Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/11/2024, 21:42

General

  • Target

    http://getwave.gg

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://getwave.gg
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:860
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa50ba3cb8,0x7ffa50ba3cc8,0x7ffa50ba3cd8
      2⤵
        PID:2720
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
        2⤵
          PID:3892
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3028
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
          2⤵
            PID:4472
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
            2⤵
              PID:2176
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
              2⤵
                PID:1992
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                2⤵
                  PID:3120
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1116
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3912
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                  2⤵
                    PID:2076
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                    2⤵
                      PID:400
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
                      2⤵
                        PID:4292
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
                        2⤵
                          PID:5060
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
                          2⤵
                            PID:5112
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
                            2⤵
                              PID:3468
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
                              2⤵
                                PID:3144
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                                2⤵
                                  PID:5348
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6176 /prefetch:8
                                  2⤵
                                    PID:5552
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6308 /prefetch:8
                                    2⤵
                                      PID:5560
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
                                      2⤵
                                        PID:5484
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,13964546713031190499,16129211776391294529,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2140 /prefetch:2
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:1828
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:4960
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:1600
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                          1⤵
                                          • Drops file in Windows directory
                                          • Enumerates system info in registry
                                          • Modifies data under HKEY_USERS
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                          • Suspicious use of AdjustPrivilegeToken
                                          • Suspicious use of SendNotifyMessage
                                          PID:2212
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa3e13cc40,0x7ffa3e13cc4c,0x7ffa3e13cc58
                                            2⤵
                                              PID:3920
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1848 /prefetch:2
                                              2⤵
                                                PID:3092
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
                                                2⤵
                                                  PID:1032
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
                                                  2⤵
                                                    PID:1656
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
                                                    2⤵
                                                      PID:3204
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
                                                      2⤵
                                                        PID:3940
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
                                                        2⤵
                                                          PID:2668
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4604,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:8
                                                          2⤵
                                                            PID:2712
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
                                                            2⤵
                                                              PID:416
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
                                                              2⤵
                                                                PID:5216
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4608,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4396 /prefetch:1
                                                                2⤵
                                                                  PID:5476
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:8
                                                                  2⤵
                                                                    PID:5708
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5280,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:8
                                                                    2⤵
                                                                      PID:5788
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5212,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:8
                                                                      2⤵
                                                                        PID:5836
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5320,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
                                                                        2⤵
                                                                          PID:5876
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5136,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:8
                                                                          2⤵
                                                                            PID:5228
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5112,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:2
                                                                            2⤵
                                                                              PID:5904
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5300,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:1
                                                                              2⤵
                                                                                PID:6016
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4896,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:1
                                                                                2⤵
                                                                                  PID:6128
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3504,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:1
                                                                                  2⤵
                                                                                    PID:5900
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5628,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5592 /prefetch:8
                                                                                    2⤵
                                                                                      PID:5628
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5564,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:8
                                                                                      2⤵
                                                                                        PID:5616
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4632,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5196 /prefetch:1
                                                                                        2⤵
                                                                                          PID:560
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5380,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3512 /prefetch:1
                                                                                          2⤵
                                                                                            PID:5732
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3520,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:8
                                                                                            2⤵
                                                                                              PID:5820
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3560,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:8
                                                                                              2⤵
                                                                                                PID:4452
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5668,i,18311702292033146213,5876915554828095050,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:5388
                                                                                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                1⤵
                                                                                                  PID:2328
                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                  1⤵
                                                                                                    PID:5280

                                                                                                  Network

                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                  Replay Monitor

                                                                                                  Loading Replay Monitor...

                                                                                                  Downloads

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1afa33e3-4f9b-4fbc-b00d-5fb34d894c4a.tmp

                                                                                                    Filesize

                                                                                                    232KB

                                                                                                    MD5

                                                                                                    917ff7e7807f5c4f1a35d021ab01d1bd

                                                                                                    SHA1

                                                                                                    837713fa78f42c30879b5dc4d244465392091646

                                                                                                    SHA256

                                                                                                    2f5984fc5bde41b5d21da10bc1433d89b93136d75e35ef3d7f1a2173479589fa

                                                                                                    SHA512

                                                                                                    86b1a38a543b6c82083e7f0961bd2de10407a94f333a5a6c4ca40409ef065899c4b201c07e5c04f92d4692e25c86502afd1e85caae7e6bea22d340b86e7df552

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\877e23b0-06d5-4c80-8b15-13196655e026.tmp

