e4606439b649d4635746c9a408e78492759398c12b952df2574ca871740002ad

Analysis

max time kernel
92s
max time network
100s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10-09-2024 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PhoenixMiner_6.2c_Windows.zip
Size

5.3MB
MD5

c90c586712ba8196c3471db532c139b8
SHA1

b62bb4774de51b97978bd389dd284e4d636ed950
SHA256

e4606439b649d4635746c9a408e78492759398c12b952df2574ca871740002ad
SHA512

08cf479aa03fc53d698b7ad703f9e09a5ccd57885cd6613526f9d0b7166bd4fddb380ad03be870cae61e9be41894c9cf7b1dd936fd99a1c4f68e01df6077553f
SSDEEP

98304:5+WELtwI+x88/G6/bv2CK4Xo7/qnuu86CESMcgNfXTm9j7jXPjPgxm22YaVI:5+WDIgHO6/bvlkXuHylc7mpExm22YaI

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{1E8ED1BA-D72E-46D3-AF56-BD71A1197C80}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4276	msedge.exe
4276	msedge.exe
2336	identity_helper.exe
2336	identity_helper.exe
4360	msedge.exe
4360	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 4500	4276	msedge.exe	85
PID 4276 wrote to memory of 4500	4276	msedge.exe	85
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 2544	4276	msedge.exe	86
PID 4276 wrote to memory of 4736	4276	msedge.exe	87
PID 4276 wrote to memory of 4736	4276	msedge.exe	87
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88
PID 4276 wrote to memory of 3740	4276	msedge.exe	88

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\PhoenixMiner_6.2c_Windows.zip
1⤵
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e5303cb8,0x7ff9e5303cc8,0x7ff9e5303cd8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3832 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,817088598092361878,4259262349821623243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c58f98ad9d98a74f594eaea68efec384

SHA1
589244ae45fce3b5f4d0d07df7da5e656ce4b4b0

SHA256
3bebf596ef778957e49d4838ee7d5633401435bf2dc30f9380845cd92e0aab98

SHA512
de238e33bd60a05d4e3ff5fbc47bd7f8142bad28e6bb8b90fc89bd09fb77e229de71cafb2c4787d68f8173c330b896c14ac67c8a68d87c1b48550a241f25537a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e1a9be24c510e9832865b74fd044e343

SHA1
cbcdf45bfce7d35d447d873701ff40d93e297e8c

SHA256
a09d059a63f88606d058f3eb2d9171f35747fa27add845d5194c4e9a1bf896de

SHA512
817fbb1aeff0820c56b45d6559739223e0f6b1647e20b420e9ee20c35389225f04412c1eb420f1c7cc1a735a7e66839a53d0cfd1c2a71e75c0f8b33ba87e72d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
211dbda6ed0252cf2f21208ddae9fc0c

SHA1
84a656f0b664da23d273abcb9f6d00c6e13a3cb6

SHA256
576a9d9b2323cc90954a2d2b184a46721d0c703b08156b675eae8292c2e8e776

SHA512
eaa3dd9d48aeeedb5b94cbbfe72241ef295963e709f0e48256b89360fc7fc19ee57503a8557b9dd13429dfad29c40b1a22cd40c765dab43605f8f332e1405d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6c650ea3903fb9a5d313c624ec4dc7f4

SHA1
23215b2cd45959aa56399a4998df85fc66d7c7e5

SHA256
a87388b298dd2f82932cf9c887b1cf7a881009f5611d2fda9c63643ac27fd838

SHA512
917bba3266183da77425b2d2b95bdbfe0e23e9911d2a56b18f1c541d460696f045710bf2b6b7567cd4b33cedde495d4a92ef12fbd18b02de91918336628f0cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e0f909e51344155ce8e067bf59546922

SHA1
3420a20ab5fdb40b209c8adf05fffb98edab06f9

SHA256
5911233618e3dcc8ec039d49438e20cc6286d5703327524486deaff8b7658c6d

SHA512
2cbf9b936f681d2b9438d37c3cf8738af5b28c07cb0f2e0689b75849e56bb7286712e7360e4a90d0e5c7a35f69541e00386c72e156ae5b1b11042b93a46a363f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75378013743aa7c5563b31b6be969608

SHA1
2f1c9932c6c22567c3bd40d5bef93e1b748a8d23

SHA256
e3f028ded17f2a8f5b7decb36a2d7964ad33bd770491d2a9238c9b0a3a7dfb06

SHA512
cbcb044049b503505989348ba99d55eb0b9d8858b0491e3dfd7d292aa4b991136dfc9dcc9d47f825078c5bf6b266ebed2a10047c55064d28f47d7a7fdf685a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b16213ba4007d48ba7742db27612c4b2

SHA1
d1d4636bb0a1d4b8b10e85a45976f57fbc8769f3

SHA256
cd64bbc81c6112f69393ca9d5e9e1555d6272511ffbc4b825ac983a07681ef6a

SHA512
e91c792fd53e0534583b0f3decd084a8822d4d1fd2c9823567d9f593ad62060e0c1505dccee56693301d561efecb626e100d5891f106e6965551813253479c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8327c14107ea1fcfc0da9aaea34f776c

SHA1
1bc1fd2279a2c7cba1ab3555df6c52acd662d6b4

SHA256
01f7f456cb22ab8965517f3b8295cf526dd2b314dc661a95f16099ae9879ff2b

SHA512
ded8ee61686501318b6e163893fb68566761c1c34314841a183ecea995981de3001f455adf2234a2fbf4b46f31e4c21e059d4b06b308b1f4c8be4fa91d2e0c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
71afeb29b3444e65f049631741b5172f

SHA1
60428d6b82c22adaa29785bb6699aa7485c619fb

SHA256
91a9976038ef1768b0fa6bbdf796db7dd8d6060aa36ed84958702067906b687a

SHA512
3bd41b27b9a8022dd5c6dfb5dd66a42f08b0c2f3c8f5b24eef13c0a0f8e62ac8f04c425727d5fd9b70deae53b8be9bd444efa18f7fc501a9e327b71f3169332d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5815e4.TMP

Filesize
703B

MD5
369f7b4fe6334f46c5421ce686439831

SHA1
5bca7ce4bfc2f38ef3f9339298f4e863a526b848

SHA256
4707ef9c338cd050ed8e65497f4a0bf4521c5a7e05e2c8df110cea50e60eaba8

SHA512
da89448edc5e8adcc6ff7c4b4e4739ab2ddf9f0cafccac85c078d23e816757b2b3c1d362f2c0659eaafe59fc23544c7d1905cd45916dc9b99511f4cc23dda7f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2d64b2d969db82622e78a64f776f5091

SHA1
b3104025e964c08babb0efb7102c05e01e25390c

SHA256
d438d76e3a441249be168c826700bf0f85f62bda955b959b82a76883de0496cf

SHA512
b0667d01a0d159a412d35fe1f22b2c75603af44eb1cfa10a5ca2bb5061805fa17436526ae8ab58f0c65f0d3d2de3cb8effdf8a9b9fc131001ac7b4c850b8c01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
20077e7191d5ac2e5990a44c99488e9a

SHA1
5a571649de28f4d925e7d5b8b742811e2a907274

SHA256
2a3e5ff1741f17010aabdc60551121bf8dae046bfbc7ff77099f58729bbfc270

SHA512
9e315c465dbdb11b0932c2f1637d4a9587c68ee154904615db94b82141b9930ab33ba586459a18e9e3813518846d1f3f667be415c301365db85c9d8add289107

Download Submit