Analysis Overview
Threat Level: Known bad
The file https://egirl-paradise.xyz/tlg was found to be: Known bad.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-12 16:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 16:28
Reported
2024-06-12 16:46
Platform
win11-20240508-en
Max time kernel
1003s
Max time network
1014s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://egirl-paradise.xyz/tlg"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://egirl-paradise.xyz/tlg
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.0.955134121\1624991127" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d1fc798-25a0-4502-be6c-01169e28a447} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 1832 173d4aab158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.1.649841477\84291740" -parentBuildID 20230214051806 -prefsHandle 2364 -prefMapHandle 2332 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1e28bb4-86b0-4cdd-8ee7-aa97460e4bdb} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 2376 173c7d8a858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.2.1999370878\300195314" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2908 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {538d0609-95b3-42ab-9256-75f1246ce5f6} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 2876 173d7751258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.3.1736135325\974952015" -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa496deb-9f14-41c9-b003-eb151baf26bc} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 3672 173da6d0258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.4.1839012917\549488807" -childID 3 -isForBrowser -prefsHandle 5060 -prefMapHandle 5020 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6929c1d0-8949-484d-83b9-e620dbbf59b0} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 5068 173dc4fc358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.5.870652218\258870376" -childID 4 -isForBrowser -prefsHandle 5300 -prefMapHandle 5296 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54eaa3c3-db94-401a-b86a-1a1395962d8d} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 5308 173dc4fc658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.6.1256250363\264981490" -childID 5 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9cbbd6f-dd3d-4524-9c03-ff42ca566ce8} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 5188 173dc68e258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.7.754399688\1561282280" -childID 6 -isForBrowser -prefsHandle 3552 -prefMapHandle 4312 -prefsLen 27769 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {180e5835-0b4d-4feb-8458-e48cc2cb586a} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 4440 173d4fb4258 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff90a443cb8,0x7ff90a443cc8,0x7ff90a443cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.8.1455075523\617511331" -childID 7 -isForBrowser -prefsHandle 5664 -prefMapHandle 4840 -prefsLen 28034 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11d1a7be-ffae-4999-ac47-875deefec25b} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 5652 173d3df2558 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5492 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1519672855203250079,7473705683146893061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1052 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49728 | tcp | |
| US | 8.8.8.8:53 | egirl-paradise.xyz | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| N/A | 127.0.0.1:49734 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | egirl-paradise.xyz | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | da793ae5f79cb55de825b6905a47faa0 |
| SHA1 | 251c2a9591b6bc1e63debc8c6f5d3bf3e487fd10 |
| SHA256 | e342055afb27792486ad905849f89cce6ff3178c5276687fdb3cf7a69848260a |
| SHA512 | fb1d64f9395fe2298edad698f5658eac7a5c9430c795f912c9eeb7568b287377d759d240b8a6fe1c14d836d07fdca4f4a53d88ef5c478fa74ffe0a70aaee5a29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs-1.js
