hxxps://bayonetta[.]com/

Analysis

max time kernel
548s
max time network
548s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16/01/2025, 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bayonetta.com/

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
2592	msedge.exe
2592	msedge.exe
1600	identity_helper.exe
1600	identity_helper.exe
1720	msedge.exe
1720	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 3120	2592	msedge.exe	77
PID 2592 wrote to memory of 3120	2592	msedge.exe	77
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 4368	2592	msedge.exe	78
PID 2592 wrote to memory of 3980	2592	msedge.exe	79
PID 2592 wrote to memory of 3980	2592	msedge.exe	79
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80
PID 2592 wrote to memory of 5008	2592	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://bayonetta.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffac1093cb8,0x7ffac1093cc8,0x7ffac1093cd8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10451754341215884074,612498931287252972,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C8
1⤵
PID:5360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
19KB

MD5
99af5da82ee74e7d9502225446604614

SHA1
7deff05853fbf1528875f9c358b8a6a31d6dee5e

SHA256
031fe7ea42e0a823949190f13ab143f1d9d26fb0b22d863b582593a37cbcda9d

SHA512
7d2cec0882df88edbb4789fc14c7721f6dca5681c85919ee1f033d5cb2324f9c1305707bbc4c534e0019a2b163291edf4bd65c374e843d75174589e7148aab07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
24KB

MD5
24c1ac9e5814fdba1876bd70e65b55d1

SHA1
440f8a4de77e05a029ae06d4f500c72308285d6e

SHA256
7cf9b84f3812c9377c20ff7b0826eda7092f11f33dd4af560413a6773f3fca43

SHA512
bc848fd4ccce7a1705b2b14b2ba1a1503a6a306096ac8460480bc653a2d9d4744fe21a0a39db573d7363b3c1252c6db1b594f029c04beeee9ccb5714c80af7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
31KB

MD5
d61bc52eff32ab04ae8a41ca9324b4b5

SHA1
c48f1b0af9c70293f806292dd4314a01b7e18fc9

SHA256
59b5a882f511b31e44e6813774bfb8a56a1caffcfe828a04a7adbcf36eaaa2c0

SHA512
617bcc8798185e66e5f7407d912e68172b62dd5c9ba3a6ab7e6f33d278fcb1503e17d7b06423c01d0b0e6e0087b7376652ba91e4570d8cef68e059386addac4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
40KB

MD5
25043b3ecd7201069b59a289cfa91e06

SHA1
4709b985b6e8760e2fcc6f221b7c1d92d28eac67

SHA256
e895db7ab7ef01bced675cb3dd5e0b2093fef1d84f70b00b268ec9b8ff57b889

SHA512
e2dfbac618a568b9ba7f0c326362b749090087ffb271ee62eae8b78184936feea14640c30177e00a2a8a1fa18d64fdb3e3dab5a1ac643052d5cff9bd58ff7442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
17KB

MD5
78009b0bcd5f695070babef7964ce279

SHA1
817fb69778754c2d5976909a48525ea46136992a

SHA256
a179f5a994b7974aec4a54c2af8d07d1d0d9d2cfc66c81246e1299a5a0b1ad19

SHA512
922be73fde8d54afead642c60b480f7c2d54fda6c840cb6976b02f10d12d67df749b5af21b7e441342c2007a17287b1ed55a9dc894638ff8fe21454be171b42d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
218KB

MD5
f4632004aca8e2a6eb277454f5c12c8c

SHA1
0f8f7426a7593fa18e5efdcf24201e67db1733b5

SHA256
1c313ece8fcabd385dba9b37a873a4485065de9e7f2208606c23690473df995c

SHA512
d0ca7e534e8af82b0a7720a4ccbd7665827127543d97532d31d8257eda54cb62707589af3b1061eb0c3af654f6b280f796bc173a2376723b0372a271ec0f8bbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
205KB

