm3fXNpIIoZV192p+ZCvfLIxpvTK7Kg:hTGTnofdE93jvTFg

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610705408695510"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{D793230B-C7AD-4A9A-9D88-9E8AE38A7B78}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
6132	chrome.exe
6132	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4064	firefox.exe
Token: SeDebugPrivilege	4064	firefox.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe
Token: SeShutdownPrivilege	6132	chrome.exe
Token: SeCreatePagefilePrivilege	6132	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4064	firefox.exe
4064	firefox.exe
4064	firefox.exe
4064	firefox.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
4064	firefox.exe
4064	firefox.exe
4064	firefox.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe
6132	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4064	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 4064	4548	firefox.exe	93
PID 4548 wrote to memory of 4064	4548	firefox.exe	93
PID 4548 wrote to memory of 4064	4548	firefox.exe	93
PID 4548 wrote to memory of 4064	4548	firefox.exe	93
PID 4548 wrote to memory of 4064	4548	firefox.exe	93
PID 4548 wrote to memory of 4064	4548	firefox.exe	93
PID 4548 wrote to memory of 4064	4548	firefox.exe	93
PID 4548 wrote to memory of 4064	4548	firefox.exe	93
PID 4548 wrote to memory of 4064	4548	firefox.exe	93
PID 4548 wrote to memory of 4064	4548	firefox.exe	93
PID 4548 wrote to memory of 4064	4548	firefox.exe	93
PID 4064 wrote to memory of 4736	4064	firefox.exe	94
PID 4064 wrote to memory of 4736	4064	firefox.exe	94
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 1508	4064	firefox.exe	95
PID 4064 wrote to memory of 2716	4064	firefox.exe	96
PID 4064 wrote to memory of 2716	4064	firefox.exe	96
PID 4064 wrote to memory of 2716	4064	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\591f53dff6db856bcc2a4d68_st_james_park_2.jpg
1⤵
PID:4652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.0.1384337218\1545763628" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7974bafc-0219-49fb-8c3b-2f765bcc8112} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 1964 27463cc2958 gpu
    3⤵
    PID:4736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.1.597118269\509736469" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c90119e-c9fd-46f3-92e7-d5dfcda88eaa} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 2364 27463632058 socket
    3⤵
    - Checks processor information in registry
    PID:1508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.2.489854263\975425746" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4ea1da2-ba84-4209-8444-13d68352dfce} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 3044 27467afa258 tab
    3⤵
    PID:2716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.3.986334973\594985767" -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cce55cb8-83bd-4705-8b77-73e9be342c3f} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 3612 2744fe5df58 tab
    3⤵
    PID:1696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.4.1270841076\404154805" -childID 3 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b591cb7-0e21-46fc-bf50-50444b427ae8} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 4276 27468bd4558 tab
    3⤵
    PID:2544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.5.2028458863\1699585943" -childID 4 -isForBrowser -prefsHandle 4668 -prefMapHandle 4660 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca09dc75-de50-4804-9bd2-ed7c7304ccc9} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 4608 27469f90758 tab
    3⤵
    PID:2568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.6.1826027123\1554413883" -childID 5 -isForBrowser -prefsHandle 4588 -prefMapHandle 5104 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c38645e-c37d-49cd-af9e-4b6be63ca6f5} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 5152 27469fdce58 tab
    3⤵
    PID:4776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.7.540596734\654082192" -childID 6 -isForBrowser -prefsHandle 5332 -prefMapHandle 5336 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4389e270-bd24-42c5-851c-69c8bd2a5d1b} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 5328 27469fdad58 tab
    3⤵
    PID:1868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.8.1736833402\1107813760" -childID 7 -isForBrowser -prefsHandle 2920 -prefMapHandle 4864 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecc78791-c66a-46db-83c4-7c37a6207898} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 5656 2746a3ccb58 tab
    3⤵
    PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=de --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1052 --field-trial-handle=2280,i,12495260388534045372,17604500157273288941,262144 --variations-seed-version /prefetch:8
1⤵
PID:5712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff98b3e9758,0x7ff98b3e9768,0x7ff98b3e9778
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:2
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4624 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1768 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5292 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4864 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3408 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2120 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2768 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4728 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3376 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5480 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4628 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6092 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6104 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6168 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6148 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3264 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2768 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5480 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6420 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5104 --field-trial-handle=1888,i,4969664513096383113,2875775046776231571,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=de --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1048 --field-trial-handle=2280,i,12495260388534045372,17604500157273288941,262144 --variations-seed-version /prefetch:8
1⤵
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
64KB