                                                                                                    Filesize

                                                                                                    9KB

                                                                                                    MD5

                                                                                                    b408e1829d527ff14f8b23af9f3c8f41

                                                                                                    SHA1

                                                                                                    420cd843e5fc7814e82625860e3d1de73b3618bc

                                                                                                    SHA256

                                                                                                    70395e565d089f509559c029c52821c13a470a35f8c75443757be1bec63f664f

                                                                                                    SHA512

                                                                                                    6c530eed4a6514aad02b1eefefd23cc3f7a2e52a4e5a029e8ed4c43d440254fe67854f092c0af0ad5992662a097d81198d030a855124b3910b2d80766fe1d78b

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                                    Filesize

                                                                                                    649B

                                                                                                    MD5

                                                                                                    ead0be9a2aa20bc43f0d8a2808494cea

                                                                                                    SHA1

                                                                                                    9940e070ac54f3a612e12b93bd4a31a29804e4f0

                                                                                                    SHA256

                                                                                                    d0266b03d49d5e54eb9fd4461a0e7c31a3f46e783dff43ddbb70da1e9d1724c7

                                                                                                    SHA512

                                                                                                    a3ecffbef26d3c3924d103f0fe2f68bcd67c46f7e6c81334f53926c1108b36ffa2ed3c5eed09596b300c4ca8ac4cb0994900ec676500268b9ac2237ce0239e46

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    336B

                                                                                                    MD5

                                                                                                    e8eb927334f650758dc2998b951dd664

                                                                                                    SHA1

                                                                                                    6bc0f0ab42dc7a49e40094195fb2791a3ad8fa82

                                                                                                    SHA256

                                                                                                    038d55ab9a9325dcfec7e63aba7702b701a47b596b3a487417469278ae8e0072

                                                                                                    SHA512

                                                                                                    fae16a14a4a721ff25b4785e9f9a958247ddbd69f788e957524175d7d2a9fef62217e0cd230b71faed69a36fa41ffbfc719f2424689f98dd7632075a2d56b1b2

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

                                                                                                    Filesize

                                                                                                    851B

                                                                                                    MD5

                                                                                                    07ffbe5f24ca348723ff8c6c488abfb8

                                                                                                    SHA1

                                                                                                    6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                                    SHA256

                                                                                                    6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                                    SHA512

                                                                                                    7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

                                                                                                    Filesize

                                                                                                    854B

                                                                                                    MD5

                                                                                                    4ec1df2da46182103d2ffc3b92d20ca5

                                                                                                    SHA1

                                                                                                    fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                                    SHA256

                                                                                                    6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                                    SHA512

                                                                                                    939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    a38d6f117ba9a69b7ea69ee3573a9f51

                                                                                                    SHA1

                                                                                                    b84b91025a69786f5a6d6744d30b7a56d8a8ed02

                                                                                                    SHA256

                                                                                                    7ad88f243575ca06447dce69e90ee47e12d5ed7f0f3805ad83271e8ae86ed0e8

                                                                                                    SHA512

                                                                                                    00ef4c5b591e02d1c5c58291a1b969c702809af7c8f377fee9582dec6990da933dfc0805fd87635f64e8c4f34e7e18ec4427756a64d7a041e73774594245f535

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                    Filesize

                                                                                                    2B

                                                                                                    MD5

                                                                                                    d751713988987e9331980363e24189ce

                                                                                                    SHA1

                                                                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                    SHA256

                                                                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                    SHA512

                                                                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    524B

                                                                                                    MD5

                                                                                                    bfef1998b5e456c7fcc3712d7ebb9398

                                                                                                    SHA1

                                                                                                    ad186207338be257efe77698da7baad92b896280

                                                                                                    SHA256

                                                                                                    7d97a3875f3c0a5e5a167510cd1543e644c65c216ab365b0ce2e87e11dc0ad10

                                                                                                    SHA512

                                                                                                    1f0e6c36601bedb7cbc6259c7970d633b6c234cf10a0e82175644978e73251faf775744838334a4e89fbf57847379054ba9e927641bb9bc22a1da7e0a9b034f3

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    524B

                                                                                                    MD5

                                                                                                    36a5fb9f4dd24f8e139658cb58fc2696

                                                                                                    SHA1

                                                                                                    155ee6743374f712e505f0caac5dd5c3a824547c

                                                                                                    SHA256

                                                                                                    cab38cf2bd798412a150b05929f5d24c5663ac6f467494a4b5363a36f86c1d4d

                                                                                                    SHA512

                                                                                                    e2eb23f07e12564f0d4df32c3362b6d20c4dfa9e87fc201c0249a822f04c4e191b373cb5dcf9ea5ad1965811e7fbe28565201f8d732a9a3d97de1d9982d8d4fb

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    9KB

                                                                                                    MD5

                                                                                                    a26bd23516b5150cefac672bc77507e0

                                                                                                    SHA1

                                                                                                    6925c042682e2a012e02842f4ae7c22d1cb24c97

                                                                                                    SHA256

                                                                                                    d0da086e80595bfa2db8f2917e427f91028921f8bb220791033cb95fa2b4b596

                                                                                                    SHA512

                                                                                                    b82852283821653b37ba984098695753be92be5ca9d26e8543ecdb21e153263ba4f2878cbb784eb5c8c8edbface438a58f9b3ff3ecc5767b2c8d8f8d4be91aaa

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    9KB

                                                                                                    MD5

                                                                                                    bd3d11bb067ae5330a41aed9e98eb8da

                                                                                                    SHA1

                                                                                                    43c3eea37ab15dea245303b656c264555c1b1914

                                                                                                    SHA256

                                                                                                    4e6bf90c9db4ba86dce882fd21cf9ee3073256a6b3c232e3a0dfb58cb67127d7

                                                                                                    SHA512

                                                                                                    77367961bf7508a0e719d1931ca09cdec6b5d44fa7bc32a65e1ff45586ac4a37e7e1f2c704e79a1da0d5550e60684d3f3b372d8929ef1bf732374f05e0040e17

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    9KB

                                                                                                    MD5

                                                                                                    71ef03e509fbb58b3ddb5ffa5d15fdce

                                                                                                    SHA1

                                                                                                    a7e75a5868adffd453cd2d97b1acffea315cdd8b

                                                                                                    SHA256

                                                                                                    9cb9bcf56a76136a2b69c0bbed9576b9365850e92d09862f6bb67850c0480720

                                                                                                    SHA512

                                                                                                    c73b238f4cb41c8a854824804f051d68a453cfccb4ec6d8b443eed2deb1e6ebae7cdfa68fbce5f3ed5e9562e220291b3e99ac88184b2aa3927605f8b8c26c03f

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    9KB

                                                                                                    MD5

                                                                                                    bacc2c4a982b105a507164bd526ab83b

                                                                                                    SHA1

                                                                                                    d6aadb8175002b88f8bebf2bb4e1851d558e3e55

                                                                                                    SHA256

                                                                                                    e066d19c96b1e4a1e915a588af218670420e9eeb3a4a60d280671ff15c89b98b

                                                                                                    SHA512

                                                                                                    52814d5e02a8738e06f8899db841cec1cd538dc326fb084d177bf9c4b75b6ea569a4a503cdd90db4c4ee5606c801ff6234a025fda2f4c63430ef3c184a651db4

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    9KB

                                                                                                    MD5

                                                                                                    b6331969c3ee8e3583698f13bfbd9cd2

                                                                                                    SHA1

                                                                                                    ebbcbc634e55c764298cabc7f0b873ba03efd0f3

                                                                                                    SHA256

                                                                                                    bbe782a0dacf4b7ba2ac6d033db43e15d8a097d12b3f4f2d1e8a58529e036c7d

                                                                                                    SHA512

                                                                                                    5540c71f41cb49209bc662158d131fe1e1c3a7915b4b4b0f2c8e7f5f6f11632f6968e3a700c4bf774e28f8c56ce1d51a0e695b119b12f51dda8be3b3676282ee

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    9KB

                                                                                                    MD5

                                                                                                    6d9b0444fb014d9ffa957561898db329

                                                                                                    SHA1

                                                                                                    07afacc719a10580865a678e87829ae6ef9198a5

                                                                                                    SHA256

                                                                                                    f92fd222507ee1823c27de868823c895b51e9970fb751906abf2a9d41017c921

                                                                                                    SHA512

                                                                                                    119d745018788d8ca9109edc90e54e82ef068dbecc0e7f8a03708ac8be4dab3d48255a4e2dd349a58d7e7554e0e5273fd995e87eadc19bf73e6655b3d35643ca

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    9KB

                                                                                                    MD5

                                                                                                    d81bd87f4c3925559649b24491901ce5

                                                                                                    SHA1

                                                                                                    f3db81caa5268f5070fb15992bfb9230e9cd9cce

                                                                                                    SHA256

                                                                                                    00a5daa0b4b4e91a3e20ce81713c6d32e00e7562934167347fff611934b8f584

                                                                                                    SHA512

                                                                                                    1d5edc8118654c85f0052895ccdc0c1212c43f5f2a19ae8abf741e8398b2cad2288510c9474d94871ab7d9f460c3b2747a01d95e8ec7374839c273ccf4e795bb

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                    Filesize

                                                                                                    15KB

                                                                                                    MD5

                                                                                                    ad815f1c3cf479cc88c4a7ba2ae97f33

                                                                                                    SHA1

                                                                                                    05e2291b48ded8c4df4b3544e5f671f52132df9c

                                                                                                    SHA256

                                                                                                    50e5d4eae596e77a46ff8e43c9beacced1559da4c880fb7813ca6d182b4fc56c

                                                                                                    SHA512

                                                                                                    597486a04c5c0f9d778abe60955c16fbba91b9866dd31bab5da445a1ddc78fa6eb79df9db4d9f8f08dc7c5028a1badc374938eb70e3934f8354dad8036221910

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    72B

                                                                                                    MD5

                                                                                                    f6595b60751b2ed8d345d4a315a4e3ab

                                                                                                    SHA1

                                                                                                    5c2617fa86b35040159d3f0a718cbebb5198c01a

                                                                                                    SHA256

                                                                                                    e2ede6cba543f7d7f9afa9648322a91107f121362ce72b7e911b9bf855a8cc82

                                                                                                    SHA512

                                                                                                    6d115c80c48d9984f8bd1339e0da80ec83348ca8bb60cf132f7ccdfec9040c29fc33b4dc9444b54496edbd7baa743be059132ea334fbd9ea7eb551c4b953f383

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                    Filesize

                                                                                                    232KB

                                                                                                    MD5

                                                                                                    42388a71bd9eb7df63650b1accc09889

                                                                                                    SHA1

                                                                                                    0e9af1763316ec95e5dc4d04ac54754f5dc7c6e1

                                                                                                    SHA256

                                                                                                    032afdd3303063e30aeb212f32bda4bb9bfd06f9384d32ea87493c3ce8fd8e0a

                                                                                                    SHA512

                                                                                                    01f4636cdd99367e0e54a3b3209dbe8c1106b1831c61369def83ae68f5a468cae607f11098eae26dbead416936db976387784ed7cf5759692727604507ae3f68

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                    Filesize

                                                                                                    232KB

                                                                                                    MD5

                                                                                                    2db87ab7f42b1f351373b404e1b84c56

                                                                                                    SHA1

                                                                                                    741348f991239cd03a58801a3de2ca3fb55d4aa3

                                                                                                    SHA256

                                                                                                    9f449b164289e45691aeb782f8c0df71987482ea121a3f14e47bff4db2a9ad9a

                                                                                                    SHA512

                                                                                                    f79c2de311e22839553779a29957db8b5143ed4632c75dedcaf3a3ac2893688657bb5e97b09d31c026bdbd758d670c55cb56fe94e7e5105797da0a6b48991796

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                    Filesize

                                                                                                    152B

                                                                                                    MD5

                                                                                                    826c7cac03e3ae47bfe2a7e50281605e

                                                                                                    SHA1

                                                                                                    100fbea3e078edec43db48c3312fbbf83f11fca0

                                                                                                    SHA256

                                                                                                    239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

                                                                                                    SHA512

                                                                                                    a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                    Filesize

                                                                                                    152B

                                                                                                    MD5

                                                                                                    02a4b762e84a74f9ee8a7d8ddd34fedb

                                                                                                    SHA1

                                                                                                    4a870e3bd7fd56235062789d780610f95e3b8785

                                                                                                    SHA256

                                                                                                    366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

                                                                                                    SHA512

                                                                                                    19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    168B

                                                                                                    MD5

                                                                                                    6dd7950190d8a7be6b137de98ca2beb8

                                                                                                    SHA1

                                                                                                    9fde3c5b27fd029425b115d3ae5d1a3a6121bfb9

                                                                                                    SHA256

                                                                                                    0b3d83daf7962c4262263110a634a287fa075446ec5071f34a02125c56f6fa6e

                                                                                                    SHA512

                                                                                                    5f628e764c6ddf439c84b5bd187c4aacad79ed38b0c03d9d874cfff6acbe2a7dbf1015d2d9398676b45b19eddeea44a1c1c86437e73e9b9a4adc0671b121c7b5

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                    Filesize

                                                                                                    182B

                                                                                                    MD5

                                                                                                    a9e914e67ebf7fb989856e89c81ece00

                                                                                                    SHA1

                                                                                                    56b2b10888ed608be2f96c529f77a05115725d80

                                                                                                    SHA256

                                                                                                    8cb6c1250fc5a2edd2c1f0cb2d679dff79106195ed6c59577e3655ccdaf10556

                                                                                                    SHA512

                                                                                                    29b7f9e22a6f67806aef4d3f35adf453681964aafdd44c8bd9df8afcc6414c70a59d5a0a5283f78841f3ed1a28c4ffd5113c782e9b9b533b2ab8bd3b25e3d8a7

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                    Filesize

                                                                                                    111B

                                                                                                    MD5

                                                                                                    807419ca9a4734feaf8d8563a003b048

                                                                                                    SHA1

                                                                                                    a723c7d60a65886ffa068711f1e900ccc85922a6

                                                                                                    SHA256

                                                                                                    aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                                                                                    SHA512

                                                                                                    f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    2b2e3f4e659d5ff52d0566dc12574245

                                                                                                    SHA1

                                                                                                    6cbe4d11397c7fdc7e0616beabfb809117362af2

                                                                                                    SHA256

                                                                                                    58997409d605d11f5e02cba65e76fdea3295c86364ad68e192654bfde88b7f18

                                                                                                    SHA512

                                                                                                    5a8d695a841ea026d6159d8a068f70d6f103c44bd519fba261d6c2f068a6acecbcc9dbb644413c94bae2760e50d09c2df0c1531176f21c4a2ad5f256e08d2793

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    5KB

                                                                                                    MD5

                                                                                                    470f0728418d1996172f90d60eba21a9

                                                                                                    SHA1

                                                                                                    04636e5358104aaf96934b18e370557605bc6c3a

                                                                                                    SHA256

                                                                                                    64c7853897741d5c4ef0ed5b32abdb500aa9c641e2a12b764e67c6ccae8c1c92

                                                                                                    SHA512

                                                                                                    7fd26e66a65815ff796ef3ebdf9aec8389bbe6d19b7bdec72d5c4a01d9d36906224e62b6d0793b40a104a50cbb07f8e8635862bb448209efe8ebea154e36010f

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                    Filesize

                                                                                                    16B

                                                                                                    MD5

                                                                                                    46295cac801e5d4857d09837238a6394

                                                                                                    SHA1

                                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                    SHA256

                                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                    SHA512

                                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                    Filesize

                                                                                                    16B

                                                                                                    MD5

                                                                                                    206702161f94c5cd39fadd03f4014d98

                                                                                                    SHA1

                                                                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                    SHA256

                                                                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                    SHA512

                                                                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009

                                                                                                    Filesize

                                                                                                    26KB

                                                                                                    MD5

                                                                                                    8235f98068f731038d8520df4727c625

                                                                                                    SHA1

                                                                                                    6ef1e3ca36d59de490e593ec195b632e8e09565d

                                                                                                    SHA256

                                                                                                    98280dcf81e7ed7a29b2d383c12027481bf771aa6358012ee5ffcc8b3af21e38

                                                                                                    SHA512

                                                                                                    d75d4b688898ee9c9ee07f7be6e9dafd0154518ac54042270666969dd15dbc3b7c8cf92997c510f42f20a5ad8270d5324dd8f2ef91666a9d6d0450d60bacfd83

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    10KB

                                                                                                    MD5

                                                                                                    a3aff938a8fa5a61d773db27174d00e5

                                                                                                    SHA1

                                                                                                    ec11be02bc2016fc69775451958fe8981a22f684

                                                                                                    SHA256

                                                                                                    9297119b809dff387a7fbb33cdd77183b7c2c84a35fba2d929cf419bbb433538

                                                                                                    SHA512

                                                                                                    6550043f5ba1736efcc0c08a7fed9546eb55f6a6b214addf8580a865dc194f5a8931319353ddbae8ba77fa805eae230a0f2fc97c659d154ae4a2435572a5508b

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    10KB

                                                                                                    MD5

                                                                                                    a66121e16b7e7ed212798d3cb1acb58f

                                                                                                    SHA1

                                                                                                    83f2ebf25d0d30a1a98e62786974c852397a4403

                                                                                                    SHA256

                                                                                                    fad7b98652532a2769b5d28a8205f78c6c187d0dd1aa5f4418bd146f7873486f

                                                                                                    SHA512

                                                                                                    020188c8dcc6663a2c6e3199d2ec0c6b2ec1647b9cf60e7c085feb14075e1cee340113101d21a7ca7f52e8f6ab84023c67441ed23ac0d520b066c31b93944c54

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    10KB

                                                                                                    MD5

                                                                                                    f904b3e4f3b3a35c4d4807b7fa15fb99

                                                                                                    SHA1

                                                                                                    b3e4243fe55a47099ec2333d29f8c4c808664ff6

                                                                                                    SHA256

                                                                                                    8d4200926ffc68f16c255662d7fe925a9f2bead4ab3078ce9f6dbffaf6b144b3

                                                                                                    SHA512

                                                                                                    de9e14a0c0f1560697d6ced29aa7cd39eca8d44b435a856e8fe8bb7ab9dd4a7a23b596713761afe024af7a66f90deaa6a2bb5ba986bba6b67037ce506fb7edfb

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    10KB

                                                                                                    MD5

                                                                                                    0c9f491db7dc67c7532711eb3bf6bede

                                                                                                    SHA1

                                                                                                    693970084ffd7d54e4df4ef45da994a72736e70e

                                                                                                    SHA256

                                                                                                    e733b0bf8628eaa56786476f1ceb314f52063b129c7782ab3f6bb7f75cdc8fe2

                                                                                                    SHA512

                                                                                                    c382f911872177f2ca72d2ed788afc05b52ff8501d3ff5ef42f2172afb0c5789afae0082630b826322dfeb46d1f19b191292aa5b628fab46ea6fac3758685365

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    10KB

                                                                                                    MD5

                                                                                                    c700bbb80237b2e68a34c4cb0ebdafc3

                                                                                                    SHA1

                                                                                                    e0603550abd1bc7eff2c0d2ec4cdf42e14bede0f

                                                                                                    SHA256

                                                                                                    095a802237d7d07c6e484115dcb11a5a3be368ad7934553514135039119f0af9

                                                                                                    SHA512

                                                                                                    de5f218c5637f580023cadb6bc6542d458a0d11a60a216b4d956694063c1cd9ee49a22bc8d0b57fbc2d6fbdb122ea501dbf19d3f76cfc4883e9eadeb0e9b3726

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\59e0b54f-c52e-485e-9987-5b86ffc83e7b.tmp

                                                                                                    Filesize

                                                                                                    1B

                                                                                                    MD5

                                                                                                    5058f1af8388633f609cadb75a75dc9d

                                                                                                    SHA1

                                                                                                    3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                    SHA256

                                                                                                    cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                    SHA512

                                                                                                    0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\scoped_dir2212_310277741\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                    Filesize

                                                                                                    711B

                                                                                                    MD5

                                                                                                    558659936250e03cc14b60ebf648aa09

                                                                                                    SHA1

                                                                                                    32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                                    SHA256

                                                                                                    2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                                    SHA512

                                                                                                    1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\scoped_dir2212_310277741\a398cc7c-b6b5-4e74-927c-805be2dc0620.tmp

                                                                                                    Filesize

                                                                                                    132KB

                                                                                                    MD5

                                                                                                    da75bb05d10acc967eecaac040d3d733

                                                                                                    SHA1

                                                                                                    95c08e067df713af8992db113f7e9aec84f17181

                                                                                                    SHA256

                                                                                                    33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

                                                                                                    SHA512

                                                                                                    56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 641805.crdownload

                                                                                                    Filesize

                                                                                                    6.8MB

                                                                                                    MD5

                                                                                                    9ba5942cbc30e6c4533898f0b4775eef

                                                                                                    SHA1

                                                                                                    7763439476a4b1fbf409d4c7b7e9dbe0c0b91892

                                                                                                    SHA256

                                                                                                    8164f618666a3d060e236226d3244b5e14582b79f86831ee5ecd34aa1e1825dc

                                                                                                    SHA512

                                                                                                    a1ebdaea46c12058a9e31056d0c78bc848fcdd7f35f2694d400d132d87b229470a867f60c2ce9e6511877623242f49d8ecaeaaf025ffb09acd37eab00f8e250c