MD5
c9c9e7a0321c20a8faea53cb744f62a5

SHA1
a4f7964d6df916c63bc019879e15dfd8a010c9e8

SHA256
9dc45a4308a94cc765a3fe2409e6998871eadf786e01bd0fdcbc5e354ced331d

SHA512
12bfb41ca0dffe67448d2ca50e44432d60f150b588e168efcebe37ce4f030da3161936d443735587b9833eaf506d6448bce92985c16456caa6b2b94b48b7896e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
66KB

MD5
100655c23b1e2cbdadf8919bf6f14f50

SHA1
1b535aa013148bcf8dbae70f31064ed03380f97b

SHA256
9de4c1063286a2bcfe2c2b232e45bd8947e70d941f4685a50fd9d99cc6b74fe9

SHA512
9904ae2ea00d092f4d2cad4969d26e08b1840373e6869b358f11686d109b09eebe25fbb6a45671a918e1be53130a4ca20cb5e217348a855811cc4fdc32808f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
22KB

MD5
9d53309ac2415ed6efe77b43a5a2b2b6

SHA1
31d26e32f551242c037116da7fe1f039bd1c4b41

SHA256
31e667f7d809056c4199b4204f46dbc6cd118a97530308229bbb9d450c42f89f

SHA512
25510c4cd3ac3388a1c91b5011e12a34c409f272d8f7fbec1a89cbff45f2553f7061c1f63d1a2c06f8773b885bcabd9c96501434b8905778132fffef80989476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae

Filesize
42KB

MD5
4f103863e5c8641b25e905901d3fa73a

SHA1
d8efdc1b1a16a9c58fb0d02db6b5e76da756e27e

SHA256
8336ccd564d708fd097fe5efe56355ab3358df8736fbc2a4bbda161f3b4bcec0

SHA512
0bcde6a43dc109aeae271aa1883728c879a0ae56d655b0aa98138b6e114b9b38b7e3da1a206818228643ba92fb7226afda065e60368b675c22a0fcac55d53eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e4e0d0ff03919dd9bdcbcfb76f87a955

SHA1
ccc7eeb751f8d2931dcad74d4a21fd0e22964db7

SHA256
2b4f14a2d356699b53bc270a85475eb3dafa090606ef5c38b694a179ddbdbb2c

SHA512
e53d95bac92a3cfc8c439c6be8d1310ae68290282a286007f5a3f107894cd02e5ea9851e59d29fb959e7f03efead435f8f1f6e77f41f954f5a4e50188d0b1d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
041c7fb983814b2c8c98aff08c38ce83

SHA1
d50d086b852db6f706fd62d78d9da70e882cc97c

SHA256
089e7bb2a92fe71f55f8ca32477b125f0f899fbb865af815402afb82305fe00a

SHA512
1f01f6537ca479061ccd6ebfb020cf4a0edad39d513e3fdc49e493cce66268f5a961792bc8dbf84ede45d0de204047e65c6242db13ad95a45aa6df7d19421fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7dc9596c73603410e18df07e3003f7b2

SHA1
eb5390baa50f54101e452a0f6c2ed07fc84c777f

SHA256
703f7e28aa464d5dfd8b6d5b9ee593dd6b0e421e474d62fac38263f96b2295a7

SHA512
8f15d0df9705739f6db667423ec2d4d277cd5f1c3a0ada3c8b919245a0870b4ce53bc3b56dd69dad8a84cb867ebdf3afedea7a9ebd51a44094bb803f0374128c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bd9ffced118f42ccc9fb23be9aab3bf

SHA1
d8e6217f9ec10d746a244aa92fb84b5cb36f0401

SHA256
5efb208adc70c9a4100877469e72b5f74f95e9dcc0d483e849a37776636fa8a3

SHA512
261294155e598d8be04894824ae4e6d9359f73c09c5ed7152ac94cc2000d9b11044f699c03dc8c0373d2b03e62427259a82762d511b979ee1049499904047284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
006819d8817bd5e805f12468b8e47d52

SHA1
b406b8304046658e5c263216316ecaecd2b14dd2

SHA256
2167ffa9b0d4cb404331e66164a4acb4c631f5c6da6114a439d6654131617f14

SHA512
44f03b3056d290f1fdc447762e01046460fecf523d22a989c9a165e806390f6be30c82ad62f4ba2f2865809c2e5a8e40913d45c9b6b6332aa4f9123803f54d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
854f7312f8fc6aac4634fd26ea275b9e

SHA1
0087277c6e35f9113226507e04681651a9a799e8

SHA256
ec149122ddd66d207fd041a5cbfcce6853efcd1f67c566bafcf8f07cebf13151

SHA512
851b84dd63bd4989b47c28b8e0bbbf8fbf417eaf5db798ec106bd1193aa7f7910bf59d0644fc21713c371dc305cf47805eb264502051ccfb7212fd20ff75ede1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f41222894872a62d1656635a4eeef3ba

SHA1
b34b4846afe9fef3b90f0ffdd57b02fc70885dd2

SHA256
2531a331a539d1039e56084f1e180f1e5f2fdb9c3912644297d4c2eb7d4254a3

SHA512
6d1770af9c30a0f08a1ddcc80f78722cfee7f5792b7cc909cf883edc47dc6139f77dfbcef60c205fac07c0931fb65e77fb5d869ab166cd8183a4f277eeb07b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2feea4dfe5976e05e654ce4e9f989421

SHA1
00d324d9f9229249966a0e85a428680e2ad2c934

SHA256
93071a36aa738bcb20bf39531c6d066d442f91bd978d7c8f511ba99abad8efbf

SHA512
78acc43a7c8249e3dca67ed5a3a3f3dc6e995d83686d50c471900e791c33654b084b8c7334f1127ecfd5a0574da5d73d1f19dab232ada1cfe4974f49f3528b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
adc30da078a29eb3a3c732b085d0cc0c

SHA1
7db55e179ee09c5c3614d67959973725da7c90f1

SHA256
087debccd3631259cc72ec862c65ba55301ecf4ee3a99bf928c88b88ad28ede2

SHA512
de8fac32d3f807f4fa2f61ec247417405eac62a030628a29e8f3d336e04310347149adb9f3e59423da3d01ca0a9b6a19012e6bb0eed433bdc5e3cca303c75261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b167461d4e5123f83902e08c65582988

SHA1
a915b5045d7f01534538e0237478fef32442cc96

SHA256
7d910a603da4a0d389dcf7545e1469655e2a45cb12e7ca222eaacbbd66ec69f8

SHA512
26fc5ed061c0db4cebf9a8e3adbd6fd4debe45b43df8aa222c6b34287e543881dff41f94ef5612f828738ee20516c2f79bfd0c3a3a4262b282531de5584c4499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5823bf.TMP

Filesize
704B

MD5
d61c96919e4eaddaffc9cca691ec8f6f

SHA1
44b8527397cd530466b6d2e959898a63acd0912f

SHA256
d3a5e082889d1f7c36d2ec69b80bc0af87b9e9508f9c028bbce51d23962ea01e

SHA512
dcbdbf17bcf5020b845ac62f769ae5399370403c3b9020b47424e332862c6efca92aba30fccdd306efe9bffc1c416d6ec5127e6055eb737eb9ba901340c3922b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8b181aed61d74d2d654ac6c0108bbb24

SHA1
4a65bd7d18bb4721a65b1c0baf6c48322cc6e9c5

SHA256
ce4dcc2218cfe30e0d3565af00151a360f43810fa649012bef246da0c280edc4

SHA512
07d4b4cedd62212c0ebfb7c9b20f092ea27ae5fe62c8cf26b54cbb0e31c56ae6532abc39d9e33e9e33495e6142a9f1cd23a0a713f1fbfd7f385d23888eccd0d0

Download Submit