MD5
d84862513956cbe61aeb4ebbfdd3355a

SHA1
14ab269df17cb0333b1556ce120d587324479f6b

SHA256
a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5

SHA512
d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8ea7a3a15692651dc061f8d32678795d

SHA1
bd4c6e85c99e6b2c274aa5d9b10b474a2e8d6319

SHA256
7883a68561b999221eb7440f2cdfe42994e823bc427c846601a6d1080bba4ab2

SHA512
45046f566bf3492feb259cdcb1c0a504a7c6a18e571f845597b98ed5681f981c87a0968157f7f191e60ccc978b75c8661f410400bbbbd1fdc65cada2a8ee94fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
b55c52feefe6524312cc32d954a66967

SHA1
62c1edab5cbb5dabf7857c6ac5771110bd3f2f30

SHA256
807f5ad5751ba095607090daad2b6fbd897300853346b5cdc2f4d63917e428c1

SHA512
99dd6404d8bc47085e2d3237f1e23560b3781a09fa74073065f121d688d6a79e9b7df60878ca68a36215c668f76820f40aff0f015ed0b0652cbffb3c875d6774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.burgerking.de_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
9d29bd88b1989be22c83fd2c3f038e14

SHA1
22ec814c9b9a6d67794ec9fc598d4dc462bb3ba4

SHA256
aabb8c41302546edbd6282ba3de7cbf26d94267c3eab9113ebfd8a0b70aa41c0

SHA512
72bc0746fca9cd528258e9136c6050f4470988e2d4089049e818ab41f14a1846b36780d3c663860a2c6899bd0397ff4f6d83c71874aa2515e0f9701f408de56e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
36bd65760851a4fa8f146ee9a26ffbc0

SHA1
53ad7cc07323846fb536dcd0787900841ca8ee10

SHA256
29e7423ed6f80d9285e3254e19716b9696baeca18c8bc5cd157d1985ad1b752c

SHA512
f86f333c228ab8378e1740849de60bda9da9a538efec3dba802c799369ca520cf9f4f3c60c59cbabd19fb2bbf51eb27f3270aefcc476b2d05e854fc44774d13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6d2b057b5b348cb419d182b40a9f4934

SHA1
b4ed44252a5b780162c3556fc9ecd885163f96e8

SHA256
7516758bc1b1f07d9d3da8fd5a45517c941c0b732b28e40f5ccaa3f5516bde33

SHA512
8ecceeedbcbea79ae771b88d3ffb182f519337cbd2e8942566223ab8c7f0d212fbfff14a8867c6747c65c03c0894e20669e9380c6bb788d8fd79dc330e162edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b09e7dac6eba0ddcd13d9124040ffac5

SHA1
4b4ab7b16667b5a8940a882f1b60e23c69690f60

SHA256
b5a831a3030e6d7b3398cb83ceb2dd67ac35502d270cebada0c5dce659d9cf3e

SHA512
aa9c090e4529fd1f730356916cff0510a0aa811ef49b0ab9832e4b32e62d71ea8c6b20c08e85db58a91a07c670f22a9321eb97a31cd18727804d4c19ad747bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c331aaf469a2d0aac6bc0e79d3024ef2

SHA1
da17c60e607319878ea5738ae4bd038df99891b8

SHA256
21f0fca8502c10486e8e1630c6e3a774ecec55ff99fd7bd05ab9165df8bb6cd5

SHA512
8b91206005fd0d51757027c2026d34973bc08a7bd53c0aaeb09ac1d2aeed72637b429c5a1fb42156ab0280aef934f87a76836baf7793c63eac2f56b052744c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7490bed3ce19039a3304b1dda10bfcc7

