hxxps://refs-onlineservice[.]top/newmessages/

Analysis

max time kernel
320s
max time network
326s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://refs-onlineservice.top/newmessages/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
2128	msedge.exe
2128	msedge.exe
812	identity_helper.exe
812	identity_helper.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2308	2128	msedge.exe	79
PID 2128 wrote to memory of 2308	2128	msedge.exe	79
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 1396	2128	msedge.exe	81
PID 2128 wrote to memory of 4724	2128	msedge.exe	80
PID 2128 wrote to memory of 4724	2128	msedge.exe	80
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82
PID 2128 wrote to memory of 1080	2128	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://refs-onlineservice.top/newmessages/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb0bf46f8,0x7ffdb0bf4708,0x7ffdb0bf4718
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,15256766293175910964,8808521806765085215,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0174d659-86d8-4468-872b-582c8efba494.tmp

Filesize
10KB

MD5
bfe88b54a37ce3e3fa672224d619a386

SHA1
bdcfe360a17dfbce9408d0246512a451abb2882e

SHA256
698028bda0fa4434ad0a97d0bfe779d22d710e9465682fa03d20e512d77f2790

SHA512
b60d987afe15c91f8430fe953b0144ae120f9e54b0382914ab0977ebdff7c72143737f2166177c6f4d8b88723d294de9dba3d0973a57aac0be02425b6383d690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a556bb6f129e6bd2dcfb5e29b7483f3c

SHA1
54f04d95d772d4837334739544f6871c10f24110

SHA256
c88e30f34c1dd579de34700a10a25c92e55f09b47be34ef7742a01aea47f222c

SHA512
405908519a2b51c42c380ebb160557fb551bbec0c015c7a6fa61acc01eaa32a6ae20895aeaa1879a4aea3b0cc6ec1754d30610a3e343105a0ea4350156a6fb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
20KB

MD5
3d8fb837c8955e6418258bf20d428098

SHA1
81f6b08da7bf258fe71e06fbdcda6bc31b401196

SHA256
c2e04505107f514612c7fa14570c0c47a9c45e9d8a0337639b51b5e7d06a708a

SHA512
024d80e7b997eb42726e77ce2a101687ff5dc5cccb5a738d242ced834a188334da6e8b90b845773eaf914d26e5edb3b4fd1462b431d8688adc6c4cb4520a44a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e2177e50345e2ab23971cdf61fc9c19f

SHA1
243d7553fe3d8a870257c0637b7b38c7c2b1e452

SHA256
787eeb9b18bca1e463ee91d6fdb26a0af471ec11650d232f3d47611d53bbb395

SHA512
9316f7f80cbb0dc5331398f3a3dc43060d05d4c1e61b60a01a526c877819ea90d6ca761547f86c1a67c7a8a99380c586179d047a4ed09525ca3177ec601fd0b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
8a57fade168c929e233da297e70077e0

SHA1
9eac95d5b4d1ac5ef93808f476d7d0203961ef23

SHA256
45ea0db847d2773f454873c7390dbc3373a19c9e4daf9076b9014b14b54c4b06

SHA512
47e8707ce1472f8c5a1d2d296991fbfef5bacd7fdd3e0fae485b6bbf9210299b939cd0f11ada85e2d3041d0a96c719861716739c8e8922405faa4aa91e1f60da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
055594d0d34dda876720e307d2d06076

SHA1
680d37e5d2e4e0dfc261dbc75759815d1cbb1f70

SHA256
68a2bfae7b26803c1aabab3d6a7cb0dd7e3b34dedb8b9973c254068f68420e3e

SHA512
2cf0b36052e96b082472dde6093d8ffe5a505e4593ca5fbc6007c626b0bf1396b8ae6207b1da9dbca3e969e914266f78d2416c6c60e050ed5eb2f710a289d0b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
875B

MD5
98fa9db2cb4b0f602cede5054354489f

SHA1
831e841ab16ca45a03211a18631418103a9d2d54

SHA256
a9cabe10c0b0fdad90f298f9594dec2d6bbafce20ef34374fe639775215b7b3b

SHA512
3627d3c02d123b3751b886f9e657eced8f541026b7c6cf985759967aad484007983c32d856f91764e6672e12bdad7d26387bf676ed22a232f9294a5dfff95e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
20ec0da7fbf5d922014a87daccbb5040

SHA1
66a57b3a500e303f368efae022309b9ab641d1f8

SHA256
20b819bc6255758995667d01814942404e7dceef6bd70ea0dd5c0fd0ba4fa4dd

SHA512
bdd3a9a59e7a06bc271f1883cf150f4faca9b1c53093e3ffc82795d4a1903c87071da0aa030913b812868098832cfdddfe45cdc84c9ec9ce9fa9237c10f6ced7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
211a33d7a77802f5af9e7cfc6c0163bb

SHA1
8349c6db133362a45121b555ac1c019d513cded0

SHA256
6062371943083aabd68e63c32a47ccc779b6358c622c98f0a2b6eac59f2e4881

SHA512
32a9de1620cd36b316339cc0e402f49548ce7e04e57c1b6560a1e948816ff606b52cc6cebeda770bcdf48faef7b45cb67f06fe87b1ef7a4e0909fd20f6754da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05c2184b5bee6ad1ce0d26f2e644e97c

SHA1
25e0aa41e0e50b86a9262be55257ef5ad1cb61b2

SHA256
156a2930fc3409dcec4ecbdbb42501b9d2320c8235044706fa31c3a34ec4b9f1

SHA512
d0d790d23390e6c5dfc4b47e83192f78717c5bdafc31d67bb84117eed8a4a995881e154c48d1643ca6611df10681e1bc6dffe42c381d81fee553576d1b7f00ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5f7e8ce5d60e94ef97c9d157e226c48

SHA1
3030068d3662f1b9742bc9fdad6722a767fa4911

SHA256
1161c981ed16a3fcae8fce4d5e4302de87cd784651089dd0b7e36f9da8441d14

SHA512
dc7660dca4dfb4be7fcec0d7220f6067500110071a2f1857a45ed12007b9649577072f016e895dfef271296dd7b4c9c10442e7cd1b27746e820b2ee3e2231dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
330a91ba8fe4a790d4670755089b334e

SHA1
d84878eba8725dac9310a97ba4444c17ed6ea2e6

SHA256
556671e1289a2cf2e092f7ebf2f9cc76897aca0f77944019936daac457d14e36

SHA512
9ae5c188808c4d03bcda8373ce8a85930680545865ef2d5f72c561d58523ab36ef97b3f491931935884925d3b557c9cea83029dc80741c55a66744877ba3d164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3cd4fa497f9a6cb51cfb4830840a081

SHA1
2a57a2a834ec5a08b922ca679e06273c4a9270c8

SHA256
4af9611a950de28aed579821e9fa3b98be1c7622d443262062c374e755c2fb7b

SHA512
bc39d28f71c5a0f36bd70c7cad533860577d60601d552eb96661c9dcab5456eb908033d89cd8f480e4e59cc05fad4bf453dab251f4cd7080d3853c55e9337ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
aa3db81e5ed16930c40f0a83dd947008

SHA1
594657b7812f4eb6b515b885f6004c366f38d1cf

SHA256
becaf8dcc2fd6c3fade9787edc3848cc901fd0690a4b9e1dd29ca24e1449bd71

SHA512
faef7417672e0919285c95e480226b82d7272a5057ed8342557bd995631d5332f497b82ffd1f5577d37e8972ef4b30c6441974b2197df1dc19bb1a4cf907e4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20e1651fe00a64b8d24597c4ed390a93

SHA1
d03c52bfefe68470d5056416c462f5e8352bb8e0

SHA256
12b6b1ea5da66b20ab0f11e34eef612fc99b67479167db8a46c75f0e4bb2150c

SHA512
e09d6755a25617eb0906090e08a7b9adabe8b7fae79be9a5f31be446c384bb93631b72ffd694fcf47160a33b51cd085efad29856dc1e1bc141469498561a64bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59478e.TMP

Filesize
204B

MD5
0507f5f6ead08bade4537076f52bbc98

SHA1
7cb1a116efa2e76357353d9bc791af30f3b2ac4b

SHA256
843bbad342a4a68af7846b7a69fd1026341e28afbe03409ec2d27239f1f5c901

SHA512
897f1c8756ab7bcbee5fbfba490fcf4aeaa5eb1bd97f5efee7cef1a3fc693f94d892bc289a54bcd76deb4115d3618f3385f51a364c38281c0f24ca9e6b90e4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e6e99fcd7b7266b70feeaf27c44056ef

SHA1
37b5a093adbdeca972e411378d5d0704ca85daa9

SHA256
e8c1574ce6164e0a224cb2fc55641154d4d2f1819ab1d5098f97a78be8e77375

SHA512
a7990c5eb5c67b4ad8fed04cca1115d77bb40c8810381be7e557685431558382db90b88f690a42b208ea658ac9b153ee45298806548e628aa45e7b41751a5394

Download Submit