Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
09-11-2024 15:34
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: Montserratwght@500
-
A potential corporate email address has been identified in the URL: Montserratwght@700
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
Processes:
flow ioc 118 discord.com 23 discord.com 48 raw.githubusercontent.com 50 raw.githubusercontent.com 117 discord.com -
Drops file in Windows directory 1 IoCs
Processes:
chrome.exedescription ioc process File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
chrome.exemsedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756402219454103" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018527317-446799424-2810249686-1000\{CE7F80DA-8E07-4DA2-B9E3-F51695F1FB08} chrome.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\ScarletAlpha.ipa:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exechrome.exemsedge.exepid process 1648 msedge.exe 1648 msedge.exe 2740 msedge.exe 2740 msedge.exe 2840 msedge.exe 2840 msedge.exe 3596 identity_helper.exe 3596 identity_helper.exe 2488 msedge.exe 2488 msedge.exe 5044 chrome.exe 5044 chrome.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
Processes:
msedge.exechrome.exepid process 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exeAUDIODG.EXEdescription pid process Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: 33 4720 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4720 AUDIODG.EXE Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe -
Suspicious use of FindShellTrayWindow 62 IoCs
Processes:
msedge.exechrome.exepid process 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exechrome.exepid process 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
CredentialUIBroker.exepid process 5652 CredentialUIBroker.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2740 wrote to memory of 3188 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 3188 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1092 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1648 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 1648 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe PID 2740 wrote to memory of 4384 2740 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://usescarlet.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffab0813cb8,0x7ffab0813cc8,0x7ffab0813cd82⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:22⤵PID:1092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:4484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:12⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:2788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵PID:128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵PID:2756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:12⤵PID:2592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:12⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵PID:500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,4071991388473260970,165230381001699755,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6140 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5872
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2436
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1332