SHA1
5a90ad5862767744fa5ce11e3a3765b36878ab94

SHA256
e5d8899073f6f81f638103d9c39180c4b434de86f5f5633e0f14f64e27b4137b

SHA512
25aa7632161c8e6ceceace1dedf408e87b6c1eec48d2d74386aac9495193a3382a814e41822933ea306ead5350ed7f88cf31aaf8ef7becb7e10677ee01f28c3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
86483b5de836b73f3d077900adfb783c

SHA1
8d3e41b827abba0598de3ef0cfc4ad212f1252bd

SHA256
22e1a7d473a88cc74dbfee8df90cf8105a8f81bb3efe082f65fcd99a729a88f7

SHA512
b27689e354372475d49dee5b51e4851c2f0f3562c4c8825cc1390bef04b723669780587139db74d70f6a326ac5d681627bb09e49c72684b341aec1daa35eb02f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
74cd889bf3e58dec0a9156aa7bf6f10e

SHA1
f5f77d4d7bef250527ccf8db15d885d584728be3

SHA256
bf6bb4023758f1aae631b012bc170f2a21da32a85360a720febaeaa01d99ff31

SHA512
5ac1104030203812d16da8788297490a71120d4c397f204081c5cec01ae19a550a5d222dd0ad78cacdc3bb0daccd8efdb39bc73b831ee7bddc5cdc8692df189e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
833121d6aea3c3245bf5e9636291b60d

SHA1
d49eee94ac2fe5438e4cf1795f28a82955a7a577

SHA256
49cb2308ce25b9b641b3c937677cd19cd66dddebe76741972b570be0c968d55d

SHA512
c03060628cd97f9a0a102cae40b73888a91ad9c6e5cc83191a8ad3770bd5e5228a0ff3a110fd795142979ef06514cf0f2af7ac855dab3ac6ef109a7dc65061f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
73f19e0645b785fae7ac589430241abe

SHA1
2cc36d65fd6e0950d55a407157b3b84bee364bf1

SHA256
1d10d7bd86f4a075ca126e415848fec85841a8365e1d477ce74c6e08140fce43

SHA512
f2b7f2e8f09bbfc53e1e50afe086a8cec140b791f973f24b96166c6f085e7f52a64809673c4fada4ddefc06a92da2c90153bbd063a1ace8f181d4aa06f2bac6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf160700ad297463ea8ad461aaadeb17

SHA1
0cbfa8a29c8fe5642b6dd3a5b5161c3183cf0006

SHA256
57db6b4e084bf84f79efeed0ac75a6bd1d5779c136fd5fde2d96cd9dcab1e36e

SHA512
79477bb881cdfd3a555d0dcdb2633964abfe1138ddb070f8920c4073d3ec25ab6221066ad138626e74977c5505222af74112028f0929047065888db3d7af0c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5be3b75bea8cd334c443404393ca6556

SHA1
342a0eb4ac57d2db2a0e9679bdef92619f97f35d

SHA256
ae3e6b307288a8fc481e496cad4e5f8d5a094b7707170c2a8307cbf9b4e43e41

SHA512
f539739c3d04cb16c1febaefd677bb1cf7b5682ae4b023941f4cc0eb7deca3be1148387141165a66b894a0b977239a7a26f3c1ec47cdb0c172b94a8f7fb8dc5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d5ad89ecba53006204084f311181731a

SHA1
2d57f875041229a78b96eb4422d0f3157371136a

SHA256
555334fff23d70b0c7bb878b895953e022657b501c4f9c2679bcc87f9b9b7836

SHA512
b953308f79169ffb80b11b0b344b65b5b29d380af908a76ec3b402e7a68da002faeb8e5a2c008bb10b7c95ba1e459db91f40c5f0872a050c178cea5c1f1771cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7c335a87bbc195938af1493ac59cb53b

SHA1
800d60cfa98b5e512b3cbb254823e56153c34766

SHA256
1bacb156525bc5becc52b4b4695d0739fe25c3d387cf7c93cbe75f98979a4d80

SHA512
24ba3c2b02488017303c870ee2b758ab44f334cbc6f1a1ac776b7db565b7798f090005873733a7662d073262eac45093cc6ac60290facc48699e9075bed0ad78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5dcc20c4fce4f43005873416ce67c276

