hxxps://generallogistics[.]net/appsuite/connections/secured/CrB7ACEAGLAAGIABBiwAxiGZgA8gxiKBcICCxAC6AABiPgBACAg4QBA/xfinityconnect/

Analysis

max time kernel
79s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://generallogistics.net/appsuite/connections/secured/CrB7ACEAGLAAGIABBiwAxiGZgA8gxiKBcICCxAC6AABiPgBACAg4QBA/xfinityconnect/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626968856539421"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exechrome.exe

pid process

4368 msedge.exe
4368 msedge.exe
3256 msedge.exe
3256 msedge.exe
1504 identity_helper.exe
1504 identity_helper.exe
1792 chrome.exe
1792 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	firefox.exe

pid	process
4368	msedge.exe
4368	msedge.exe
3256	msedge.exe
3256	msedge.exe
1504	identity_helper.exe
1504	identity_helper.exe
1792	chrome.exe
1792	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exechrome.exe

pid	process
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

chrome.exefirefox.exe

description	pid	process
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe

Suspicious use of FindShellTrayWindow 57 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	process
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe

Suspicious use of SendNotifyMessage 51 IoCs

Processes:

msedge.exechrome.exefirefox.exe

pid	process
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4820 firefox.exe

pid	process
4820	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3256 wrote to memory of 2984	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 2984	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 1248	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4368	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4368	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe
PID 3256 wrote to memory of 4640	3256	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://generallogistics.net/appsuite/connections/secured/CrB7ACEAGLAAGIABBiwAxiGZgA8gxiKBcICCxAC6AABiPgBACAg4QBA/xfinityconnect/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbbd546f8,0x7ffcbbd54708,0x7ffcbbd54718
2⤵
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
2⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:1536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:1168

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
2⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
2⤵
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
2⤵
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:3740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
2⤵
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
2⤵
PID:4212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
2⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6238419055834319037,2605509898246172159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
2⤵
PID:3984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcbb07ab58,0x7ffcbb07ab68,0x7ffcbb07ab78
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:2
2⤵
PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:8
2⤵
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2024 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:8
2⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:1
2⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:1
2⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:1
2⤵
PID:644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:8
2⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:8
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4300 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:1
2⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:8
2⤵
PID:620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:8
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 --field-trial-handle=2212,i,11861177796972733639,9439756472433696094,131072 /prefetch:8
2⤵
PID:1404

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.0.1345821855\315318230" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6d4cf25-90f7-4edf-bfd1-b30dbef39e0b} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 1868 15977ef7558 gpu
3⤵
PID:4592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.1.1548386101\330560462" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fa9b0b0-0acc-455c-bab3-580e768e3a09} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 2436 1596c186258 socket
3⤵
PID:1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.2.566476406\903583307" -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6da5400-2a08-4fda-9b30-7918492bd5bd} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 2976 1597b9ed858 tab
3⤵
PID:2828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.3.117615007\741624296" -childID 2 -isForBrowser -prefsHandle 3708 -prefMapHandle 3704 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {019bfaef-b400-47dc-82b8-7dd5af34cd2e} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 3712 1597df3bb58 tab
3⤵
PID:5056

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.4.760202282\1961546778" -childID 3 -isForBrowser -prefsHandle 5112 -prefMapHandle 5088 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b964e8b-8a66-4824-b7fb-e7e8beb58d26} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5116 15980383c58 tab
3⤵
PID:2212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.5.22279372\865466590" -childID 4 -isForBrowser -prefsHandle 5136 -prefMapHandle 5244 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {072ad2bf-2043-4a2c-b9b2-e7d2476b2686} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5288 15980382158 tab
3⤵
PID:4688

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.6.1746976786\24479146" -childID 5 -isForBrowser -prefsHandle 5536 -prefMapHandle 5532 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b412c613-b629-453b-9724-f3db8bda6b44} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5548 15980384b58 tab
3⤵
PID:1252

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.7.1299709704\2061430621" -childID 6 -isForBrowser -prefsHandle 5956 -prefMapHandle 5952 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a104a8b5-d6ea-4197-a4df-c8e79bbbd7af} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5964 1598202d458 tab
3⤵
PID:1392

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
e4ecffb823abcb2d040fd45bf1c97233

