hxxps://only-fans[.]uk/rookierose

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://only-fans.uk/rookierose

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
1276	msedge.exe
1276	msedge.exe
4308	identity_helper.exe
4308	identity_helper.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2792	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2792	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 4784	1276	msedge.exe	83
PID 1276 wrote to memory of 4784	1276	msedge.exe	83
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3244	1276	msedge.exe	85
PID 1276 wrote to memory of 3040	1276	msedge.exe	86
PID 1276 wrote to memory of 3040	1276	msedge.exe	86
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87
PID 1276 wrote to memory of 3828	1276	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://only-fans.uk/rookierose
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf63346f8,0x7ffcf6334708,0x7ffcf6334718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3344 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,428244171976115142,17906383458356562220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:808

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
277KB

MD5
cab500cc8f9df1a564defba1f80c203c

SHA1
a233916473fafc40fe8925de387d42d9c04c0ebc

SHA256
b4bffed3ae95ab154ca1e64ae74fe7280ad0adc81d3af3ce9d019a871e129146

SHA512
321f029e09f0fc99ac62a0adea622678aa83e674245627b499b99c2fa42d4da2e929cf3cc6ffae2ca0cfd15e762f1269a852014a83f0e65b6f82f41b432b886a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
606KB

MD5
7d896b61b5c5eb45e69d84342dfe24c9

SHA1
514e582260aca0edc12865b0833e49bf753c95d0

SHA256
52564414fb1423d709d2acae923a6d626a5dadcbd0ca7e41e104cc125bbac30b

SHA512
78d9d7f7128ed83ba6e29a259af1511c66783c4321d0c250a3351613bffa3fe988c98ce12221b7dbd69b539a7ddcff03dfb8fe175a7fa63212d623ce38051d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
1024KB

MD5
6c1284b3860ba6930d7307cf81731979

SHA1
b4551c519bbbe4160c39140523072304f9725610

SHA256
bf2d03a5ed63547fa6686741b6ffc1c01b0ae55545909bc32c09ba51802a1425

SHA512
16c7c0f7be64e6aac973f531d11ce169ff02bcd8655b185fb0ac311761f7c863f7df021ec948afa159a69a74e2aea816666f33127bf6a6c9ff5f08b58e3ff3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
529KB

MD5
d648b28ff48c0920ceeefc0e544ec191

SHA1
106d0b17d2bb93319bfb26a334820591b8f473b9

SHA256
bb7c40c4084528087eb34c40ae88c04a84ecdd1be743f866443e1ad2538c6abb

SHA512
e9a1619794a4dde77e04244f5bdb6a6e743f55a5d96eb8a0dfa84532dfc3cbf869d0adc40db021d457bbe15557416c6209e346433fd96ca13b334ba356b7dd0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
675a0dd435682b8aff2d0a4186b7a016

SHA1
3b997cb00fec4d7e8b4675bef408fe9adec49b07

SHA256
9a099fede39d35212d52b9ef60902ab6bca0d2ac29f669c8dd5058f4303a8678

SHA512
e931287eea5815acf7fa53a6abc40b874e3548b5849d64c3544b5e34684a39a99de9ffe68bde552b30c9051436821313bea7682ec8e80879e26bf61f648493cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e0a97701cd9cb840af659dec7d1f94cc

SHA1
efcaa0938c5718050ae156bfcdc9b7afefd7df72

SHA256
33da63512c2f80d2ab6fe0e3fdaff68ef34dc61a3c352ba00ee2cd2e9d2405a1

SHA512
236977c67d3dc8e796cb76160b4a0245985de9f56f5639434b7c2668819bb1459d42dcc21b35facc420ef58eaa6f02dccf9543628e8adf14864c28e32eb44414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
419db3b26b4560d41fe34484b1cc8142

SHA1
85e7691efea0dcced5b6bcf19e7d20dc9c178950

SHA256
fe87f3497294df65e4cd358dae57418a35008b2407dcca32096b9ec1b808806c

SHA512
8508e843f657fba2ba5c312413f1fd3a6c1020609cba84550590ad380ec2a40dfa004bf9a13d753ed3101125b45bf9d001f5a975886bcf6281232f6b509c734c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4db694a3df03636df52b3dd982c06908

SHA1
f8d22de121c0f05eb8fa47d5d811c07f87369147

SHA256
80f81ebffd34fe77e225c7bcd3ddfe86e086b43c3fcd265ebb6061f6ea50a4df

SHA512
0f1c2213428b2bcb28d5862045822c52b265933095b6e5c5ef19b95ee7364375a938a8069c0db70fe6caca66669e524ec1e893d0f494ddad95bf7a17477afd02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e45062bea467f30a28c78cd69e11ead7

SHA1
ea6e26e1432b33493eaeecd18293d4e6ae596157

SHA256
0d21e10309859035e68a9e61b99723827b9bc739df461653a85e369fc74d5bf6

SHA512
cebaf5f3c3347940c82ffdba21ca4178c3c97ef0d6fd1ba37100e329615d1ebd8aab541096de1876648aef77ab0a260f2f986e70477ec82dbff9064f478c724f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b23d3ccf6b41d9fdba710f1d4f9baa72

SHA1
1775e543dc7d26926baa0177e3d02e011c6b6359

SHA256
8d931f1d08fda4cefbd6a09f133d4d87a364b520b206ea307188f87b5e6d11c8

SHA512
f190d1b068a55c0d92523dc1013da7a7a42359c0323189ee3aa5c6163f3b32ce9b9e3a250836eb9d4679fab2f248790d2693b036afa8a084a21d7806433e70bf

Download Submit