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5044 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffa9db5cc40,0x7ffa9db5cc4c,0x7ffa9db5cc582⤵PID:1680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1840 /prefetch:22⤵PID:1640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:32⤵PID:2976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:82⤵PID:4996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:12⤵PID:2268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3756,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:82⤵PID:2384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:82⤵PID:852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4872,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:12⤵PID:2736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3380,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:82⤵PID:860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:82⤵
- Modifies registry class
PID:1444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:82⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:82⤵PID:4816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5116,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:82⤵PID:880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5256,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:82⤵PID:3800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5544,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:82⤵PID:2384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5220,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:82⤵PID:1896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5536,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5472 /prefetch:22⤵PID:4884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5408,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:5384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4592,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:2524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5484,i,4809967971768727992,11087268750619623565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:5992
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2000
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x0000000000000470 0x00000000000004781⤵
- Suspicious use of AdjustPrivilegeToken
PID:4720
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1780
-
C:\Windows\System32\CredentialUIBroker.exe"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5652
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD579827c44d09e6ebac8e6192ed825372d
SHA1915b64fff175f40f5317134ebed36170088aa5c1
SHA2561f841254e7c1b66de8b4c0cbeffdc911460a48c9f7028c0b6be1daccb612d0be
SHA512393bdf97a43f93c1b499474c6f1c698a384c918e5e58c531f1b59aedcf8c3b7eabf0814f1c69426caffe646a08a19229c7a4e04666fbeb83af072ea7dc7a7029
-
Filesize
17KB
MD548c91c5f5468c4bf412532b7582590e8
SHA159a3d2b3defbec0f56c2a78a5f842aed336b467d
SHA2560171370addc6172008151aedef0caca5d31349d7f48a06d75913b9452bc13d12
SHA5127a1af93f86b4676ea7f252334dfe090857815ee8f8e6e2e03e587bc86b73b2b0aebe63fbc4ea1135a82e82c76829b57738e4dfe678a307a553f8077c8ccdfaf3
-
Filesize
40KB
MD51d556959d741aa85eedbc14e9a7119a4
SHA107987766f6b6b5ee359d43275a0b3d2e7619dd59
SHA25652073d6772dd47314df0037786638236f6eb8e940613f22e777b65f0a488fef8
SHA51249cb7ab4a75f0a809ae6ea66bd07dabc241adf3d6fe625a9be293b19f2a6e3f9088f468c4f109643bab1bf75ce2e7716a28615d8a400b9aea5248001794b13e3
-
Filesize
266KB
MD5c0ece23c12d628a3fa20d1879205daf7
SHA101f884ec5f79fb735eca0b4e65c37da3d466c4ad
SHA25653d9d177c85d7ce1b88142b381d9450f7c1712f22071ebbb4f1d06763317dc9a
SHA5127cba3b66d1ed15a7317fe1a4066e15777e43228815f2315f21eff569612ab411f623414fe809a8109799d25fe8df7be8ffc19cd71dc62de3d365d9fe248c38cd
-
Filesize
58KB
MD53312c810ec0024398fa10e03b01ac92c
SHA1cb18fd32a059b1c59e5808e0ea89b46bfdddf1c3
SHA256bfe1c7f7ab32ef20fa55ac7e85dae1fa92c5a4252ca70c019ed2bb284f4f4484
SHA512d7adb34390ab5fb17ced9cec6a4aebb48035f84774d79a11520cd9d8f07716aed76f670f6533279b9ac7d132f75ec67ffeae9fcfe596bc563ddb0f5ccdf3ed33
-
Filesize
87KB
MD51ba457d3a03291a1c6385e53e389d883
SHA144e9998630a4989aa38206abeb9a327085aac88c
SHA25648be8a8622b8bd20756192729663930b909ad98d3012cd0b70407c3a7547aef0
SHA51282f0a14e09a65ddf8753f91c913136b058c8e04acd8e252c523a4b54c57ceb468793bdae067e9431757bdb4c245b36eace078087e7ae773d5a3f7a4998f60eb0
-
Filesize
77KB
MD5eb9451406239f469d62573e646480098
SHA1d660866d67eedab1a6ecd686416c65f3da65bdf0
SHA2561025893d17448a31de6464625bbb7c6445ad3f6de2a27e3ff1963a260631c2d7
SHA5129606378f056883c7f8a421ba8488477ff172845fc9b4cc95f1f6f3c428340416066954a0c9d36c02f6f78814155e90ede063f2847735319c3a53f4da85f9b96a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
Filesize851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
6KB
MD55a8aaf1fdcf9e5b832ad53d890c76d6f
SHA1a4638c755c2f460b35421ebac59afa6171c09f49
SHA256b22310f43104774e6dd224b29a70f634d15ce20ed6b507f0d02d37d2285e2c9b
SHA512cbe77726216583ff52232404b8543a954b9f815ddcc589b7d658be0314f7e0e38a12b69c686a357b258ea2cb420b4e74ea584b7efed13aff0fe1b50a719b8173
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5268b67d3ac614495c82cd16b1fe0ae9e
SHA1817d87f1758b6782bad0c61ca97524f7d930abaf
SHA25637d8f4380952f5c371cfd798fe516cd6dac076b87dce4e45c6e9b1e52d43b6e3
SHA5122e4902968be8a4b42a9aa4828fde7f3ece8c424a3fc055c11139181ef0ea36779ba945312397bcd92205af2da757885cf740271fc9da170fbfee9a0205d2aa87
-
Filesize
2KB
MD5639d3d121208d73d9feb8f7ccdeff6dd
SHA1905d2e6fdcc281bd71f1c7640ec56eb747bb3307
SHA25616d0d6e8434fd1062eb367456e771abbc958076a909e423c0846f461ccdcf5f7
SHA5124b868508082803ea0a72aeec6751cb7abfb76b2ae66dd32e7f6df65fa3568f7d7f6c30989c451039fedebff6207eb544a09e1fadadd8b25f07970de517039e02
-
Filesize
1KB
MD5d2b3d5455c22fd6c02dabafedb110e1e
SHA175bfa5e0c36c0fdab98b3fb310c6d06af192a806
SHA2561e805a5d67d997961cd79457643447f961aa6b4844b848f4389afcfbf786959c
SHA512a01851503104071673799fa1262cd05551dae4a80004b1472d49e1524ec1c276e51b42404c28d8e458f0ffebc4a8be934086a81b6d749eea6e901f70a471605d
-
Filesize
1KB
MD51de8ddf8906adcc6508aba20fa660996
SHA1689f396e3578590687a5574a247a1d08c834e7b3
SHA256889bacdd71446cc210452931cc6fb07e37fbc1a403d3af0b40419605f51fbb2b
SHA512d09e5ab2a5710f3aec2704f21fb1b9c70d8be72edc33ec80d4e70ac05f1925eb2ab5fb5a224fad24c7d8faf898d4df0e3c8b2f73dd06139cb05657af7118158b
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
9KB
MD530e44ce58c96a7746c41750ad8ca5c51
SHA1c89e55e95c893e986506bcba5c7af1f378e5753b
SHA2569ed10758f2f59904b740034e81391576c9e553ebdacaf1d1e3d3588607580cb1
SHA512809c0e6b4b7ddc569290f4a83a5ac1951d37d0f61b5a0b09b21e14a901b23d583d39853867684ef15d67055b7e68f9e1be1e35caee0dffa6659fed46e2f8731a
-
Filesize
9KB
MD5b7fa7c8cf2ce9d4ebe3def855d65915f
SHA1789d9838d4c0411b8a12806bb00d66411db1d2d0
SHA25656468ac1d624570d74e2174562cc5da452266708eb9a1afb564966eda40ee387
SHA51275bc2fddda3a88cc8cc5fdb0dbc53949acef3c263fb5aa3491cd58c3c4a87affcd5f851f2b2e13bd1cfdeebd79fe048ed18d9ab741d44628472d48eb9d6afce8
-
Filesize
9KB
MD5f2dba33c7357bd91199e7bcdf6b6b23a
SHA1d774ee7d15c7777a95b8ef574653056eee0bf67e
SHA256a4bc55362db9dd0d1fb9ac86ae77333adff2d28818ef7133f0b3dd52d33223b4
SHA512f397cec7b4a4f918380e7147cc6d30025944c671b2a40e9cc6b0ab1dd1417aa4a8dbd076f0f711b696ded42fbf64f286416f198dc786bdb8fbd9c1d456fca72a
-
Filesize
9KB
MD5763866469e61dbe4d5ce5ab40bc50212
SHA13157d5a8f1c86dbfe663e91cd456b7d2b751a51b
SHA256fac973eb18269fefabf8991c37e87f8da29eeb7f0e1ffb348e8fbc68ed44b749
SHA512ddb5300b1d81aeb306aba00dccd8577b10aa465e5e7957d101f37dd6e8b65cc1be36cb2ff43fd68cc317c2d50cd3ad567d6ccc8cca8f4db3a5112d6b8528d847
-
Filesize
9KB
MD56feb1cb105ae5d57ad6254dc2ae5f77d
SHA1f86fb18439cfd64d12cb428f4cad27b2a0f6e21e
SHA2560e2b5b68176a0ec25c601cdadf8849885bfe3c376b5e356463711ad745df249a
SHA5121605c648037f2fbbca5c71fd930e4e5be4fafabd875da29e1cde5038e6cfb43e3d4fa5af2d856237f184399d7a18a29368026c667de7c98b90b063c49387e29c
-
Filesize
9KB
MD547c5c6d1a2be1f16c503c108c991d8a6
SHA144ab4878004ed610c5b1e16055d406ca7a7cc15f
SHA256bb5bccb9a1e0ae6c539558786e31d4a09edda5c8f9cb5781d1073c2702bad4ca
SHA512b560340b0ba78a02cdf5f060fb781d9748bb8e1a759ad2a51e7b706688a0b0346267f86cbde2939d4c176086b597fc138aacad93b3f370d854335c57d678e0ca
-
Filesize
15KB
MD52e06de1b629e9d55c77e9fc361f2e633
SHA195d97919d1138e1a7a60c548321fd1e09928fbbc
SHA25651b240702869a01097e4e53f4b6ce5183ce4066951b6533911614cc16b664a21
SHA51210b09732bfb3bcb72a9ab4a2ee25fd5bed40e6232dc913fb862004e553c0d3a11d242aeff17007aedf83f9866ce194f4355a356c8693c5745298cc99a644a34a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5b4925e418b5f3ca488e513f3b7ee348d
SHA15178e54d9d8b228a96055830559143c1f7067c61
SHA25600701bab6b09e5534192a2c254a4ba784d758c606f76abf7eae7da2a75c0e395
SHA512369d68c33fd3279957491635e49e981e1931303856a5c212b851c4f7300905d34f5542c8ee868e5d68aa3743da5b2652726065a70be29a327df7f79535deff09
-
Filesize
232KB
MD5f06fefc5a5588ce5170ce639d58f1f1a
SHA1e918ec41ef0cbcb0c57ba80ce0c868c3c5472e1e
SHA256a7e9588f85526a25c54a1eababab619154db3c5f91112c6b3197580902c61b44
SHA512ceca78cc776df4c544df659e104d8ea4e74df5c4b67037a4cb0e8c7f31e1a3cbf8d543c59fa55855f5d8bf29eec8c1a1ca2c53fb2f7489a2572b762c2a144e8b
-
Filesize
232KB
MD5384d28123cefc7f1fb2130fe16d23393
SHA1e3203abad494a94c294ff3f9de9589fddb82b0b9
SHA256d277d86aae460438c148f37b9054ab98bf8b4abd607ca8015e2397936eea10ec
SHA5122b7863558bade4fb9e89b6d0b040015be34b9436073c0955ca897f1f9bcfb36d843afc738c428b0b9163bb7345b3641d49fcd634f61e65c6005a9649fe2e8c44
-
Filesize
152B
MD5003b92b33b2eb97e6c1a0929121829b8
SHA16f18e96c7a2e07fb5a80acb3c9916748fd48827a
SHA2568001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54
SHA51218005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77
-
Filesize
152B
MD5051a939f60dced99602add88b5b71f58
SHA1a71acd61be911ff6ff7e5a9e5965597c8c7c0765
SHA2562cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10
SHA512a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f
-
Filesize
618KB
MD5e43ced67ae95b4b503ee2093d68cc79c
SHA1a20cf61fc93252e6173b4a0bd0f8f9055b622cda
SHA256a14e606d23e13c2cb345c4f6c13030039ecde0574134b665ec06d58afef23d21
SHA5122c3b45c71f97cc8dbc6198dabb0b4d1c254a7ec634e3bcfb1205d09d91f6c2cde56063cccf8941c0e79148facc903fbd64668c6e103b4423ff1e37ecbedacbbb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD56e76166cf3609777de3abe7d882be3b3
SHA1672c5f23f9fa16761d27f1946a524012fba15d96
SHA2563d19dcc33e03b01c8e9da8f1809e2091a3aa6a65d3bd9f02cc3c7b17336d5bde
SHA51293ba61f9775d3efa17b89340df1b020e9367f3b1c7639772c2414f42bca02019034b53b81c7b129a4d17d2eaf01be9dd9dccee484af75479cc80c7aa4a6596ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD51bf370a8f3718c682d29e6f96f239422
SHA1332e31e3c1d80e2b93f0432bc3a7404242c94612
SHA2568271c1cadcfe722e965871f63a038a3914e67c4e375b763ea219f45273c02acf
SHA51290a504091afd1e40834ab2282811a046c769e2fc717b2afa20f38aeb087d99123162e2dcd2e16c40d8488501e410a8a265654a36c1152f859444a899e1ec99d5
-
Filesize
4KB
MD50b10c5e07da7e8842cc3e632a0503402
SHA12575ecc81961a4f4c2abed1ceed8f3d2093ea40c
SHA25626508f5002cb535bb66e9c0c7d04b4e777a4dc6967eb8d5e5918b7d5cc794639
SHA512b526fbca8974e1614fff7b2a4cb64123a5029cca039cc2c9f2290d0b3a67c857a11b3b006123d877cc71bb921f756aaeb923625cdd47292b2624be83f61200bc
-
Filesize
3KB
MD5e4e9d8b239453ad1dc4876bcdb446fce
SHA1691989e83cd513a9d68c1aa6f8d65a570e164977
SHA256286db00a00137721c156626243c6412f5a12a75697e1fae5a0c0000946c5acd0
SHA51251d215e6378770864d082045e7cf4abf6d7911b9147903f98538bfa9d7df3f97a2bae14115be9d032469f1cf48e096f20a773c38a16131b771bd762cdf2e5b64
-
Filesize
6KB
MD52837726966007bd5482351ca8399d822
SHA142a5375c3e1115d8977f0e4964babea64204561b
SHA25659c8f237651e00eec628b39148e390656b3989c038fbde94ccd4a2592db772df
SHA512c236f4fe0c2bb5a2967288a494fba1f6ef1946a6f49f3a5c309969099b2a7692db49c1e466b17511beb7b1e07b51ef754aab6b1ced0057a64c09ba9748996e8f
-
Filesize
7KB
MD50074ecd55a07b268aa68119ed63a5280
SHA1ae8d9fdb21dbf1ba08435fa806fccca320ec2ea6
SHA25688edc2b33b085869228d91105412ac7a4b0113b895b4b3410d51f5c22588780f
SHA512ac2dfacf033fa2a8161d588935c483160dc8b7d1c79fe8fdc3f6749b88b1676c84bad1b50700762a52dc26ebe8b15bc0b67e242f6a9fbc01055cb9caa49b1b1b
-
Filesize
8KB
MD5f3350ffb70a1669221a8fc5578e631c1
SHA1566169edf6017513fe17b2ff5b1d6e57043a31e1
SHA256a023d6922235e4a6afa31230f5d92b7fa799582f5acfbf9b336103d3d81d65b5
SHA51201f18829ccfeea8394c6f707b2579e180c2c393c3f68e14cd55171aebf4ed2229a71b447e95e5388e3886c33106668f668538ff75825f6af3d5f4ef1bc881ad7
-
Filesize
5KB
MD58a5ecd78593d7aecdfee608f9928c17c
SHA10132534b24649c9bec8fc035d2c93106a1ed1aa5
SHA2565fed373b2b94a9f4c404f1bd5f6a15e7c30042891cb2cbcb8cb6ed0bafcdc137
SHA5124cd7222bb37c82a75aadd83a02114394296b3bf81043f98ce76f083561df558402fd8c6647fe169add4f3afc7eb877dab2224bf4a6e5d55d41d2d506458c9ff8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5fc5e56151730a27c0c0bccf5ecb4cbc0
SHA120eb5885ecb81bdf65aa57bf77f5de21ceed3fa8
SHA256fc13c3ca63e6bb158d6d44e27d962cb8e7bd076339034cd7e8e7cd1324b68a02
SHA5123b5d53181c9146d830caa516e59ccb208ded2f6441f9b55dd940e0bac92a11613790909b5d529059fa7bf025e5676446041079c4eaf9d67f7cf63167812177b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583c97.TMP
Filesize48B
MD56e3b7d5ba1699dcd4a7289b90921fef6
SHA1eede77d9de18af0e25c4c95c15bedaf496f9f291
SHA2565a60334f03ac113eb489294a332b310deb129c70ec40403e2f93c5245a58b65d
SHA5127b1363c852f3801c3ade7d37cf013697c79a3ff5018b8688417a3aedf054c9ced75d1d5bd71292ba394b7aa610eb2f91227003ca9c0621e8b36f25f307fda358
-
Filesize
2KB
MD5fea4fee24ade8e210e084a533ad21cbe
SHA1abdc9da4f694b418e04454f875cb613a82cb3667
SHA2567f1e9f5b16e0d7cadb962e5bf88104007b322c0a0f3d3bf580d5d60b90424c86
SHA512277eda540af0969297a67ab8b79104e6002eba371de745d912adeb06b9fef99e69476ab0a35ebd89fba4284fa47b8cf9bced99399935430b2d0ecf3f3b28d718
-
Filesize
2KB
MD55047a340dac7d3794ac308731176fe34
SHA154e18946f7b33562f21fea096549084e8f5c9f38
SHA2566338f2b124d648bd625cfd5da5e5949abde4a4bb0708720c58428fca8a4a9bf2
SHA51211219bf1ea754552eca61f1cb56b6632e635f56855c11628406340ec7f775ac4a00d26b9d67c320fd7b97866e98571ed17b2f5337e561f907dd9461025797072
-
Filesize
1KB
MD526826e246ba2f43c24a343f5fac187e1
SHA15f1033138151b1b24a3498ffe3aaf65e67aa17e7
SHA256b7dac1f73a3bdd1481b7250435eb946bd8e5d8ac64c46cd9707bd35fa929f41a
SHA512941ea71e7d2d961d2dff32139b89f4221cdb5b922ccd1cfeaae5618e68f92ba5a48593414f995ebd183b7ca27f5dccf91266555de94d835e4433681c53665b6e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD51b3c97012fa75f86ab3f1a7029af8124
SHA191ccbb894d4d70c63e91cb453c5e8cddec369e9e
SHA25639a910f75e6c1c26842a17cd43b862737fa156c5dee1b59b6b275e46e3b4c8b9
SHA51256ab607c672760bbcd32a171a80b910308be55d7ddff404315aec8c02fa6d8adc2b4e74aa0662d91449fb4ad5174a67ab311edd173078042a71543528c6c50f1
-
Filesize
10KB
MD57a24d5469d43ed0ce0de899afe9363ce
SHA19bee35711b309435d524937d5f2ca1698b00965e
SHA2560a0a5b773b74fcfbc49398a5645b3957bf744c78a8325f026d5f9dae2a42ef56
SHA5127264a743d593eda520a26b41b6ed75c37df7b67057b2f65896175e02c09f6e2379160672bf27f9f85dab981fd74faf895e64bd8afb8c9f6c21f143e866d41627
-
Filesize
10KB
MD5fe30686166ac12543b7a39e184f9b1f8
SHA1d9ee2fe61272afd32cc22a5ec3309bc0891bbcd1
SHA2561e64fa7d3f71c57b71fea014f6425ffc3b32cb3db10d60744fae305bab27f0b8
SHA512bc7ef8f982ae40d0c629e0f805003550617d6eb8f761d229161c8bb929300ff3c0c355ca8b88aa3a524bcd0ea7d73bf186eb615f11d5cbb5694279029df260b9
-
Filesize
10KB
MD5ed90ae985dad9836e20532a971c69e0d
SHA19f90589f265ee09516eab895edfed86082271b85
SHA2569be357fc43bdb9bdeeb113ea56774b3185b7d3b5929ac2923e913b5be4310f8e
SHA5126cc1117857aed20ce35f9485cb15f1b07a7a3ab264afe42a8bab99f0a78a6d4d74e45f8014f07c6f449dac9152372b23f2c983ebe31dda00aa4467300b4348c2
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
132KB
MD5da75bb05d10acc967eecaac040d3d733
SHA195c08e067df713af8992db113f7e9aec84f17181
SHA25633ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA51256533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
14.8MB
MD5df7f7f4862ff679404fb75e887b8c140
SHA12eb3a8a88ee73810bec5163243b176ae2c7bf92d
SHA256987b557bca27c06de42e4e236de55e112f8ee17920e3d29cc8b2f04a4f328431
SHA5125380f4ecbc48880f2a92579206fbf16e1273f9c063d89350795e49eac6c8c37b36fcd1fa9a1ef127d227cb39facc8f70ed02bc36124ef6fcdeff1edc7408d341
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e