SHA1
00c332f574e238228b5bb6aa6d35a7af9d70a130

SHA256
daf2172cac781dc826fdc111c9f06e4fd9095a3236750ee65fb93d021a5661e5

SHA512
11e8f986beb9835369c64cb622406329f707fc36c5d4b1af4858ac5890762029b6707cac18400f912cf376912e5d38fd9656fb91ccd4ffe1bada5484876a3f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
6b577be4fa5dc5bb011adba928486f56

SHA1
4820a47143667029c4f38b31d70cb2ae08591773

SHA256
fea04092b80c5c6ac409e69e61beba3652b37862849ffbf867387f3adbc23afc

SHA512
204c8b728e23feb4bea229ae784e0f97f47ece309e274642c46b0561916f6f17d9a89d43d387df256f3c93d9fe8dff8298c916664707accb33361d3c581ee1f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
969281a76ff3013870b4be7ee80eeb9c

SHA1
a591862a0168ba74dc0b253d00d1dddaad442986

SHA256
3472e1012330b2c0b3bff05ea1f5057cd587212d6d284b4db6823b8ba2fed157

SHA512
a0aab91b673e87a73e8a5bfa68dd41e8d913f254debe7df3e600816de08fbd620bc9b7b1f198c359e16a3ec7ae436cb45d3c5db7db7b4f05d4a7d6652fab55a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
54cfc8024a20f4522fd67ad9cb25809e

SHA1
b352210f3329193e0943b769a6036a82a2152bfa

SHA256
e240b7808d23793807e3f54420e6c5f1f6ee81c800aea2700009b843297ea078

SHA512
fd88a0f6d3505939d32cf0c9972459de064920d3228c0da03bcedeaa9358826ab4cf2443a2b67129556e37fdccf9755a5aef049c6b6ba63f8f18fce894a4a939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
9bab1c3419801c78a78ae0be276534a4

SHA1
d8b350bffb7ab034618d25ef3ef81b94e01b155d

SHA256
6dd801da8fa56d01dc542187b45c770879aeea73418b633960981f65d72df92d

SHA512
1d64d36b89862d54fbe55ffad62a5296419577e20f1f4c60d26273a36ffa38f77af9b0144298aafd58ec358e45ed36703744d36b97459bbb20f368fbe72891f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
274KB

MD5
b6bfbe831c6316687a154bc5ca9b325e

SHA1
e28c1d13983ee9487537a6bc2c45b0035cf5b890

SHA256
5139a1d225f2597981de7d896d15df751228bb78e6a11a7bc312a92cb68f444b

SHA512
6adb0114bff17ca3e5c33004a8bf371cbc99e50dd8ae38bd32060030b8d5813c397f445bca3cdb882206f4109829772096a04503a07c004b88ffa077b78af425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5593be9c-f92a-40ac-a96e-8f7a6692479f.tmp
Filesize
11KB

MD5
383edb0a9bc30945d402c611c8ed5712

SHA1
31b6423712974770cf7a64b4a1082472c546eb27

SHA256
eff7af558ac3deeb819a0c4209818ca287f0a5b4c22b89b6b50d6babc4c511c6

SHA512
5ab70c8372208b93cff4acb14c8d70fd15978a2fa9490597a9510197294faa4f977a14023af344eb6a6451c570a9f3b9e1183a2b44eab72d452ed22e10978c18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
c06c9c827b7b3fdd906bd9528c66e034

SHA1
9e111b7955fa2c97cfd1085e30d8c090592ce20e

SHA256
1fa754287a844214f69bd5e7a1a6cfd619b68b737a658227be5ce44dc0dea2d6

SHA512
51982b7b3f8dc98acd8b81e55e226137343cc42b997e5e9d194a05f1aa915f9d0ac5b87453e7326ce1880ca8f9f30f2978551e441807240be670b093fd08c9fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
ad0beb346afc6340ff24555ab7531c31

SHA1
7b5b39148ce8cf1a0292aa66b9924a919d13e1cf

SHA256
d6ffbda08c2ac10e1f82165ad8e8b88cb4b6ae850cb928e7fe9ef40144eab0a6

SHA512
ca44d429da513f8fb558e5fad3700dde8a8b767a0d00b2acb4cb8f54ab8282c75dbdbca0ad38a3df10a069e56f2d602941f6ea922a9be1ff4f5029b77fa0efbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
13b5b179c68af33162b88295710339fb

SHA1
de470a1cfb2531a6ecb90ab9616cfe9a9a9d1fe7

SHA256
bc44ccd6ed038f3d2aff6cbf9a95551515f8fc0f5a3a632928f5a33073db1cd8

SHA512
130eedc3e3983473e8eb53bfdfeaf27c79162e35876e943519d31b65646257f97276b94c81f1c18fbb34ea4b2c8ed67f3750e21977a09401a14ed7927d83e757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e91b4e180bcafb940475b2157127d22e

SHA1
39d08cf0f4a65c0f99ae490a25c8798887feb8da

SHA256
d7a8a6178ca48dafae2d586d8e0d39dc96f78a54a9b1055090b6055bc66aa568

SHA512
043c5cdb0ab8ffca104069b8aebf6acdd6deb37c4fbb1d243577f68835482b25271b457762d73b5b33a193dbcb5703cc25b3ad0a4a0cc111ca8be20bb0d060aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c23b5af4a15953b799887e594605e157

SHA1
7ec315609207ab70b19dda6599d810d3029e5983

SHA256
f9b3526b48cb0e9664273b5210bd85b6a813897059c796d1835a9968a6888ab6

SHA512
3210fd2eda79fae0aa34014fcec3ff468d3b9b73c63b635362b5c0bbac75851401fa16443ea155975f822fca443ea2345627994d0706b49ddad5cfdd61390050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
205de57aad985f5b4fd0b462cc90dafb

SHA1
cf7f7c2cd6e1620a233eebdc73d496af56b1f5da

SHA256
ee7712c55131125fe082d3d0121e4015f6ecd9f94293a1cbcdf7c17ed6ca9a03

SHA512
90420c63875485ffefdb3dd2ac63a60baf309dc24667fc67ba8012edaadde872d2539d82a98dd9e5a10056c0f6c72deb903d73ce6a4671a820571106814faea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
dd5593d8197217c02e41896463d814d0

SHA1
2c9cefeffab4eeb882efc0b20e4ce530731819c5

SHA256
4a72d085a6cfe8d262bbb6211621e60b51a3b86193061eaf9986ea9a3d7acafe

SHA512
0251246abe07c2aac19c3b8ec7e0c0217a9c393df78aa97a1650dfc08c12ff7def7cf8e313f556bed6b8dbf5cfa5ec08c247c0d43bdb6d5f995a63273d5a015f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
704B

MD5
52d847479219edd8826dc89b3017f419

SHA1
0eaedfde4e305d54e5d60b16a38d03353ed29835

SHA256
c8d7bd6b651aed7f2b165aec3055856ed32327959d9a40d6f327d86309bc5729

SHA512
39852838014bc5334981a79559d4519489cd375eeb7c35e354693c615df76af1b46b29aeccb62b17b291bad89214ff4d11aa356698d44c65b9b18f7d40ad3e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b824.TMP
Filesize
538B

MD5
80fa898d511284a5bd22d4f78d3844a0

SHA1
723929ee61c07272978cdbd2402436d88bf0f37e

SHA256
ac774e6aa0f1b465fd2692c52c666e5133a8a34a8dde474690bb35c338f1b6c0

SHA512
46eba5b074a49fa3814fb6342ae3422411c71a37efc0c2c038bb477dda675e7091bfaef2114e11c12d5463c04abeed3d30a4d1231204e40589e34b541c894df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ed3e55bca8fc5acfe5b8b8e2f6e97f91

SHA1
b8e7a5789fbca46087cef066b2c889d8a6166534

SHA256
994c28a4035b8f2e1b989ad55567993c46f59c45a28ba873c65882379fb20128

SHA512
52486a1bbcb288e2ba4cc0df73be5faf70f5e67701df0ededd0240eb9580f767566bbb4c679bfc11bc6680db49ba02b74776275f4bc5db2e7e42331877478e63

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\activity-stream.discovery_stream.json.tmp
Filesize
26KB