SHA1
70b95ddd005187919872ededf34c70b434b0ebe7

SHA256
7e939411cc46883fea51f66167ecd234912377ed011fc87008a3cb094ba7f2fe

SHA512
cb89fb04a6c7d11d972277054efdb598c38a693b3369fa9ca5821a183ada21caa50fcbfa56928cb27cc5fabdbd1785eea187d555bf037b88b2ae332df5e64079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a3d71d4f8ace052ffc62f5c780601f4f

SHA1
220a63a9196ddf6c7534164203b3e919acf9f554

SHA256
96803a2cef9027aa54e9c286a6321635aed6594aaa0cef9a6a36a598c9606d64

SHA512
92620ff4ac11d4599cdc7b4e80363251a036ea49645283d6866e7494804a2ac30b9db57ac7c07f14a5b99f63abc859c119f1df657c55240ddfa3c1ed450606ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
48cbf6a6acad2e133bacd185adeef3a9

SHA1
dacd4aaaa20b699d6cd516175fee7979705b68b4

SHA256
6eadb80765bb74900a470409b1b3038a9767237f2e723e078689d5d28c25ea26

SHA512
c7b880b6a6cd833948d17287eefe8fa12d8ebb44d7c39a6a9c29ce1db7328980a2428ba5ff8d8fd6ff0257399cf59cc239c8277e1d954f7257eb73423199670b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
6358f7d74167a7e4803c733715c507fb

SHA1
215bf14bba869b0fe2b4d6226c39495af0bc01c7

SHA256
ededd377da3607cbe6f406496899347a03259bde8cba702a7e88968567984a4c

SHA512
4266c0a8c91b9ff2d6ae19679bbf5d66a1d78c9bc8175bf0bd61f26a46a6d01bc00eed40b27ce568586627b09de1e99098ede4315502811da681b243974c14f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
29b6568b6fa2f4b86a69ea712fd33246

SHA1
89fb292fc8ee691e3e6ff1af47741972f22e8140

SHA256
8e3e296ae0ffa9826798b892a320abc1b72b9446778feb4168883d89977e047a

SHA512
2afa67c67a554fc16addbb6e8ba67e691d9369133c6d6136129e55009ad27f33f47f57a11dafc2370d6aceeec81ce45dab38fa3d1ac78d0f4a0d759c16a3ef25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
642bb295a45a6d71c4bc0e932204339e

SHA1
abb284956e646088415e2bbdd0852288f23bf542

SHA256
731c1a8710731a781101255971ca935b2c55b6e6e5a1d24ed1aa98735e5fcd69

SHA512
5c3094988801bd1ff566af489cca5f4309e22342afce63489caee8e359801eff5480581b861c3de04435dc682690d247bb3bcc007b933f419bde2263943f7f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
2907d0b2ceb5e82d1aa9006285b72ad5

SHA1
f383d6f233243e94a5e22f0d40e312e899a88f79

SHA256
e41461a89aeba7374d254786d21f8ff6568954730a7c86016ba30bdedc623374

SHA512
2a5d7ad91a7a41efead8e4b84078fbed6d4e249cf5a405468e62fffba71f91d9698c8d77e7fa675c508a95b70e68693131fb1093d1c97974bcdd669dc2488074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
4ed63f031c2fcdd97ad5467f2d9c5345

SHA1
a514c632c93f79324418e2eaf797e8140980e444

SHA256
2f1cb5703c07af8019a40837ddffcecd6d23c429539c80fa5d79337d280c2a77

SHA512
09a7e5370703b28aa8592106042d56b1539b1ae6413efc214b74cc7e0411a986ae636fd06ff77fbdef27e25cef8ee9eb1dd7cee53891e8415c767850a619abb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b17bb.TMP

Filesize
97KB

MD5
8782bba3cdeaff9e497ec719bfc85b93

SHA1
fcdeaaf2c3d5613a0e2573466d354f75b8754496

SHA256
58f96b9e6d01e58634a4882715b3f17d053ea23b2112836c9801b508480501e0

SHA512
1f12c5c49b395c43f8b22a8a4606d15cb4fd1b62041c3348369cffe697dbdf35da0601f1800742862289adb0ff7f9dd2e3a2f499ee574e66a3fcbf2b0919412d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
4282e065a921bd0307cd23c0944ec212

SHA1
755797f39d37e763054ef1674339f6d1a8eaf26a

SHA256
76401a9c1f15a12fcb5c27b152ac6c005a7d892b81805c2f2637a7f506606910

SHA512
b71b3be6a11ca7785c8b779d56341b9c25bf717fdeb7f76eaf93710995f00cc9fd9bc33c52997c7e2f313877bce400d1ff37331252a4caa575a4dac32cc3e50d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\29ad14c2-45d1-4dd8-a8be-1205d92b73a9

Filesize
734B

MD5
e33abb13e335cdf4d2b87b98e5614518

SHA1
b24aff10a42f782f081d715822c570f7faddf6a0

SHA256
113ae4c66d5dec7f8d666b4731b9e6a466fa097f2558a4e3dbf6d10707ae433c

SHA512
ea4fd34ecb9a57a52f3f6d5f0dec0bce5e62b06bd4faa4332dd201f02e4318390d322d38daef952c4beefe4a474f0bd09a3f781499bcc5f97fd51ad1cec40d55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
72d5bf5256b7f5c506ed0714495591c7

SHA1
701edf6882f12694a1cc43460d03486d9c86b350

SHA256
633d5eedee7e292a3640252cff48a9168b9c2d3913df06fa6a63feebe27c9e70

SHA512
f0b7260c8b1dd533db8094b727637cc23cc5de36fcf863fd0ce8f749f3f007a2e411cdaf03dcca0f93f80ea6d74c1e4697007750dcf39195009faa7df9108bb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
64d65492c5929322c456fd0b5603d029

SHA1
c4dbaba15abfc1da06eaf01465794bf707d154db

SHA256
5b546260282372273362fc9523d7ed68f2564f64eba47558c710ca5ca2f1b2e0

SHA512
1c57119b8bd5d8b1be2e090a96b9f141ec0abdebb0bad821b3d43bf0b970f304b53fb4edf8c2761fa3eabdd2a491a2b1eb2222fdf7ff115e2dfed13b6e6100d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3831830500685e0c235870a64387d782

SHA1
8bcf3ce08a3521c2e546354887492cc02cf6b3e7

SHA256
c885eef39b136bea05f9521d6d3b021e7445f72b4a8bd7aca3275003bbe8f39c

SHA512
f0824f0a73ba88529d06fd60de47194251cb20aa8121fb1d1da51579dc0dca6a4709d20db15097cf5d00f22f1f84bb616ff29f72fee055e83ea375d47c6c74ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
0173e8e92a837ff6f3cc73b014c5b1c8

SHA1
30b6123e4be014243285fd80f05296c36ad1e0f8

SHA256
ecbd7f5ef002d0fdc008654923d6d722e9e8c654e27acae4b84cff3c6e9218a4

SHA512
61fb4fe45f6fa14242bcc2dd414098f1fe7751b4127f530677d56f4112f0b5b7b483b2986411a3f9911607aa252a82a5bb0c3fa62ff72121f82c9961dc7287d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
54b82e761058eef976d9f6c53d2fe2d6

SHA1
eb76e47e27dd84164d3b5efeb62dc6acddb78a4f

SHA256
d6d1a69d3f82c68d69be2aa71a2be9ecbcccd7cf130123b3077100d9abec4046

SHA512
59bd93c1095e3845e5ee3309c769ded56851c1107ee3e0a22464e19535b67f526381a5270754b6ac0ffbc5f26d30f2a97f4a9e7bf910010a52cdc5e66f2b0199

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
45f176f08f7881288caafbbda208674e

SHA1
aebf5bb00b348ea9f6354f1510bdad9db9dfc3f0

SHA256
b5aaa4aa33152701f4f4ca436c6d0e4381647c0906dce4b42c009191fea5540d

SHA512
54bbf092ebe3019916d25b2110fb1066cfe048dfeb124e927beca389120e111b918ec8497553b35dc94ff4b33bcf5570fcb8ac12adc56cdfe3e29cc5b9509240

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
b01efd0877d8bb4a5d754d6d5a5922cf

SHA1
6dfaecd4219afbb206185171c64c777e9c73ae21

SHA256
ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90

SHA512
6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

Download Submit