purecrypter | 458ef97a8cd1bcbc17760bed44765b5f8bddcce614725ae4e3eb3e194db72a18

Analysis

max time kernel
100s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2023 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LSCHaX for 1.67 [External].exe
Size

12KB
MD5

507fd3ff2f6e179dd26943c3b1015101
SHA1

3220b92de9b791ba7c577986ca955832bdd91e0c
SHA256

44403644c2944552b6d518ac015fc2097ac1bcced378e63e844309c78c8c590e
SHA512

84cd66d8705715b1b6b3caba9b26b01ce1fc9fee632a234c3ecb69eb35b7879ba39f73c05816c48aaa14563dbee19145fe3bf1733d81ca82c8d755bee8018a70
SSDEEP

192:CvjN676gtvCHxaNT/ALcGQ1hp3xR9F90mBRCXmod4BM4YQY:UxaNT/ALcDhxRb95CXmc4YQ

Score

10^/10

purecrypter microsoft downloader loader phishing

Malware Config

Extracted

Family

purecrypter

http://botnetlogs.com/PureCrypter/panel/uploads/Ppnqsohgemm.mp3

Signatures

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4129409437-3162877118-52503038-1000\Control Panel\International\Geo\Nation	LSCHaX for 1.67 [External].exe

Executes dropped EXE 2 IoCs

pid	Process
2060	LSCHax.exe
1192	LSCHaX.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2128 set thread context of 1192	2128	LSCHaX for 1.67 [External].exe	86

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230625175742.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0c28f790-bf29-4f94-87cb-1df972dc48f7.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
3732	msedge.exe
3732	msedge.exe
4644	identity_helper.exe
4644	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2128	LSCHaX for 1.67 [External].exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2060	2128	LSCHaX for 1.67 [External].exe	84
PID 2128 wrote to memory of 2060	2128	LSCHaX for 1.67 [External].exe	84
PID 2128 wrote to memory of 1192	2128	LSCHaX for 1.67 [External].exe	86
PID 2128 wrote to memory of 1192	2128	LSCHaX for 1.67 [External].exe	86
PID 2128 wrote to memory of 1192	2128	LSCHaX for 1.67 [External].exe	86
PID 2128 wrote to memory of 1192	2128	LSCHaX for 1.67 [External].exe	86
PID 2128 wrote to memory of 1192	2128	LSCHaX for 1.67 [External].exe	86
PID 2128 wrote to memory of 1192	2128	LSCHaX for 1.67 [External].exe	86
PID 1192 wrote to memory of 3732	1192	LSCHaX.exe	87
PID 1192 wrote to memory of 3732	1192	LSCHaX.exe	87
PID 3732 wrote to memory of 4876	3732	msedge.exe	88
PID 3732 wrote to memory of 4876	3732	msedge.exe	88
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 1448	3732	msedge.exe	89
PID 3732 wrote to memory of 4812	3732	msedge.exe	90
PID 3732 wrote to memory of 4812	3732	msedge.exe	90
PID 3732 wrote to memory of 2660	3732	msedge.exe	91
PID 3732 wrote to memory of 2660	3732	msedge.exe	91
PID 3732 wrote to memory of 2660	3732	msedge.exe	91
PID 3732 wrote to memory of 2660	3732	msedge.exe	91
PID 3732 wrote to memory of 2660	3732	msedge.exe	91
PID 3732 wrote to memory of 2660	3732	msedge.exe	91
PID 3732 wrote to memory of 2660	3732	msedge.exe	91
PID 3732 wrote to memory of 2660	3732	msedge.exe	91
PID 3732 wrote to memory of 2660	3732	msedge.exe	91
PID 3732 wrote to memory of 2660	3732	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\LSCHaX for 1.67 [External].exe
"C:\Users\Admin\AppData\Local\Temp\LSCHaX for 1.67 [External].exe"
1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\LSCHax.exe
  "C:\Users\Admin\AppData\Local\Temp\LSCHax.exe"
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Users\Admin\AppData\Local\Temp\LSCHaX.exe
  C:\Users\Admin\AppData\Local\Temp\LSCHaX for 1.67 [External].exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=LSCHaX.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdfc7746f8,0x7ffdfc774708,0x7ffdfc774718
      4⤵
      PID:4876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
      4⤵
      PID:1448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
      4⤵
      PID:2660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
      4⤵
      PID:1432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
      4⤵
      PID:2072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
      4⤵
      PID:3188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
      4⤵
      PID:4256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
      4⤵
      PID:4820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
      4⤵
      PID:3576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:1804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff609485460,0x7ff609485470,0x7ff609485480
        5⤵
        
        PID:3044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
      4⤵
      PID:396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
      4⤵
      PID:1432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
      4⤵
      PID:1108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11505201164480061873,6309782529252571730,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
      4⤵
      PID:2224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=LSCHaX.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    PID:4912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfc7746f8,0x7ffdfc774708,0x7ffdfc774718
      4⤵
      PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c032c944f0c68db2f9bc2541ba822212

SHA1
a829f6cf1e7f3f796eeb68ef3525d7f3d177a38a

SHA256
1b4b0d7b255a79089375c9c200df8f48c8536ec99752f877e9090af9dd8e4127

SHA512
cc22cf70c068f1b5c518a8d3302cbb5a79a66929488cd34939f7743aaa999cba091f182701cdda5872b6b93cf89d396b809b0b7f6f2d5f6e7ad1b5102623cf7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
654c4936dc351f49d1c2adebc4dd6183

SHA1
252f12d182bdec5563b473bfb06cd9e341059b18

SHA256
36a8f9fb1834a8aa5db6ecbbfd386961a28d91662635acaf3e2e594772074382

SHA512
4a2941c2ce1679e742a03efd54b81bc546bbaaf5de0e55a5a222342a28ee20588333585956e76016bfda36ff27ed124a666f471545522ec5461c67fbe44e3c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
654c4936dc351f49d1c2adebc4dd6183

SHA1
252f12d182bdec5563b473bfb06cd9e341059b18

SHA256
36a8f9fb1834a8aa5db6ecbbfd386961a28d91662635acaf3e2e594772074382

SHA512
4a2941c2ce1679e742a03efd54b81bc546bbaaf5de0e55a5a222342a28ee20588333585956e76016bfda36ff27ed124a666f471545522ec5461c67fbe44e3c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
654c4936dc351f49d1c2adebc4dd6183

SHA1
252f12d182bdec5563b473bfb06cd9e341059b18

SHA256
36a8f9fb1834a8aa5db6ecbbfd386961a28d91662635acaf3e2e594772074382

SHA512
4a2941c2ce1679e742a03efd54b81bc546bbaaf5de0e55a5a222342a28ee20588333585956e76016bfda36ff27ed124a666f471545522ec5461c67fbe44e3c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f454f1b79aa3844eb2f9193f222ed514

SHA1
19342b7071bfc72eb8deb5ae0ae2599dd744187e

SHA256
625b8bfa3fd4c39489ea4b7b3700b21575ec3d047ebc23d7d11063b0b86f31a4

SHA512
bc150789808abbc037ba5576d3e07c0c65e1c64d3381a06e7b99358b164e89874697f7e8afaf95620b484d2da9590c1278ef04c990f5df84c94c7e3adbca78d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
d2ba5ad2197610772b55ac04ff84a054

SHA1
45fa1c074c85abc9e0f1aa33f31a1f2313d5ba82

SHA256
ed0ae95ca2c2bd118209c9fe7650b20952d5e06cbcd9ac07dea05722d085ae13

SHA512
cf1c8d7a7e618c38c11545cc0d6c9f64ad6740285153e765b19cd26b93b41431c76296f5b80cb7a913da52de3d3021219db451d46496fac33b7c3565d3d5a5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
95c9e1f61438c64b2dd9329bfeb46d98

SHA1
1bc4ec3115054658fed048fafc584871becfb2e7

SHA256
4394eaa6b16500456ac210e8e8251dafeda81fe8f5250b7f4c1a9d6591a422c1

SHA512
7f13c16690cb672e4ffcb773bd22d22b6be0c258ef74a7caeab1a7a125b3f1a3d7062f66bbc70222ef7366820c55e760a0b2bd254388d1d12c2dfbe4dc5c2780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
346B

MD5
172a03f1e073cbc347cb5102d038fa13

SHA1
83a95a02491a4b046ea79fd04ccf6c5c24b29d60

SHA256
b8193a8bbd8d5c6b71977d040537ea555fc414cb3f7c2d4166e9bd3ac1ef4e89

SHA512
2a47a09a51fbf77f8b2bcc2d3e46db628d45ebabb9bb4033965b3409810e9a6c55c1008a62bfab5d3ca2a64d8b67f5c726f3682da0132738065c14ff77c1f5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9d75b78f5a049209e2390700ca4453dd

SHA1
567577d9539a3b4c16788380d0583e0dba2760f7

SHA256
c1bb013deed34b41388b2314685c805b2a8f2ca305f50c8802a5efee485a1b9c

SHA512
1e8ffb88f2705f2d57dfd07f3f1c9b3c8104519e173443420cf2c57c05f9608510bd7fb30fae59a2f71148c4e9092903d3c07d49c1bf3dd50de09fa9aaac1e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a36f1e849649b9ae9ebe762e0c3894d

SHA1
dc977936480243b26447c175e6e4a86903d2583d

SHA256
c500f155c5af9da9d7fb98dc9859b6db14d40101495d28efad061991454ef5c9

SHA512
ecd2eb2ae4f842879e03e0f74efcd4e91896f3033925380de1c92b3a8c41a48015f73664a6da4afc32ea33772f568cb5ca23b24acd61d5ac2b047c1283438780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4423e2484c890b802a3df7571953624

SHA1
d5968f1018e30982ec51146a7ba48b2b56e13544

SHA256
b8d910d80f10dbc3c9cb563da6800d909082c45a8d1f9d62f1a84571a7bc9cd8

SHA512
f6d5d25635622693a726a720b955dd190b69327d2b3bba0f1dc47555e8f2f60560ac747970ce2b2ee7b3b11cb82d8a51b81d6ac1e11d511d451dc6a8d01fdc25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d5f6e43b9bb30966d0bc507edaa766af

SHA1
f55430cdf8aac488b7e726277ff47551de8f6b3c

SHA256
26c3c700f69edb0a1ef22ad9cabc4c126967093a008638d4b9e91aea558f7053

SHA512
580548318c413a964558422b0cbd1b05cc46f9cba53b59e2818f768f8ee9f8e3838981d686b2e82f24b3b62145cb7f1240c7602adddfabef6356730413310713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
08ec5969be8e3995de1976a77b350ccc

SHA1
938c9a5df356d118c9e435ced818d217d55f70ee

SHA256
3eba1c53e369cbeee335d13b78116c4a74b4d4ca79531e89f6250324ca253b0b

SHA512
34c17b46774153ee3e5d0598d5300f2b336afb1d5ebd472b8da831f6dde0efd2137bd0a95a034c98e11953bbc9b06f076a8e25239f516bd5a46b06be37a90f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
0b39b08c43bf1bb27a14985274465668

SHA1
e0f1e6eae2041000d5e8a4d8ede4d2a551f7e175

SHA256
7ab74ffb868a8aa449d12964326654f132cfc7c1d8fd67fa53126183a95ca965

SHA512
dafc3587211acb766ceccaade7eeac095cfd6d7ffda3e43b6f19f871b6094c874c3f451c140a8fb125e422f85da5bad3f9de5ec94e583a0cf39a839f9ebdfb19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe576040.TMP

Filesize
371B

MD5
d518ea4be142f662915781ae89f701e2

SHA1
134709af9fe3e4e6ebe431e9a1d2ea2b631a39b5

SHA256
fbfc101fbae624f08624c1cc0f0d6454a2e3f60e960f37aba25b5bb173af8f34

SHA512
a921eb34f0a4381f23d943f5cfe2ac3155f89663f6ab42bfccd67d1f54d9f01c02fe60a2e1bca36911c7d4ed8c7a75b7631d94322772a7b74321a75a8d977dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
26beb503b0ee476f48c39ee49e4ff590

SHA1
b9325bacdf76550e497e10d5b2a20ae366bbe15b

SHA256
8a467f3b8b860211d0a967de571fba307e6630e3ede7b8af914d0425920c8650

SHA512
13483cec2dd0f764b1b8fee7af492b05f23bf46d6bf892f7126d6b5549bf2e63cd905ca279322470916dfbe081a18d41143393e443275ce40b98448a744788ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
51d51c3b1b4eb473f94965cccc563fc7

