hxxp://laslpasss[.]com

Analysis

max time kernel
959s
max time network
844s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25-04-2024 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://laslpasss.com

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585182109787167"	chrome.exe

NTFS ADS 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\LastPass_v4.104.0 (1).exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\LastPass_v4.104.0.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exechrome.exemsedge.exechrome.exe

pid	process
3120	msedge.exe
3120	msedge.exe
452	msedge.exe
452	msedge.exe
4836	identity_helper.exe
4836	identity_helper.exe
1060	msedge.exe
1060	msedge.exe
4568	chrome.exe
4568	chrome.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
4568	chrome.exe
4568	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exechrome.exe

pid	process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

msedge.exechrome.exe

pid	process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 452 wrote to memory of 4900	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 4900	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3808	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3120	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 3120	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe
PID 452 wrote to memory of 2028	452	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://laslpasss.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa4d703cb8,0x7ffa4d703cc8,0x7ffa4d703cd8
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
2⤵
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
2⤵
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
2⤵
PID:1764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
2⤵
PID:2760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
2⤵
PID:1016

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
2⤵
PID:4084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
2⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
2⤵
PID:2632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
2⤵
PID:1708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3528 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:4080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
2⤵
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1520 /prefetch:1
2⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
2⤵
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
2⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7896226056804272675,16462407834227851796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
2⤵
PID:1132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffa3be6ab58,0x7ffa3be6ab68,0x7ffa3be6ab78
2⤵
PID:3940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:2
2⤵
PID:3124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:2352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:1
2⤵
PID:1132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:1
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:1
2⤵
PID:556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:1052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3880 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1488 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:1
2⤵
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4632 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:1
2⤵
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1468 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3344 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4952 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:3788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3316 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:3284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
- NTFS ADS
PID:1572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3240 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3896 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
- NTFS ADS
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3164 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4356 --field-trial-handle=1840,i,12692256035664817861,3683789993964425702,131072 /prefetch:8
2⤵
PID:244

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
9bd21f457b8deb19be16e9bfb38ee53a

SHA1
f2e5c18cffa1fbecb8764b42cf1857b101c86d4a

SHA256
0c26fa9805e67eb8a49337fd4f6a48e772cbab22b16f1ec3b5d6c79c96c340a6

SHA512
f3bdee54da8173bc5edb95b0c3859155635c63f683ce737d539c34924083f5e7dd1aaa9de2196944281505e6a0b9c4909fe5fa1d03c873e319ea81fa92892bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
9a420730119a208d4209d21d4d7e2e8d

SHA1
c543e530e7078dc0bbad5fbbf7360098f4933438

SHA256
5b1c99b7f10e41e9e407be8ede149f24f41e0e632d99444a0c5c1f52100c347c

SHA512
d269d173c422be00193aae90238be75b9ef1e097497ec6bb89e1fe3cdaf27778a6a3d47fd40febe9c5d4f4c156988d15ea1b4770b1a80f889f7da85e046e9656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
34517f040225f0073feab06a9043ab01

SHA1
15986ecb30047623b211a1d62500ee522fa0acbf

SHA256
b21204203c4df9e26fd45713c6f0bc06348bdbf71a4016e788a01e453000daa9

SHA512
ce0f70d12fecfa3bd05fe8e3605167e5a385f83388174089136171af7afa2ae9b7f49c67c9f3d52602900123d0dae780316dc174f58f13f16f0021af7c1efa10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
62583ff919d8c4f799e5dabd0f661459

SHA1
ad813eb199ca4847e9c29e3f84bdbec1b3496afa

SHA256
09be9f9c5ba3dc958f32fa835de9a9b5e32829bbf510b4b31c11a4b812b2fa54

SHA512
0db23801745d8add6d1a205d064060ff0e1d8ad789752fb9249cb7055f561896a7afb34b6ddb8c1861dc44ef55adf5e640be8194b3f52318202389be9754c7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
953fe03e7fa79a26764a2e546ef97a21

SHA1
21228d78e0d66a542f0e2b1f81ef49ef8714d3d6

SHA256
5577b85b480cbe8a5dfc73b61d9d820eec0bcb99d7e9fce733eefbdcfdfd40c1

SHA512
1ac072a0d6c743adb316f3624909d716e2651c557cce94ee67b4751e2721df7185d16cb1c390fe52c256d38f76e63130ee7e2e94bfc0ca7b578f190c7cc585b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
4b63bc0ae8ec517bc96c768645561804

SHA1
9d17cf2a455d8d16129c6efc273a70538309e851

SHA256
479ba41cb83a35389db37787853a6e3a93db3f1224879268544dddef82bc8fa6

SHA512
68b9185ed207a378d24de59510d4fe37cb62f0f4b3dedf4fedff1955a59666ec989af5eeb955a03a522fba903a5850396287f62314a56b7655375960156037de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
282b01a2f6b04ccc360302ae3824fd29

SHA1
6625c53c2f881f99cb0e55d33a4802b3c0dd5e91

SHA256
c0e228330bbc968c731f69318d68db58bfe7d39bd3ac6d4da48c26e8c454a190

SHA512
7b6692c669ac62b1b89bbab57b8f25a4a7d89ae9251ba21a97e7811ef7ea023116b9e430931133770d33bb0232313b2a41b6731232e8a10c7eb86c63c88723db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ef5ef26ca94ed555320fd4c7dc168ed2

SHA1
055a7164a9db5e65b06c42e6837e26dc8eda4687

SHA256
e610050be2f5e1cb5852e28c7dc124a026de5d6ec5064302c5655572bc30f6db

SHA512
9029bcbd5be988f1430995f72f05090fd35c4c06a7328c25a4643018e6dcdfc7120d8e3e3c14fb87ef3bd39deb22b6a72cad344fa58011d72273ddb9ee45d413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
147f7bf663813fd50750e3e95868fd6f

SHA1
4c8ae06a68fae25dd6e50161aa1d46d59213383d

SHA256
efde396e0c19d79d483902fbf757e3e3c88feea99d8256c0b42928bfc056439a

SHA512
363f656dacb8c9da9b90c1a2ec1f0ea7815697b35a94f781d209e21de6460643887ead7818561a5ab4aa607438247e7d9717b578edc39e8043ddbb6ab1972337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
be5c5fa5959fc1bc0bb8b6fb46f98ebf

SHA1
ee84c289589a42816e212d478565e3122e2baf4f

SHA256
52a29be377099661c215853331d0cecb88d61c238f6a4c0fadb5c4f757a9068f

SHA512
5ee23f2e924b0f3d5c8bfd486dd0ccb2ed97a1810b153fcb560f033ed3909175b64ec5213142c2834217ebce48de99c07872097db9a1b1f5a69043843b629f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a343606729472b26899be88036fbf7e9

SHA1
f45b09bf8dd48e71edf1268f5959bb31bb53968f

SHA256
d73d7b4ac40652f7f183989271c6817f5a434daf66728ec3ff56d09780035378

SHA512
d5a394ec480b9b596679caffa6aff5356103288bd9cda748b08dc14186b38cff428cccf61b60db93029e879000338b3fa083e17707988a11f1ed8e2a674fe046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bea9821b-6d1a-4be4-8d02-ad68203fde8a.tmp
Filesize
16KB

MD5
09f627c3cb91f39912e27f0f2cbea20e

SHA1
9309e028d004177bb38ffacd8f74e7066bc38f1c

SHA256
5be6e94fba7c22e24a1f21e627f9d69e46f6f094d2212910b5641cdb61303002

SHA512
0a4cc56594f5aeae5d30d273856ffe72bdf704034cc1fa10616655c46c83f303d51b90387aa7ecf2f70519b22c3c98aa889c3cdcae18e09732bb99f670ee424c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
1f51ea483161ada4dea31211524f6d81

SHA1
656ca8a3209157049649c879080d0f83d8166d89

SHA256
69ab9267270248ebc392a81bba329e930775fa04ec5ad492264df9999da10f2a

SHA512
801c1726e53fa62e1ba5db348078ecfa7490a8547ff664c5095274349e6c18462faa5f52c74468c241008befe601580c124d471b4b1c63d3b99365f02a4c30f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
a4c754ad234ea494da552cee4a350717

SHA1
c51b35e04be5aa4bc65518731c51bfdc0dd1caa7

SHA256
bc068132d1418b25c9739a59c03c6d199f66a563bb08275fd181a9ab4fa38620

SHA512
70bfd82ade55d478a1b5a4372cefe4cbd35bfd6d9a534aec97f013a28b40a0263abe119132d9157c615dbe547fc3289500bba298d808e9d2cf3fdc42db2fa74a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
285KB

MD5
e17d130e9ca6b5ffe6f5a156a2ce7b80

SHA1
8f2f354e2ac0876b83021cb69b492e3ce9faccd9

SHA256
fd682a93d2b89898f263f0d55a88d9c94523642135580035891aad1b600f7e90

SHA512
947ccc1cdd1cfbf45276dfe97f5fc85879bf27bd7004298410fd5385805029605e7a4bccc3a40d1a27b91ec28e7855526c8015ef0b93f55dc1458256bf485589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
521d91a000a98ef6dd4ff57e415be8ea

SHA1
2a96c98c068771aa72affd82e4b53f9d8db21b3c

SHA256
9488d025005cafdb4deb42b0868207e26c24e14cabe7a1727218ffc54fa2026a

SHA512
10a44ccf530d87dc9df847d844010b27dc55cc62a6325c206fd6f491a7c03e7e65fbeacdc01111a1d4531ee992a0fbcb7b518dbfee5c2072b2296d0c16269d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
f24a3f44e99c987ab0a406f53b52a0b9

SHA1
1ad3ce4f775bf7921ec479d091151ad63ec904d5

SHA256
6888960cd675798c77e68d2773929be7ca77e01038d0001696c613e18fcf43ef

SHA512
a38325ac2a9df69fb2bbb4fbd3892e21624d8a277faa84f96e93c238066d34e59abc02f0d4f7c3dea1327e8150a508fc9a1a092bfeae212643adda6392b66047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
86KB

MD5
9ba4780740a4811fa1e5c28678fbac60

SHA1
effc68f5ba1e20094e2e99483356c15878bf8948

SHA256
864baf5682dc66a7b8b9a003b365fe2d85568461b9abf4743b9312a371eaae8f

SHA512
5999d72d7f129fe35745cada23d788b549d234a5f03adf164f1523c165443eadc6413b3d359603d920c3b421cbcbacdc5bfa65c1e04e2950cc950cf356312e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59cb45.TMP
Filesize
83KB

MD5
12b92c42ce728bda24fdf16d8b6ffb8f

SHA1
1d7d6b5a5661c17974056c2c4908ab993316a79d

SHA256
5593ae407dc44ae2ea902f947091fd5dfc2a9e6b6257eca4c235156dabb665d5

SHA512
c51d86b64a76ba4400080655aab1bbec1e34877c710a26b5e1fedead8838a231f8761b2afff90aa0b6691653ef0f13c0f6dc7e3f6fbb8bf923a9ef076ae9d189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6e15af8f29dec1e606c7774ef749eaf2

SHA1
15fbec608e4aa6ddd0e7fd8ea64c2e8197345e97

SHA256
de9124e3fddde204df6a6df22b8b87a51823ba227d3e304a6a6aced9da00c74c

SHA512
1c9c9acd158273749e666271a5cdb2a6aebf6e2b43b835ebcc49d5b48490cbbf4deddef08c232417cee33d4809dec9ddac2478765c1f3d7ed8ea7441f5fd1d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3e5a2dac1f49835cf442fde4b7f74b88

SHA1
7b2cf4e2820f304adf533d43e6d75b3008941f72

SHA256
30bd1e1bafb4502c91c1fb568372c0fb046d32a4b732e6b88ce59ea23663e4ce

SHA512
933ac835894ce6cb8aac0261153823c96b6abec955173653dd56e534d644efd03aec71acb4f8cb0b9af871962296ec06cd03e570a0ac53098b8cd55657543786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
630B

MD5
c327e8099dd8f7e635b197144ab6951c

SHA1
9f43bd92c6678abb98984395c56cd4edc30e755c

SHA256
951aeb0fb3fe0ae2a26c3a201bfa47eea8da5b016530ed9b86de8a537075d63d

SHA512
450bd5df6bab0cff0a5b28a7662c9ec53d1fb955f1aec10b57389fc8a1a1fc62daa4869d6b770a56126c0c6e9dab51a15ad9298e49edbd568853828a44e4897b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c34c925287494fbc53785821c1857a2b

SHA1
05bae16d8f71fc84bf228da11940e352088bdfc9

SHA256
5f9d86c1effe17f8395678be34e932826ebd5e2683a443637393ef7519cc3c4e

SHA512
4490d904e515da39231624ff36c5dd38c98a44826ae0bc906495fd28fc6e515b9bfbb6a0623f7e4b42672afe5b464081a2ca031d0bfda6195ab9e353492b3357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c67eba1d84678e39c1e3df7bd4fea325

SHA1
0e69f2e5d117f74af22cf03068e5b6de75e96e8c

SHA256
ea121364b9bd34fd861918c4594e67e1728af2fa5e4be19d6ddf1859bc0a9807

SHA512
9b080090c43cd9d7eb480dd318cae0837cce309eba49ab196329abd07db0bbd740881f07e9a0474e75e81d4e8f0783709765ce4e2a87816696ccf5c4b6450fc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1b050901aa25c6a04dd38f1ac4f2cf52

SHA1
6d71e754a32a523b6f3263aa7544bccfddb816e2

SHA256
5b884a9fdbde493f3fe5c733827a2fb73ea4c460260efee8f75766116b176584

SHA512
94c468365ef675f8609567341fd57b981771848ffd611005467d7d5776f854ccd37dca10b8d772a8b03d80874e9261000203f82660e0e9364c5a0877c8088e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
831157cd0c844c804679ab4400cf1b2a

SHA1
d0c5bf73b751cf764009c158ebffd47588b8e428

SHA256
3ceb9036ef2df87d925352322730cd8a5275a7e70fb6bef878a411a077e5ae4b

SHA512
e24c91e4a70ec9ac1db2c5ea5554d624f82b32a52fa7a264fd9dbe13ea2dd33ebcfd1dbaa4e78e9d3e75567c873f01f52a6843e4faacaa3e02962f1acd7250fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8045280354499e3b8687925182f1fec2

SHA1
387fcd5c2b43fdfaf0df8e47f1e424c51989d671

SHA256
3a8e9d9c30cb8a4db5c6dad4459d940ab5bd4f8f46a3240bfc5ac948fc1b2191

SHA512
31899a2da991f260fb601f8ba77ee61b78240908d573f791b663ac89f8a933d72503ab72a3fee546c5181a4decbc4427ca521c9cdeba66b9b37df8221101e635

Download Submit
C:\Users\Admin\Downloads\LastPass_v4.104.0 (1).exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 274520.crdownload
Filesize
2.6MB

MD5
e4d5e546718bd98f87643096eb217f26

SHA1
a22759527b4f9129eaf2554003c58893f686b877

SHA256
f9a16210aebb465ac22f0766101b1e79d3266d458baa7b75e7a7fdb4b814692b

SHA512
1a4105b41af0a3e294abe538c59f8e013914bdd6ee21319315d8b81d411d93b7152f010558de6fde0e2f59c97102204c37fe5b4c8ecafd63098877e5cb1b0914

Download Submit
\??\pipe\LOCAL\crashpad_452_RCOVBJNTWSBWRNOS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit