hxxps://pcapp[.]store/?as=coinis&ap=push&offer_id=558&aff_id=305&cid=d2MTw1atCO1ON_tLqlIBkgsTyGudWK2d&sid=vvESj

Resubmissions

01-02-2024 11:00

240201-m398labfb2 1

31-03-2023 21:01

230331-ztw1tsdd64 8

Analysis

max time kernel
1680s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2024 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pcapp.store/?as=coinis&ap=push&offer_id=558&aff_id=305&cid=d2MTw1atCO1ON_tLqlIBkgsTyGudWK2d&sid=vvESj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{BE440D0F-6A07-4718-9F02-A8B624E13C3D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4372	msedge.exe
4372	msedge.exe
4092	msedge.exe
4092	msedge.exe
2696	msedge.exe
2696	msedge.exe
1672	identity_helper.exe
1672	identity_helper.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4092 msedge.exe
4092 msedge.exe
4092 msedge.exe
4092 msedge.exe
4092 msedge.exe
4092 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4092 wrote to memory of 3672	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 3672	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 644	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 4372	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 4372	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe
PID 4092 wrote to memory of 5088	4092	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pcapp.store/?as=coinis&ap=push&offer_id=558&aff_id=305&cid=d2MTw1atCO1ON_tLqlIBkgsTyGudWK2d&sid=vvESj
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe19a346f8,0x7ffe19a34708,0x7ffe19a34718
2⤵
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
2⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:1120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5044 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5008 /prefetch:8
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
2⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
2⤵
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
2⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
2⤵
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
2⤵
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5919441877604851219,12300545936405062846,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1804

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x2d4
1⤵
PID:3548

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
18b7f201ab39802d5567afe1135dd05e

SHA1
69db3c755c65f8d04c570ee1c711ea2064811b2a

SHA256
7f562ab70de184fbcdb91c05502438684a8704ea09e8bcd97b5aeab2b302fba5

SHA512
cfa97c2705a2efab6ac385b5844893e96d1cd53b9626c2e65a6f868a4f524548ed9635acdfec892b7f074d768e95713bc3455ccd9420666abcd3e51c5a561883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
81677ef9e83d9fff25112c15c6fcb900

SHA1
4a70b5d22a31c99f6c2ba4f8d759b33c0a019a54

SHA256
cd1d26374f37396adebda8c6325349271a975c825b16c1faa930052ff4255330

SHA512
8ceac801983c09619ebb609319c17ee86572918ae7e17e16dafa161e091c7ae0984e5781f34ca8e623daf233cbb7867891c7613528970f6f2c45eecba90936c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
27e075a353fbc22978010f4bc370a511

SHA1
2516f1dbebec6c14b8bbc8b0fa26b716897fd7ab

SHA256
a4c4e114e7e1d3306ec65408a105f33807525b0d63e8974a798d04a301f4f0f2

SHA512
6ef1dc9d8f4de84512f59f3b1ee32673d411b11442799a28914776216d0f1180553a51cbc9c1a710d3dbe754efe9d521294aa308c3173b3a88c0063ef9f6b434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c906db8b56a5843f3b73af2ba07b2f49

SHA1
937b466205bf1feafb2bfb337f5d409878d7c2df

SHA256
842dda498a2961cafd8250c99b069ab8d511a9fe68c181fa0c9679ecf7ac186c

SHA512
46f5ed7e433bd835ded22ae530ab1e3e1ba37155e224ab31cd12c236e2d5fe2e2ee1f9000a13318686eca215e3adf428de014246ac0a683bc8da064f8a952594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
38cb09d2ee8d1ec821c34a8c354c84d2

SHA1
d8dbba02abc854eca750e07864096e0d9ab9c56b

SHA256
25b9f5a73b7e47c143f5c0a00624f29393a80f177ce04f87d9125b0cb0c0fa76

SHA512
1d1845d375de8bd2048341ac94dd9b9f73794631454c47106e5b7ff8592de9477118147ac975237a53fa8cc3c848a7301a29de46a3d959be7f3a8920a48bc12b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a421ac3dfdd9b04d74ad69a7d6241b82

SHA1
75504127f54e524b89b319377bd6d38bd2ad40c6

SHA256
f08ca4a6e283c36dcd37b05d1670250274a5c56b9442fb604600e126d867dcb6

SHA512
75eec353faae115d0cc917ea1aa1770484a1b3b3ba4d6f72a65024c925fe60eebbde43e9544e357d4fd8efc3f8b1163f1dc38edfcdbd143e1139198e65d0fe31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
c84516ee1f5b36df46d45ebfc1f47729

SHA1
e1cd8d8f3a2c90e3d02818eb35decb4a348ffded

SHA256
2e285ea400b261301598c504b6b41bd805ea3556ad7bdffdb3e3bc173f99a0d6

SHA512
dbf1c29a8f6f2f5fc0d13d8c0bf70aa4b4cb4de441883f73468a141d8bc3fefde0048b6d3a44bce6bbe7b13bc3719348bc291859ab6e9e8d19758067da0c49ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a940.TMP
Filesize
538B

MD5
427f4d12d5964e9acf7b40cea4f9aea8

SHA1
0cab4e9b225f6f330f789b0571df79e9bcfcac6b

SHA256
7b5ff6a50f5cc8a3e0646b44661662eb7ee9adb597459e28b8b9abb3cb79eeb7

SHA512
ae3a4637e65c66409e8e69213ce9e10ebb3b2765606ee2d689beaaf214ed46aa4bbe627a86ac3a46ca52122d7fc351524680aec5e32c76358afdaa20a2f97d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
deb82842a2eda3ad7d7042e3d56680cc

SHA1
a5ae0f24b7bea428401b4cb2f378e5f3e9d5cfa1

SHA256
44e12d37087f07e57e5cc54d13d6469f7a909939bc83a4dedc8ae3d5c543713a

SHA512
b1366cfd63871d7ac2f235ccf45420521a8af49b4c69250120b432436cd5172e09813ffb6bf03ad3939a7a6d5f6a5c66d9504ef0bcade4b659d7906165b9727d

Download Submit
\??\pipe\LOCAL\crashpad_4092_NIXOTRIYBSKAKRPM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit