Analysis Overview
SHA256
d580a097f9204691d74580a7b07389199ed0f3bcc99417f236f6ea2a3592d4fd
Threat Level: Likely benign
The file proxy_gen.rar was found to be: Likely benign.
Malicious Activity Summary
Embeds OpenSSL
Enumerates physical storage devices
Unsigned PE
Detects Pyinstaller
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Uses Task Scheduler COM API
Suspicious behavior: AddClipboardFormatListener
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 11:10
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Embeds OpenSSL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 11:10
Reported
2024-06-20 11:13
Platform
win7-20240419-en
Max time kernel
144s
Max time network
118s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2424 wrote to memory of 2716 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2424 wrote to memory of 2716 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2424 wrote to memory of 2716 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2716 wrote to memory of 2776 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\rundll32.exe |
| PID 2716 wrote to memory of 2776 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\rundll32.exe |
| PID 2716 wrote to memory of 2776 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\rundll32.exe |
| PID 2776 wrote to memory of 2184 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
| PID 2776 wrote to memory of 2184 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
| PID 2776 wrote to memory of 2184 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\proxy_gen.rar
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\proxy_gen.rar
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\proxy_gen.rar
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\proxy_gen.rar"
Network
Files
memory/2184-30-0x000007FEFA960000-0x000007FEFA994000-memory.dmp
memory/2184-29-0x000000013F740000-0x000000013F838000-memory.dmp
memory/2184-32-0x000007FEFACC0000-0x000007FEFACD8000-memory.dmp
memory/2184-34-0x000007FEFA920000-0x000007FEFA931000-memory.dmp
memory/2184-31-0x000007FEF5D40000-0x000007FEF5FF6000-memory.dmp
memory/2184-35-0x000007FEFA900000-0x000007FEFA917000-memory.dmp
memory/2184-33-0x000007FEFA940000-0x000007FEFA957000-memory.dmp
memory/2184-36-0x000007FEFA8E0000-0x000007FEFA8F1000-memory.dmp
memory/2184-37-0x000007FEFA690000-0x000007FEFA6AD000-memory.dmp
memory/2184-38-0x000007FEFA670000-0x000007FEFA681000-memory.dmp
memory/2184-39-0x000007FEF5B30000-0x000007FEF5D3B000-memory.dmp
memory/2184-41-0x000007FEFA5B0000-0x000007FEFA5F1000-memory.dmp
memory/2184-42-0x000007FEFA3D0000-0x000007FEFA3F1000-memory.dmp
memory/2184-44-0x000007FEF6700000-0x000007FEF6711000-memory.dmp
memory/2184-43-0x000007FEF6720000-0x000007FEF6738000-memory.dmp
memory/2184-45-0x000007FEF66E0000-0x000007FEF66F1000-memory.dmp
memory/2184-46-0x000007FEF66C0000-0x000007FEF66D1000-memory.dmp
memory/2184-47-0x000007FEF5B10000-0x000007FEF5B2B000-memory.dmp
memory/2184-48-0x000007FEF5AF0000-0x000007FEF5B01000-memory.dmp
memory/2184-49-0x000007FEF5AD0000-0x000007FEF5AE8000-memory.dmp
memory/2184-50-0x000007FEF5AA0000-0x000007FEF5AD0000-memory.dmp
memory/2184-52-0x000007FEF59B0000-0x000007FEF5A2C000-memory.dmp
memory/2184-53-0x000007FEF5990000-0x000007FEF59A1000-memory.dmp
memory/2184-55-0x000007FEF5900000-0x000007FEF5928000-memory.dmp
memory/2184-40-0x000007FEF4270000-0x000007FEF5320000-memory.dmp
memory/2184-57-0x000007FEF58B0000-0x000007FEF58C8000-memory.dmp
memory/2184-58-0x000007FEF5880000-0x000007FEF58A3000-memory.dmp
memory/2184-56-0x000007FEF58D0000-0x000007FEF58F4000-memory.dmp
memory/2184-54-0x000007FEF5930000-0x000007FEF5987000-memory.dmp
memory/2184-51-0x000007FEF5A30000-0x000007FEF5A97000-memory.dmp
memory/2184-59-0x000007FEF5860000-0x000007FEF5871000-memory.dmp
memory/2184-60-0x000007FEF5840000-0x000007FEF5852000-memory.dmp
memory/2184-61-0x000007FEF38F0000-0x000007FEF3901000-memory.dmp
memory/2184-62-0x000007FEF3890000-0x000007FEF38A2000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 11:10
Reported
2024-06-20 11:14
Platform
win10v2004-20240508-en
Max time kernel
164s
Max time network
156s
Command Line
Signatures
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633555154837685" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\proxy_gen.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffb884446f8,0x7ffb88444708,0x7ffb88444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb76daab58,0x7ffb76daab68,0x7ffb76daab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5024 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4956 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3284 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6072.0.1874830894\568582165" -parentBuildID 20230214051806 -prefsHandle 1764 -prefMapHandle 1760 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15e7babd-072a-49d6-949e-2347f129978f} 6072 "\\.\pipe\gecko-crash-server-pipe.6072" 1856 1e9a1e0f158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6072.1.484123065\1476327432" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccb1080a-fffa-4d2d-92a2-ac2f37477521} 6072 "\\.\pipe\gecko-crash-server-pipe.6072" 2420 1e995089f58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6072.2.362406869\1585791449" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6324fc6-b136-4064-828e-a287f9286ff8} 6072 "\\.\pipe\gecko-crash-server-pipe.6072" 3020 1e9a46e4858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6072.3.266524773\42856373" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {504296d3-1530-47e7-9f6f-5cbc24a6416d} 6072 "\\.\pipe\gecko-crash-server-pipe.6072" 3688 1e9a6c36d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6072.4.310607869\151548532" -childID 3 -isForBrowser -prefsHandle 4896 -prefMapHandle 4892 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5f26c60-5781-4ed0-88ee-54f9841edd6d} 6072 "\\.\pipe\gecko-crash-server-pipe.6072" 4908 1e9a8c36758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6072.5.1650882722\709500235" -childID 4 -isForBrowser -prefsHandle 5048 -prefMapHandle 5052 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e804b72-44a5-4ad2-bfd7-8c3080a6354e} 6072 "\\.\pipe\gecko-crash-server-pipe.6072" 5036 1e9a8c37958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6072.6.2077046351\854915638" -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b26c5d8a-3896-4685-b468-ea4037be9f07} 6072 "\\.\pipe\gecko-crash-server-pipe.6072" 5236 1e9a8c38558 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4940 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6072.7.1512665942\164425730" -childID 6 -isForBrowser -prefsHandle 5816 -prefMapHandle 5812 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4c87924-70b0-43d1-9f00-ae75ce147e0d} 6072 "\\.\pipe\gecko-crash-server-pipe.6072" 5824 1e9a7738558 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3228 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3112 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5880 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1652 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,543393690281752925,11501859570477235768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3504 --field-trial-handle=1924,i,15416479192740406174,2502442134759551994,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| N/A | 127.0.0.1:49644 | tcp | |
| N/A | 127.0.0.1:49650 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_3468_FOODAGTWHUGCOJBF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82fc46d26a355eb4e5dc4c1ebc327994 |
| SHA1 | 355fc978eb54ac23b03183a3402de37bab3546a3 |
| SHA256 | 8b79b4a817b1a6c38ee8e7246a1e6f1991bd3815c67524bdf57b2b9e78fda72c |
| SHA512 | 354b86b583999fef11c32d40b67885d0db74ee7409dcfb6aa5efbce1cf5fed6323fff89cb14e4076378cef299465e88948a90917184cacf94b2ee7f5021f6a62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dc58b12aa07f25dc8440b190b78749d4 |
| SHA1 | 6fcdf27d5f27e12b240c35b3b9685ece9426eabe |
| SHA256 | 1db75bab52515d0619c6a007cfd84bfda5abeae5725a9e3f0561babfa8c9459a |
| SHA512 | 5b5205ead5b2bd2ef356c0bef02c9b2a12a207684be42e49e5e579e46a853590a7d38f3a624b9fafd649a4464c90a899fe7675ade3d400a44f33b4667587acca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0dc238af28a032dc4eee7bd650642f24 |
| SHA1 | 55bdc056696504dc5c6515620f917c34365a8ca1 |
| SHA256 | 17f8dfc6bce952ba36de29aac85eb8f3ddb980477333d29fd13e43d11c494363 |
| SHA512 | 685f6de3b2d2cfe873ce16bbcf92e97bdb6f4632b5fb0aadc5e5b40cdceb4714a58a488402dde0bbae06c4c17091a550993d9b7049a366d6dc0487a16253d093 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d63c8c99f0ee9789da12fedcf7b5324a |
| SHA1 | 987ee804878229075047aa50e3668ac00d85cc3f |
| SHA256 | c720e743ff9c317e20b660377882bde9099ae3ebdcef214dc56838533137bcf7 |
| SHA512 | 54833a9acd8472fd4de95c62a0051db95abc859aecec503f39c399c5b2bfed0ab35f5c6733ec751883e8ee62720aa084d8150150b2d7f630399ebaa9e83cbd57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e32e77878525e298a5292a10c10127b1 |
| SHA1 | 6ddc80693f2a08015659463e85e638408b1e803b |
| SHA256 | 783678763cdd6df328d056d0a2167db7b804281a0de186537341b6e8a89adf32 |
| SHA512 | 433a96d70a8a23ca62b25338f9b349ef4c2cfe3be6c5d868136e5468d2c3fa99474c3a68e5081ddfca37558ccbea16e9a15a1066c3baece338ce29ed08b0742b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 003e349d1228ff68174b5e1ecdb577dd |
| SHA1 | 05decb11095e24c8ab5abf0273b41ba4f4a5edc8 |
| SHA256 | 5bcc5d0c3d050591da14cbc864ca6352ba79b7b06b5e7074fe4c5f660c1bd167 |
| SHA512 | ec208c4b5120555b1719ba4c8acfa37b9c05176cb2171bd3bf0b8e7a6f2d946b9c274c75b63e52b83a01ab0dba9f604a144a2412ed8fec52d8cd42ede363a25d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c75a1d598e6c717d5d05632ddf3f73d8 |
| SHA1 | a3a74ecaa227845b190eeb9c3ee6f153bf76993d |
| SHA256 | 0c68ca9ccdb8bc9c10e455c252e48f0f8db0e0ac27dccb0d107a11f1569c1bd6 |
| SHA512 | bf50ba5856c39e9ebb5b126af6cc8a83e79f6780e6f960788b4f7d4fcbd74ad7ff6424bc948c94a3fe0c978f17cdb74402ef42e11efb036dd3bbf3153fe0abd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0a6cf2e6c71829243808734163c486d9 |
| SHA1 | b81010c513948de948a23942cb00bf8dcd4422ee |
| SHA256 | 40da869ab9bdbf9b0001f175a31445dc4473edc29d36eb4744234a6142b7b868 |
| SHA512 | 65385d9c3f594aff62c634a272201e0f23d6c691c8e253ad8e77498683a14412473b4c4c3cd2a804279e61e131ad95b77d3581908e748cdb1ba98d1d612f0ed5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | e6f0b0c62c7b531157919f4ad5c410b2 |
| SHA1 | 3afa43bb4242f1a5b228e372fd86b81c6203fbd9 |
| SHA256 | 998eb7ba146b63235ef3f7f1d1cde6124dd6f2aa95515ab5d84d29d9e4b4383e |
| SHA512 | 434718050391f06eff76ccc810f477a048551b41e77bf4adbeb72df9a6851c7efd32f037eeef6fcd5eb3e7f8e40d6b2c76379450de34f8e548f310b087c68cab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e537004a4834ae77cb75e13f90f9dc6b |
| SHA1 | 2c2c9380e81e6b1728fc766f54a0d7297d1c653d |
| SHA256 | 97d3941b6782dbe1e7413193c9794d6f3f451f5cfc079c148563e08960b9ce92 |
| SHA512 | c0e592a938933e21a8ba0d0d329a75c42b488d6c275408cb0e68b11cff0bd5fe2238d6697bc0fefee5443100863d95e22425973c4a806962fb0117637a1b6c7f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4fa1303359b6ff59dd27e7ec8be631b7 |
| SHA1 | 3c57df9ace15fe9efe94b57d5c9f27f506272fcd |
| SHA256 | 52d9a60767df3b6f9d141e4d24669f5ed8b8f781a16db3ed5f18a52e677e5d7f |
| SHA512 | 73397c57cc2762377d12e546a2a84f2b781e516440ca2b2606cfe33a0abf9777e5bc491fab9034f818d8f0e0a7354a6859cbbc4042e8e38749cb494414b2ab29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js
| MD5 | 6e00b5d412785c03ef3f720ece95034c |
| SHA1 | 51190643c44b519abac00085a9099b6574c0c420 |
| SHA256 | b89e6acccf50def4c7ca747a0d14c4b7c0d4b1aef0c130fbacf64a9b7e1ff70f |
| SHA512 | b70a337a94c8395f23978f5b7653a59b0f5193c3dd8fe592a7efca8f85f7cc74867e43e043758742960d107e90ba5cab0680a3cd85b0957d7b7e46be62282d3b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionstore.jsonlz4
| MD5 | 2a421a5e1de37a40444a1a5f4007fc0c |
| SHA1 | e72ac00b3343bd926d47a581d7450da6e4f4bdc3 |
| SHA256 | 97e13aa5d57a8dcd2e9723abb425f3a9800942be957c545900ca550c60e0867b |
| SHA512 | f97de9074afd6aa0ca4285930b56182a7cffd11bb7f085d4dfdb0523c47b13e194f48be8bd0064ed85736cb01da31e81dabe7585bd6125fe6c80653cb2f1a00d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionCheckpoints.json
| MD5 | e6c20f53d6714067f2b49d0e9ba8030e |
| SHA1 | f516dc1084cdd8302b3e7f7167b905e603b6f04f |
| SHA256 | 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092 |
| SHA512 | 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1d8b55161d00a0ebfba2629a4dbe6262 |
| SHA1 | 1f64e2e8cf73ccb22dd62c22fed0950056d78f93 |
| SHA256 | bb4c4cd5ffd78883a63bd8afce9103930fac111e10be1d8a9a4febfcce934720 |
| SHA512 | 989d8dd5b526e6a86d5109bb9bec907962b7b4003f490da925818a1704fdc14426ca714573cc17d1556da7eddf1e7e06655a734e8d4073da7570315c68b27196 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585157.TMP
| MD5 | 91ffb360de3bfc2542949aa79c7753b4 |
| SHA1 | 81a36e22e112e610fcd90840a33a15668a6dc37e |
| SHA256 | 466b2200853791f023c6861fd6984a9c6cb99d8ce134b9f3dd89537aa93f8dec |
| SHA512 | ba6318e8ce2de4cec748ce9f6193313650f0194047cbcd8f43557ae34b804626c16a97cc974c0193fffacc49947b13674a63f3ee21d3687691a0d8604d7a9c73 |