Analysis Overview
Threat Level: Likely benign
The file http://google.com was found to be: Likely benign.
Malicious Activity Summary
Drops file in Windows directory
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:16
Reported
2024-06-13 02:37
Platform
win11-20240508-en
Max time kernel
1169s
Max time network
1171s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffb09723cb8,0x7ffb09723cc8,0x7ffb09723cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.0.1310379853\1176723905" -parentBuildID 20230214051806 -prefsHandle 1780 -prefMapHandle 1772 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1a1a5f2-991b-4d5b-a5da-3430fe7615b6} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 1708 15c13eaaa58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.1.44259224\1190346393" -parentBuildID 20230214051806 -prefsHandle 2360 -prefMapHandle 2348 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fe2840a-c9fd-4ef4-835a-c0017d4284ca} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 2372 15c14378b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.2.1613946566\487144241" -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99fe8300-518f-457a-a586-5f7d1b483a2f} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 2940 15c16be7b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.3.1652532681\1568832331" -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b939245-9ce6-449a-a2e4-e6512a26402c} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 3584 15c194a3e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.4.1123516544\1909304180" -childID 3 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {682b6737-55ed-4e10-8671-c6f293a6e9ea} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 4992 15c1bd6ba58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.5.1778890959\298048612" -childID 4 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29415521-ea05-4643-a27f-a179240f6371} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 5140 15c1bd6c058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.6.800033255\229647181" -childID 5 -isForBrowser -prefsHandle 5428 -prefMapHandle 5424 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c1d72e2-73d1-41bf-a0e8-89e4f113e2f8} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 5436 15c1bd6d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.7.1800106967\1589017272" -childID 6 -isForBrowser -prefsHandle 5712 -prefMapHandle 5708 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adb9a5d2-31db-4b56-9fc6-d5fea7192b03} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 5724 15c1aaf3658 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17012954176698943558,11785619059278470438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| N/A | 127.0.0.1:49787 | tcp | |
| N/A | 127.0.0.1:49794 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 104.86.110.98:443 | tcp | |
| GB | 104.86.110.98:443 | tcp | |
| GB | 104.86.110.98:443 | tcp | |
| GB | 104.86.110.98:443 | tcp | |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| IE | 52.111.236.21:443 | tcp | |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0c705388d79c00418e5c1751159353e3 |
| SHA1 | aaeafebce5483626ef82813d286511c1f353f861 |
| SHA256 | 697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d |
| SHA512 | c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f |
\??\pipe\LOCAL\crashpad_1780_EMJBASLCJMHNQZXN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0d84d1490aa9f725b68407eab8f0030e |
| SHA1 | 83964574467b7422e160af34ef024d1821d6d1c3 |
| SHA256 | 40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e |
| SHA512 | f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fdb8d79a-1a03-4e72-a6d8-c6f107d4c1f8.tmp
| MD5 | c5d7312619f091f3f9e2de0237dcf89f |
| SHA1 | 5fb34730398baf9936f02c04dff86f2a45c94835 |
| SHA256 | b76aca86ea6329a4f0596facd332e2f4ff3bd336aeb38d8a34a58c6c1dd549b3 |
| SHA512 | 641837732de807dbe45c54846b7dc54362744319814b2b9fabe3d4e4c5f967c5941ec13149e3f2ab0743214d7688ded96b379fd640d22795e3b43fe5eb2ceaf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 58396e06f600d07ed97815452239527e |
| SHA1 | 33e1c6469832d934d26ea7b55619c34252151750 |
| SHA256 | 6a94a9e164bf5cea756e1d3c2f5a41be7fc767830def95e245023a9168721e55 |
| SHA512 | eea6e00f59971859c3fd326ea90f733adb7f9a16adffd0d128bf97181fe164986274d0673afafd0ad5b24b843a53e89b67f5febbdc7c01eb1bb6f006046cfa76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e84c7984848ffe8cc1f249d8168f270a |
| SHA1 | 9dd7395ff968129f325823a6c8f2da6129e91f9f |
| SHA256 | 278f698bb264fd3f175fb6c17918adbc8515cd136f7ca93431d34f22d23578a8 |
| SHA512 | 9671101d6f2a8e84c56303cbef04efcc0b63d533de97c00123a8b72818f7533ab7bdae6aacea802fd6e77606121f333c897987dfd33fd0c5c9153cacdd06d43e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js
| MD5 | 13197cfe443a37a378e2f00a0dcd008d |
| SHA1 | 5142547dfda5d1df4d7847430410f63d772cac51 |
| SHA256 | a1d98f7501f51d6fdd44324175d0cff7a1b6a0cb8c9e75a1d67695ec200a89bc |
| SHA512 | 8af11cf19c27016edfad6ce54284cad96b2a1640f779b755e15e7fec6e60cd8f1c4b9af92df893e2a94d73be2fe4a91343e5d10e1da885bb2174c2c5de0c636f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1c6750e146f07d52e956ad2e53aaa127 |
| SHA1 | 9dfa13c57046e1bd4da7f78bab8f19f456a2f965 |
| SHA256 | 695304f05bed48cfacca6622676b9e6fb0825b3672530d9358e8a98b2aa6ff46 |
| SHA512 | e94b0ddc0ff939e50fbdfd9302d7f24ceebbe32b69e8d5759bc9cebc6eb8678346adca131e539552242a543fea96fd62e87cd0d3f6b920a579ba12ad01654e61 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 77ff5b76db5a1457236a999c2f61ef29 |
| SHA1 | 5295314269f2b0b6c5f64cbcff59778853c367c2 |
| SHA256 | 8ea9f495520741d7c20750c81b039f01d554f9d4cfe8c4e3e681b9a453d5c156 |
| SHA512 | c7f2243bc773945ebb581a7e88f0f7d921ad83a558c9d80d1f38c5ba7a5741e0dd1b4896ef341d18eaf7f69c09b2ab91925cc6fea5bbd7dbb66f3ff2e833b84e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2a8bf145a54536c07c71453df6e70402 |
| SHA1 | dd8363f995ee8076f6b6db6e7c0c967e40cf0c70 |
| SHA256 | 556f09d0e4bc4f59983e68234115a772755a419789baf3d9e6e7d876bd4ca4fc |
| SHA512 | 397526cedc523e4da085d8256df64b5f8f5a3df191386fe0bf729e3c390e8dacd53c22e6a9ef4e3ebf317d67290d451d01f8a5f126ab65ba604809b4da473f47 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f217811555a6eff06001bba8d788b3f4 |
| SHA1 | efff488b46088016ae6d728161c953c3bf89bf62 |
| SHA256 | efab50e289936afa7d6efdaa5184bd4e4f8093b933b08520f2ba7b1622e78ae4 |
| SHA512 | b627249b6f8d2ae9a6721127fccaa9e528664639a2c76d0b758277cdc9ffb9e03cb354b53fd06ec77434e02c46f7678b3529e8a8d44eb5f09c5307e99b16f63f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js
| MD5 | bc00d89ca5f4b229076566bf07fe6423 |
| SHA1 | 08d4a3f110f305171ab9c4b8a3797079f3f611c5 |
| SHA256 | 7f0d110385d0cf1487f9eef2bf4c8e7fea08d088569c132d0beb06242f327ca8 |
| SHA512 | 138b391ef460119bc346c52e0a73edf4fd18e832d7bca6342c5a40590d8d3e77509a363ed2f8b127e56e6c2ea9f13a6ba97487847c90098df5030ced686aeb78 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
| MD5 | 637dfcd635fd1e74ccf071672f2eb6d4 |
| SHA1 | 8ce516ac019117b42c5077d7a022bf32d1432cb8 |
| SHA256 | a9f83f5b5191fcb06d5159e7fae38fae40d06ccbb25b8fb38fe31eb747f239e1 |
| SHA512 | d496e1d8481390a3f41676616de41c97f70c21d90444381d510f4ff106998051c2c2549294fd299b9ee861e332d915bb7a60ed9f46d8afd932715d0b252206bb |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-6-13.217.3200.1.odl
| MD5 | 99c9f08b99f90f0ad52821d6ee991474 |
| SHA1 | e7ea74df37834e85c4a061cb3f3c9d004ef2bc97 |
| SHA256 | 581bb87165f841757292f639b0f164d30b90ec66c66489c62a7e647385e10ce2 |
| SHA512 | 0e0d848552698d9db3895b6de77bfdff89c1e5e6db2ec116be73766524138679bb8d5651c6d069662266e2e361b8591a0dfc4d7446f6b34778f56e8fe0c98082 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js
| MD5 | e2f56cea00963db19d7ebcb48b409902 |
| SHA1 | ba274f0146192220e71741de489be81a52543c7d |
| SHA256 | 0fc988f195e37ca692f87e7b332f7fb72783c179c49158a16e0cee640579d150 |
| SHA512 | 8016984da841223dfe714ac365f708d42bf4f30cafe5afaca82004da21618c09e61b8a2d051301d4dde471dd5663a3a2d2a216b60c5564b45b17559e4282f8f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js
| MD5 | 75f285f4c56d9db0a170335cf21a1ce8 |
| SHA1 | c9a51741edc39715a745a837176d517a5abfb560 |
| SHA256 | c0c70fa2cc5071e75bf60d858a82da0c1602f36ec3de1311baa0e353c53f29db |
| SHA512 | 75be44b15cac306334668dda040826b4d340e8d029935995269d19d33f0c822f9dbee7ff3580d51bd094b31f2e5f91f2c14c92bf27c3e55d2f61cd9fb5443dad |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 953abcf0a01dd45afc25f63e574d98ec |
| SHA1 | 8e13036e7892ae5932bd86844a4c16cbd7eee928 |
| SHA256 | 7dd51cbcb1a6f59036294f7b6491d8561f7ed1f25dd1ae986eaacf1df6573436 |
| SHA512 | b7424a4bdc68f9bb7806927195c7c8c59fe115f1bed2b1577fee1889cc2728916249ef9dba914a1b99c467bd37f3470022f17f5efb49374f7989ba0ee6c27d5b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
| MD5 | 9620c805650ad4c83baaaaf4fa33bb27 |
| SHA1 | e112540823f3c62f47740ba2fe0c730e149b9375 |
| SHA256 | 3b2f77d4a8a5009b3512dba629376c9117a99429f93f3ca41e82fa8d19625a02 |
| SHA512 | 2eb33e8d590af9b83b35a560d9ff6576f05c10d3d7f8fd299b98c251113598d9f4d2bbbca367b41e42675790f17d9a0b115a30e2b591b1d156a526ec63b82a29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\targeting.snapshot.json
| MD5 | 2958adba7f3284fe1b0e2cf6dbabf685 |
| SHA1 | c28dcf8f988c0c53505d5d2ae063c1db782e754c |
| SHA256 | 4aa0cb1fe0e298fc28dbbc2f2ec4b25bac354d109d6ccf99e95dbcfd7d2de8ca |
| SHA512 | 5a87b1ff71558f30a26c115751df09ac68a9e34b447fff67065598b6d534980eff2ff647cf8b63fe8d8ff46d53b11bf7ceb131723ce40e0e4b68a47e95281696 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\xulstore.json
| MD5 | b847f28acdec63348ea376efd4278d02 |
| SHA1 | da4ae0ce914885ad7fe1f89aef3aa4f324747091 |
| SHA256 | 7e63f727108182d4afdf0ae5131c9e0692d857b934fe8d93a7d4a8cea58fb834 |
| SHA512 | 07b89826d35c5b9f056c8556ed5dd0a961f779d1aa7639321b90c56ef65bf6706a653a22f7790543b1482414069d5587c1f1c28215e92a7ffdf0fa4a55537c08 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\bookmarkbackups\bookmarks-2024-06-13_11_QHzClTKVPXbEjZ4dBxgh0A==.jsonlz4
| MD5 | 6dc42da886e64e188b3702c0a21910b5 |
| SHA1 | 3ecba3d2d41f0a2fbc6816e27d7d73e309aebc4d |
| SHA256 | e3a69776ea089d1520970ace8e329cf125f4821385e9253dd4533cbbef73d9f1 |
| SHA512 | 98b325f84e65e65e53f3fe7beb484a4a07ccbd0ca0826f7a8bd563b251a05ed53a6017b8e8a2ed8658feca37d7264ccc7babc2adea46158e0f1fafecbda20d9c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
| MD5 | 81525c858ed9530650b8bc9b3e2afaca |
| SHA1 | b7c4aeadb048d0dc3151915853cf165e72f882c9 |
| SHA256 | 49dd12fc03d31e2026f2115d400510dbf6716e1375a19e909c391b2a27ff5492 |
| SHA512 | 2f8a76dec106b0f0ad10bab995c641363d322d92adc61ce3b82d66be0c5405e357ca9e7f75b81da52aab20fdc51670cb6d28e1379ede6a8660ec5a9c619bfd50 |