| MD5 | d0426fedf98a2a05df64b1b334ffa710 |
| SHA1 | 39cc766bbfe012573abb02cd57df1cefd2360190 |
| SHA256 | 805b165274f6b76a0a5794b14486ef9ef5d78b730398ab9e5d2301ed6e74948c |
| SHA512 | 3f1c948e23fb2bebfe78e720fe551894e56bd514f29fea5e84965db2cb3e0583c9cc8b0de769593d92f12d94c8073b8c4759a338457c8d7c5d389fa847c305ae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | e1cc7f919170e950ab9e498681eeddf9 |
| SHA1 | 94144e8a5bacf49a5bbf795c20290814a68d05e3 |
| SHA256 | 93adea62ae5ff8d6b97f05248036ce38d481d047dc295ffc28d0b789f59c20e3 |
| SHA512 | 2b1e69358a5d333540bc57ac71f2ad874e9a26236eee5cb1e4e6bda7c1ad6d3e1b93d481e299b6e5716cfb327ac295b9d8bb879b6cb0d7094308661e1b1ccdc4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs-1.js
| MD5 | 741b16d20fd619eb166449a754ef6749 |
| SHA1 | 4e68f39d821b971014803868195c13b6c5fee82e |
| SHA256 | ec5042ecb7e5ba6b93797983bcf32c9d6d28e00fd261f056531fce897ecfe8ad |
| SHA512 | eecddee9f47f66927022460e653d5d45b80817e4fd384a6d4f7c8e870e8792997a2017ec3e8a62663ca61a8bf9ca80671f90448d4983a7e5b274619694f9ce7c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 57b488b18a6ab81dcfe70823d445a0a5 |
| SHA1 | f8422702efc9f3d5fd3f39cb42a6e0a2941f8532 |
| SHA256 | ebbf3dacb1a7c25b52b97a0ba2420a528ba85b67e95fe6a07d1ade020facbd4a |
| SHA512 | 8c47701e5894225a0f8a8bfad975f440d0c586cd8421e3bb4c727e001090c310fff121061c617866894d344a0a74d5f4923e4fd9f064666ea98f23834834e786 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8294f1821fd3419c0a42b389d19ecfc6 |
| SHA1 | cd4982751377c2904a1d3c58e801fa013ea27533 |
| SHA256 | 92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a |
| SHA512 | 372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d |
\??\pipe\LOCAL\crashpad_2832_AOWOSBOCCEWMPNBA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 390187670cb1e0eb022f4f7735263e82 |
| SHA1 | ea1401ccf6bf54e688a0dc9e6946eae7353b26f1 |
| SHA256 | 3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947 |
| SHA512 | 602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | da6fbe9a10945e0004218ce7b60c863f |
| SHA1 | f6a769e56ee50f56da8a664a51eaec65c7f2fab1 |
| SHA256 | 84ad9ffed868bb1be5ea52e0cb40a97c6e937aa684f4200b00bb8b624b92a266 |
| SHA512 | 16908e92eb44e2aed4bf55afd554b724836cf328da0962b5451005177ed6d6789e7c3fbffc5abdc405c4740174d7ca799ba74c3d7c975e325d52b35168ba5045 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7168aa6467350151407fab2f51a5d61e |
| SHA1 | 859a7347be03733610cfb53d08573ac7308b342e |
| SHA256 | 7d2b7e7174ca599dc65075faf2ebe9dfa18a5d4e2dae4554315b1a21186ee298 |
| SHA512 | a2ad8f0d9660cbbe6ac4118322a82d311bda045ad18de78487df4adf24b993049a289778c06b40d2d30b19d0e50daaa05ad23f86595edc6fc11fe73e0a00cc7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4c79243bd7d48f2954ab6b004f34f981 |
| SHA1 | 71b1536e268fb0d4fed36892e15ee78550652c1c |
| SHA256 | f922f2e1fdd4d21b71e75165a8b8ffa9f0f7b4ccc9f34523f540a5935d7263d8 |
| SHA512 | facfe98146f33ccec73a3287fc31416ee673efc9b5ef2c91288c1b05cc3090aa34d1f721ed0674483e5d5bb23cab8fbc9477ec3ab633b51174fe2df87fe7bc7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d38ba3dba64b606f1fbde46655f28afe |
| SHA1 | a73d522601fcb72505495ddc38511122b8ed187d |
| SHA256 | d05aa7e3dca762c3f094b6a42de00612d8699c09edea3edb44a5b8d449508aef |
| SHA512 | ad6f846d4214eed2adce7f8e242eede6816c3b18bea1369131cdb37874ff51772b9cda6e0fcbb3bc72be9d9299f7f8245b2a232f1c831f7a5c9ca30f2f5762c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 22ccd295bd5b4d39d0bcbd2a732eae53 |
| SHA1 | cc5cdb806638bf24cf55ac34158eda2d9f6f4719 |
| SHA256 | 8f597daed1bb1bd108824915db737b832425452c298018e540ec5a73444f49e0 |
| SHA512 | 646e02f7a8f8ba56b004257acacb2abf713b68d72d6fd9b87e74f936a1c9f21c181cfe4bd095fb5d3f7b18f12fd4234d668382b1559f51132144185d93492499 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 480c89369f814ff543f1540d2b1ad601 |
| SHA1 | afdfb293db173de499b945a121db10ed5f36fb95 |
| SHA256 | 2dbf9cb7f9cafe5fa72ddfc35827260c3f3b9716c2d9ad076597c6b40f416513 |
| SHA512 | 6b35dbb380e0ec8fc5c26875e3db5a19c66b321115d8fa7499f9b0fcbd8df106195cebdbc323697d79dcb952b6b6ca389282e03bfb6c7f31f5c1b6b8d0a72f03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 921667b914e73f5f34a32290bfa3ea93 |
| SHA1 | 41a1a6cdaa12d2df1650d1896785919f971183b4 |
| SHA256 | bfbeefa358225a9cdace286d4cb12140e8739d4f3f51b9f2eb725ba8f7294603 |
| SHA512 | 84c940acec93d8b843a5dd6e57c8db965f4749bf85ecf8953b2e939f1ef245449b8b91a01b636bcd1986eba842d40dce7e158d4de6541cd394af61e70be3fba6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dedf46aab2501808820f1e3770e35bde |
| SHA1 | 214fbcde153ed3e5fc13e3752879e75fa4becfef |
| SHA256 | 00c7bf7416c8a67b11754453d05dcb26318ae449c82d47244f728daa6bae2de1 |
| SHA512 | 907aebe36b308be8aa7972504b1e0b504a35e090c1a0ba0f5d79b1fba9a763575b3de7cc90017ea4111c231acb1e2bde865397675cfe312359dd5d78582be33f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | d0417f57812a32322c1c80db41d9337a |
| SHA1 | 53962d48c7b5badde18d1db38785a4dee5886178 |
| SHA256 | eaa98704242a4a91d9ce451771e8788bce7cee26fb3de8d203f007a7417d0184 |
| SHA512 | 403f8ddfe5fbe8944e833c359e2595b965380b65263831d393c2e95749c5025597e5e5091824568f8256a93747912563ae65dec3a98887d44747de6f8eb395e4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs-1.js
| MD5 | 3517ddba0a1d696430e4bf8d6d91fc8e |
| SHA1 | 2ba85f439d7f0900294c58a66b90b627d80c0d0c |
| SHA256 | 0e714420e95b36c1df619ef89d778401233e183bd395929e37db2a77c671e548 |
| SHA512 | e5c7b23a8a68ab719696cfd2a6fc2718557dde26ab10ed9b6de60f93f903387249d9eb1d221590cdcec1650872f06fc60d8157f56a4fe5ecbf6a48ce4ff003fc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | d1edcf2f7b81d5d4a6a91c3b69e2de8a |
| SHA1 | dc25897b64a717f2bbc2b0fc536377756942e961 |
| SHA256 | 67f32b9fa03918b30538b3e31ce681b60beda9b81dabaa2a9accd52491f69cf8 |
| SHA512 | 5a1d754286b3e7737f38a47821ca3029f5c8c570fb1fcbe34fa5eb271c926af87f62f3a9c96691bc2f47c9f900cb21479b5f27c3eda97a55d9b521c66aa561cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs-1.js
| MD5 | 8baddf12ae7662a3b2b25529f904feb8 |
| SHA1 | b8217dee6c294ab3784a1f044fa85f1b674a02db |
| SHA256 | fef501dc95d37828dce1079a7054b5b7a399ad32184ac78a0624120962406a10 |
| SHA512 | 6c1a2fcebc745a9287440dde4c06bbf495b6e4dc74d5752b8b6ba9a2305528856a8a978f2988fde8374f4ded1b7cb4fddd3f2b6f3ba62f739c5c6dbba7d9ee16 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\targeting.snapshot.json
| MD5 | 32107873f2d00e81e2f7bb618a9f1333 |
| SHA1 | ca2de14b379bf377aadd19a5e2d639eb25ddffcb |
| SHA256 | e1dfaae34ae0bdee7d61f48cd12ddcb092054707644d49d03451d9172df465bc |
| SHA512 | 648b5f3a1709f11e277512eb0efb9474d186aa30e0f28724b259cb386a1f705c7ecc56ef17f92c3bbdcf631e2b436cd37b7e576e201f9008fd95877f42a0acd9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\xulstore.json
| MD5 | b847f28acdec63348ea376efd4278d02 |
| SHA1 | da4ae0ce914885ad7fe1f89aef3aa4f324747091 |
| SHA256 | 7e63f727108182d4afdf0ae5131c9e0692d857b934fe8d93a7d4a8cea58fb834 |
| SHA512 | 07b89826d35c5b9f056c8556ed5dd0a961f779d1aa7639321b90c56ef65bf6706a653a22f7790543b1482414069d5587c1f1c28215e92a7ffdf0fa4a55537c08 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\bookmarkbackups\bookmarks-2024-06-12_11_suW3jlX8MorawCiDOxmilg==.jsonlz4
| MD5 | e29ab902578c52589f843b13791f1458 |
| SHA1 | 114afd8e23882730ce3d2144265214c5f326b150 |
| SHA256 | bddd419c85bbb2bb58a3fd5a44862e253485449781c893fd27b8a25b7f23f497 |
| SHA512 | 8bffb38a5c861144303e32a76ff2869bd5872b39ca6dd52c7d0c4ec2e34951f32b91d7cd68843ff7c8ff203569887eb5214b4af35a2038f9c8dfeb7c7c2b7a8c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
| MD5 | fb734bbf742b4ec65926aedf0aea2ad6 |
| SHA1 | 3964a68757e403b5a7645320d55f0fdba6641500 |
| SHA256 | 393d40a5effab3ea00320ad34bd9b284ca6c1b34f9dcc1b138734cf4205335e5 |
| SHA512 | 004f4cc34b9329a4aacef68606a293048eb21847a6660884288a2772f70e43f12b08e5802d0929ba994798710eea82126cb5216449325a74a1ede409d0e7b98c |