MD5
e8319c6cfd64f9df3f704003bf73b3e9

SHA1
6501e99b9e91595c9f4455d96f21db122bb400da

SHA256
369c009e11577605c39594bdae7731d0185dcc86bcf727fd322c8d44d411cee4

SHA512
9816e3907255c44b4aea7f7a3fb7f4dacfff4be1b13aa57aab727fc9fd9e4b902361d0d5d9e675cf8d4f90e65eb49150acf017ec1cd5a8f2f8f25cf47a40c028

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\activity-stream.discovery_stream.json.tmp
Filesize
26KB

MD5
87bd4d7e7e323bb7cb3c62eedd6f9d48

SHA1
7765216b0f116ea98d10743997e285340a44ae5e

SHA256
76a23759631aafaaeac53c4f7a6872a81eced7c6700c28d22468ca37a8716f5b

SHA512
41bdd471d53000b63eabcc86c6683065d42a8badcaf7170d7b04754cdac399e67e86db34026197c80c94420ad1bec4626842ac0a21564e75f7028e29cf7083e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\1AE988AA66BEA53E8AA3F948435F1118DAB6E1DD
Filesize
50KB

MD5
60593a2839133b73267bcd6f9926fe77

SHA1
75e14b167f363c1e8a3b2cbb1ea798eae740c0ca

SHA256
efbdf44dc00ba36929af20b5cdf11770c3b5d5b0af8ac57316e0ed28c5937bbb

SHA512
8240bcb60715965d70454667e7deb6eeaa8b1864356a0312c670532cdb1d9a77e8b4b714387eeb51355f868afc428555b93fca3e2c318d091cf43730d0545dc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\cache2\entries\5B60858573108270CD4CE6471B7D9E556B8BD49B
Filesize
83KB

MD5
53076a019293b43b865f04811de1b3f2

SHA1
6a04ba46a303d81b9f24c41424bffebbe238d739

SHA256
635e125a89c6408323c85eaa0e7d2e773a19a00d1332aabefcfc73ac77671a63

SHA512
6646153c42ef8343d36e070ded735a78e7d9201f940fa134aa27f60412fc1043f242c17adceb9560d388a2fdc826ae6539f9b2443f4460c3cddcbd35ddb61d45

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs-1.js
Filesize
6KB

MD5
b90cab049262b76e76e1082b6048c96c

SHA1
ac1411dcd6acaf4c3330e2e44247c9d6971d368b

SHA256
cd5d5bc74fbef027b0180d80c2cca0b4e285fbce9d7efcf2a6a64def6dbb806e

SHA512
3e4bb94fa7eb3c2e19a18494886f4a0c1a24b17e90a00f184369384ecac26e6f666587674ba3c6994a1ee929118b713c96ea193b458712ab3ff6b12f871450e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs.js
Filesize
6KB

MD5
d76aca2e5541cdd6e8717380a054bd53

SHA1
9859bf8342b02d3ff628631e842403de2c9483a8

SHA256
dfbe4eb9bc22e7a5cbfd62b70246fc9086a0570daf646c746e5ffc0d299c697a

SHA512
1178cb7474b9ffe0440c70932e9fe0f995ac50489581b83ab8982aa66bd9617cd8a5f67641eee7297d26aa8c51d7368aabedcf19e0a2b3c45075fa543397992c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
8ebe2edaa5e81b089dbc875c85975124

SHA1
d5b712ec940e4d518393807e92a3ddb79e11096e

SHA256
93eab5809904088a89923e1fa15602f41d012b220b06aa9bd5ad42bb0522122a

SHA512
360d2f47bab25bb91f6b972f9b73672da3959b387f5bcaa8de0188b80ee1a223a7c35538cb7175aa8297fd62efb5645b19b44e560457706fbd7d3d8431f993c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
f38ae5345e3a54ddbadf689b83070e70

SHA1
b1785810b165cb3bcac21cb439a5076aaaf18545

SHA256
4ae7a80130cd3cbb2cf3ac932c9f84d3197116373c9ed2692e237d035dbfd374

SHA512
7d477b1a8b253351419270b367fec523ef6c78701caabe541be414fd1b8d8224c750f5f87364d60f2004fb6b56cc314134303ab689caf29b2fb6318bf59e3c57

Download Submit
\??\pipe\LOCAL\crashpad_3256_ZLJNPHSWAODLMECP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit