hxxp://www[.]puertocoruna[.]com/

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.puertocoruna.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528185091212100"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
4580	msedge.exe
4580	msedge.exe
2424	identity_helper.exe
2424	identity_helper.exe
4676	chrome.exe
4676	chrome.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
5712	chrome.exe
5712	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4580	msedge.exe
4580	msedge.exe
4676	chrome.exe
4580	msedge.exe
4676	chrome.exe
4580	msedge.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4580	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 4912	4580	msedge.exe	84
PID 4580 wrote to memory of 4912	4580	msedge.exe	84
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 1052	4580	msedge.exe	87
PID 4580 wrote to memory of 3492	4580	msedge.exe	85
PID 4580 wrote to memory of 3492	4580	msedge.exe	85
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86
PID 4580 wrote to memory of 4560	4580	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.puertocoruna.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdfb246f8,0x7ffcdfb24708,0x7ffcdfb24718
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1066492338651033224,4282607669434729903,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffccdb59758,0x7ffccdb59768,0x7ffccdb59778
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:2
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2300 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4788 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:8
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:8
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5780 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4196 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5000 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5128 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3232 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3056 --field-trial-handle=1852,i,12229385150035630516,11655688306203399241,131072 /prefetch:1
  2⤵
  PID:2744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1c286f31adf6af57_0

Filesize
280B

MD5
d1818bdb294eacd697bb47ca50b11289

SHA1
8a4b8fa1d91d0a34dceae6fd47172fc6b5ff2290

SHA256
608859acc3fbf4422486c2974d14e50199143bd6eefa9916537b86739e2ca7aa

SHA512
047af8b17859a77787e0bb8a1d3459c346bd10ac28c77947aca378af07efd8133d3f34aeb21987f94a782a9bf15134e10b30690b2151b4e145d8b0c276e9f42c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e698036b81cafca8_0

Filesize
18KB

MD5
2535459bef6fd5cc84d5d1e3ae5f8732

SHA1
b74dc95988d89739b9f5b379cc3bb5bcecc3b299

SHA256
9f9eb674954e8dcb7747fff2efb9fd0c7e6a144c08a33de9ffa98b4589ddf452

SHA512
b13e5f4c36fae668bd009fbd84901dae214db5e5ec522f62ac7eabe9faa70e7a83751207da177b0d9e459adb1b7d357d1f7769796f06a85a7dda1754ffbfd268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
168B

MD5
de70cd237b6d6da34713839173d3f3eb

SHA1
a7b2cbed10152bd631d9d24d23beccc96baab760

SHA256
314298e146b132b56db7bc99b222afa7ab306f6dbafc3489b9d8a41298f2fbc5

SHA512
413c4cd9b925a8fc0b20ec6a892ecf3179c3e8f71de055b56dd0e63b73ea6e0b3d14511307710bea3803e23869be44341e155b114119741a9af7fe8f0570d190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
20216a8e30441c2a9772a0bc572f4ccd

SHA1
ab9e7f06df41cf05f7f6db166d8abba2f9f8dd28

SHA256
2009ea416a467b1029b21d1515bdf41049484dcefe576cf79dbaf493d078d5df

SHA512
0fc22ddda64784d35268c98f778cbc25a9ed7f2fff7d920361928e5c99fb9d3470339e6b7305746ed919fc06968addb1e5cc9263de2d7ad771172e06fc1aab27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
bfbac675aee04b3a77f2188a73904535

SHA1
2832ff76931f4fc2e7b23e454207e6bc557d817e

SHA256
d6190fcf466b24376ae875ea8c9d275ad2610367beda22fc5f441fa88b7e9fd5

SHA512
28e5f9e2984c9fd54856e6f864db85e98dcbafb642e9b85d5394d32ccc0bad5d33a07f26d26fccfb756b0869e51718a88392055519d733781990b13ba7915e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
da0b72b4dc0630a50e3baa63e69022be

SHA1
bcb52d2c003351da25163c4ccf8fad75e65757f2

SHA256
dbf672cf38a24b72042e411f598c9ccdcf42b5d3b1968abf6b108aec64b62189

SHA512
d88851592670aa7414137a4ac2dc84d6e3c8f25647e96ccf8effde4d2159dda74505acc6b786307a23c86a17201370f0f49572c6f9bbb09ab01f625d4cc52b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
67bc8ccda7f87a3a875348c887f5656d

SHA1
5760e15e38902ac2625f5a1b2aeaf9c13c96cea2

SHA256
a64da49a89837e778df6d8f533d0381fcb9daef6ebfce1e59becf8df4d622084

SHA512
aac517414ac0454a5a5bf6c63397a004a624ff07ac275268bc90bcdba85a77f9d4da234318ddfc29e0009521422c02a20ee193504c5322eb9b25a7039d7ed30b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
883301f66b1ee2c94fffd583a92f9c95

SHA1
ad5227a976272606fd556d21605e91dcbc97836b

SHA256
b1ce4198b5edd2191dcaad6c9c6bc6a533c80fcea6633183ce9563dee736d8b0

SHA512
58bcaefcdaa8d570a73ad394e74845c12ffff3f98e1983e72d86e148179be380197cc84817832b885317b44c6845e0f54302f5a166d5c667049a56d526cbac64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
75bdb003123c1342a16c486a0f71b1c4

SHA1
abc8893fa6ed9babc878697b8e24aad39dabc046

SHA256
c3f5fa35167394c31b4163d67994d9caa278431720d0242ad61440271932d16d

SHA512
463082593e7aa5a56faadb9ba78538ad9449bb456415fcfa74c68492395390e92e419c07067efbb6a49dd83ec28a8faa74d0274e93cde4a2d34c84ff41af24af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
fff2792b7e46e9b9c50d87ed1b98d347

SHA1
f61ce72e0afbaff0fd2f5e570e7b4329c124680e

SHA256
3b6e5bae7b03ca5eb5b6336ee1d8424069a0c7347d5de05c857a35afc40d8179

SHA512
c82a3f0e592f0cdfcbf5f1f6f54c50b1c7b3940efbd9b02e9373165d4d2e74e271dfeaa89be7d8af476c5f1717d494a84a56b4362ac5086dd8a3ba09ca451bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
cfe90f623e9a15dca086c33ec31e422a

SHA1
3da390a5e763e052635c7aa12604225c298f6bce

SHA256
7c9c34efb87cd57a3d0f54a00caefe02662307fa3c8e423f1064c4c0a0762a24

SHA512
b68283494fda6273616848501a7d585fa743f65da351b3cb71722c4a50feafda7f28221ed4e557f96a2b942946a29ca9015ac93ec5d4732da715d8a771079b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c51fec7da05cba685566b55d2997fc0e

SHA1
323008218fff36d29b42793a08c0f3840ebe655d

SHA256
60a163b0630ba39e0b326b3e89a9ede6bb520373b5821c0f30441244ae34f501

SHA512
879810d3927399d8aaca74be3e14c79ad58589c3caf1582dfaa23248b38189e209faacd2de23d68734ce010c262d99ca348e8a858c1776631e285051a83c6536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
127a2661edfe7ecf021996c95605b710

SHA1
91d49797e591d1dcfbb08dd8ccedda99534e16b5

SHA256
086d90d8cb5a17bf0ef69e89e9a4364f91ceb7fea168eec2b5d9e835d22ac36d

SHA512
86e6b22a3051d2d35b6f8a0c91d7e50c81c998c7868c48622fbdc41a9b2ee58e2a0b5d5a285235fc64d6327967cf97b3c6cfc8ece7f89f80ee3d0399674d32db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f4b9d0d020b9e42c9dd3f0850b1391d8

SHA1
6f2ad34a858edf2eec92ce6ce3cbd3c1c938d93c

SHA256
5fbcd307e7679ae4fbd2a66fc4622329f35d32b9b046522498f9bdd71ec0d140

SHA512
c0b88dace803a7db63e95ec46c4b87f1b090edb83740f7c10c02f735fbf0da7451ea379caaef6ff2fb777c925480b7a6f88f2485e982cf706412de49df1e911f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a8d1abe5ff07c11a1a6b3aa866aff31

SHA1
2bb5203cf755bfabb89ffbb0fc53e253099c7c80

SHA256
c51e99d78e15ab5a708bd7192ac440f39c0c87b346e5e0e5011abd73c2865f2b

SHA512
b48773949a935ddca3c989fee3e0d0a9eb7aa1bc79cb165971b5d4d9e07ac561fbfe0159a96973919a33bb2cd0e5c99f9fe68e052e950b594546f920ccb1b35f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
45f7398a3a02fd0ec9e58dff4db5670b

SHA1
a1f5053a9edc1edb7202f62a5873436a73edb0c3

SHA256
e3129d9bb4e1d8049e7d4d1ce9baf3ae5d6e4b76f8772105d7500fb29a4446e3

SHA512
fa874137b1a8a4cb2249bfb03d1350f5f447ee99053ebb064132beccf763e271441320b3ad6809628980248c493301c4c30be76e4812f508d69863646daf48d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df87021c458ef7cc24c4e587b8b243e7

SHA1
3a4adfd1e820c8229245c86d3de68dce513d6acc

SHA256
8f6de684d09acbc5623b24148d235aa262b129ca6682125df87ddfabb6ebf1a8

SHA512
f0470cd154a9f61803176544554d96eeece51fd8c7fc2f5f65ed6b1491f27e53bb2ced4d6e014d5da602efaed896c9ad264900f8ba927eed65fde64c5e230888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef972c03997501a197e9624261fa525d

SHA1
ea50f868f2da7c6ebc90f32efbb11b9a3cfae35a

SHA256
d28d0f87626ff1a408b955d8d41b04cb073d37f671c8750d993fc890d66c08fd

SHA512
07fae42371009d0735d8606d20a9786aa94e2540c26cb7792fe7ff8a2eed42286dbdb89eb6fa24eb05c509ba74556a5b2db5438b8058c5fe87354d9aace88ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
100ddd71c779a5e2c37ea6552e1a9823

SHA1
91148da7660939ca830a8bf133bb6b709af21f14

SHA256
5428c534c629e3e6ae67fe4d8a103dcfc4469b15ad3f895534a40d2a1042f590

SHA512
1ea39ae0ca467a769dd43a65d8df5142f0f068576fe76919a613bf64f96786e1669852fe0bd35089ad8927555393048afc7c009a368ef52fa23bb2c8adb55901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
663f2418ff2939e24a307cba60a09f92

SHA1
bf0930e8adb546bcca6dfc64e7bb2d2e34cb4463

SHA256
6ff42e5d86b5ff0196bfe63a4f6e42555f7990bbfdfa7c84fa39e4b8670a74da

SHA512
b292921b29935edd8739765c7c83535fb751f803230a598ab08b21855aa423e5db93d234e97df96641a881114efa0c71dccbef1e93aa1598387306ce99cc9aee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\995e3779-94a7-436a-850a-8bd34c35bce8.tmp

Filesize
5KB

MD5
0eba5b2e3b89b8a03ee404e175c13cee

SHA1
0afd56649f986c131590ce7227457f728dfa7ce4

SHA256
bd9fca6035bf8ba99a883338a5712e66d8391a08f917e05cbca74143e9106e8b

SHA512
df9e7388a8353a1bdfb9699d74510b267e01863e4829bf2cc19a218ba3c0fbc63a2f62b0185260eccb948bf5f312cd7a1c3d8a26df0fe03669c4d6d7d68fe69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
33c69963c40b1c4dabdd4c7bcad1e9b1

SHA1
5d96e4b12fe9a18d2b742f05878f379e5d32e969

SHA256
26883fa62a11a6f7e2f760a6e8dcf81cae95cbf91c0dfe32f9aef8d979f43f1c

SHA512
7cc94e8f977bd6f8d814ae4697b91726ef4478c3b83e2a37c7000bbd9f9cb6f69521249ad38d39fb5123ec8ddca1bdea3a6fbfd7f981c8da02acc990ca317a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6812d23e30cb4cee05f1d28caf311cfc

SHA1
c094579559c7230e5f296239a4ea94945c650146

SHA256
3a9f9ca962361239fde5e0473e2cd017458d9a5dd54d9fb3f283d7dc64761833

SHA512
1475d68087949d37bc6c63b5e2d4a24cfd70473977c54d6e40cc79bf82b2b41844925ee166fba7f205332948c566b032e815d091bedeeb0bfba433223ad38460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c063ed4ff1435ca576042e9b8bb7fa7

SHA1
84265c16ffb7b86dcfe7286c45b5dd7ef777162e

SHA256
1c215ec2df0e82ab460aa5e6e33d227b9bcd184ca8ec0fdff41213fb5fab4db6

SHA512
5645187955e24d76df826950b1c0229a1d14d9850740b3584ff3b511bf3746696d6139777c77b9c512563363a250685eb98cdef206b2ab7ac88e1bad72119c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f8c468cf9196c05cb660b8a925b32f71

SHA1
3488688915f17c06aedd359265cbc0e95a3ae8d8

SHA256
1ec4890a8611856dccc658cade8fd07778f10bcc3523abdfd28996b361177579

SHA512
230975f6ef266fd1e97236ee5658395a1a06405c018440fe00cf533d600551c693e83209665e4acd206bf961906ce2e8f2ca24d2694d8939ef738c5a2f907bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d111c7a524f4638b03329ebf49e68e4a

SHA1
bac78cb403c5cc75a66495bf7b79428a0ca836e3

SHA256
4a278b36f1dc91ad78f2ab8ec49a1b22b5741e3599896973057843b1a84f2b8a

SHA512
abe02b412f8062502fb69d668d91d1504ed48ef5352a405f697412e29b6a5ba3b5518885461986ed8c1da1301f1fc9931390bc37089806cbdfd818358fc4d3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
43c2156f62a0ee6b82af39fe285f31e9

SHA1
2607ea2998511b7ccf3e163b4de7bb47850af0c2

SHA256
a452447357e3c934e1a5ce7344d6999493ba0d1c64dc51228eeb318211dc49a0

SHA512
fd096591bdd10088b949db9f510ec4ded8e0d25d4973247ff7150b19e7b7a2ab0d6ace85e7c2aaec6a64746fa35dcc8bce81818a7650002f58d862a9eae5591f

Download Submit