SHA1
ac2c54cc852375f7e6880f09df8f28f4cd28a14a

SHA256
c7fb442d9fe1f4d65f553c50ac0db7040d5fd77b9c2a3918289c293f64e9ab91

SHA512
b7add2ae942ef8b131fa6928578dc9602870c003780ed75f22183ae436685074799dbee0768689b29d44e185a4fa9bf2b7fbd63502f7cc37acc6314295c8e12b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
60eb3523c1fceee7b6e5cc7f5d4ef0c2

SHA1
f5beda29b6831e815812ed01b5a7a33427bb7ba4

SHA256
ef440901b10c99690d4beb96056712a4ca10ac84f8e9d322bc208adabdf0bc4c

SHA512
3390d682c4ae09d691a02122b1fc1579152699c653bcbb1153ed80e317826fe609bc44a85c2b10e47ae8f330c82754f89ac7aba220efa00f8f3bef1ba35b315a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\LSCHax.exe

Filesize
56KB

MD5
d2796730c44a3317e8adc588b470d9b6

SHA1
04b08f28f99b7f1b7d8ea89b52348132fe610764

SHA256
a7f260e7e744ec576155a70b77ff23fadbc6a3131b1a7b42ee0bf21dcc9a9188

SHA512
b11287f5d10511b53f978033688147fd338a106e19e41a8ae5ee279d11b2340fc8ef3f8a18db6c5af6c9caee8750b2cdba4a2122fa2d3f75da023def0dfb26ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\LSCHax.exe

Filesize
56KB

MD5
d2796730c44a3317e8adc588b470d9b6

SHA1
04b08f28f99b7f1b7d8ea89b52348132fe610764

SHA256
a7f260e7e744ec576155a70b77ff23fadbc6a3131b1a7b42ee0bf21dcc9a9188

SHA512
b11287f5d10511b53f978033688147fd338a106e19e41a8ae5ee279d11b2340fc8ef3f8a18db6c5af6c9caee8750b2cdba4a2122fa2d3f75da023def0dfb26ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\LSCHax.exe

Filesize
56KB

MD5
d2796730c44a3317e8adc588b470d9b6

SHA1
04b08f28f99b7f1b7d8ea89b52348132fe610764

SHA256
a7f260e7e744ec576155a70b77ff23fadbc6a3131b1a7b42ee0bf21dcc9a9188

SHA512
b11287f5d10511b53f978033688147fd338a106e19e41a8ae5ee279d11b2340fc8ef3f8a18db6c5af6c9caee8750b2cdba4a2122fa2d3f75da023def0dfb26ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\LSCHax.exe

Filesize
56KB

MD5
d2796730c44a3317e8adc588b470d9b6

SHA1
04b08f28f99b7f1b7d8ea89b52348132fe610764

SHA256
a7f260e7e744ec576155a70b77ff23fadbc6a3131b1a7b42ee0bf21dcc9a9188

SHA512
b11287f5d10511b53f978033688147fd338a106e19e41a8ae5ee279d11b2340fc8ef3f8a18db6c5af6c9caee8750b2cdba4a2122fa2d3f75da023def0dfb26ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ec2b9c728ed12e5737439640edb6b9b5

SHA1
f9f7d87476307b06098db02c4e02a7f4246081bd

SHA256
d58694228cbd0596043a0af35ced719d3c1b01adf91e12e58653e5e64bc22f47

SHA512
8eceab360425876ad51c2d8f028282b6e2ad402f8025fbc8e576b3b543b56b80fc36dcb488ed0168660e3056dea16ea1f1f0bfb02943d1aad29fc96588c794ed

Download Submit
memory/2128-162-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-166-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-194-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-196-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-198-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-190-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-188-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-186-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-184-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-182-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-180-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-178-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-176-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-174-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-172-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-170-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-168-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-192-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-164-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-133-0x000002B35F260000-0x000002B35F26A000-memory.dmp

Filesize
40KB

Download
memory/2128-160-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-158-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-156-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-154-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-152-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-150-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-148-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-146-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-144-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-142-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-140-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-138-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-136-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-135-0x000002B3799B0000-0x000002B379AEE000-memory.dmp

Filesize
1.2MB

Download
memory/2128-134-0x000002B35F5C0000-0x000002B35F5D0000-memory.dmp

Filesize
64KB

Download