hxxps://tf2refined[.]com/

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tf2refined.com/

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
992	msedge.exe
992	msedge.exe
3996	msedge.exe
3996	msedge.exe
4580	identity_helper.exe
4580	identity_helper.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2936	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2936	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 4788	3996	msedge.exe	83
PID 3996 wrote to memory of 4788	3996	msedge.exe	83
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 4568	3996	msedge.exe	84
PID 3996 wrote to memory of 992	3996	msedge.exe	85
PID 3996 wrote to memory of 992	3996	msedge.exe	85
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86
PID 3996 wrote to memory of 2860	3996	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://tf2refined.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff697146f8,0x7fff69714708,0x7fff69714718
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3233578301502096604,7280880851854823281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
49KB

MD5
81b245afde16e6fffd8916f6a526b2f3

SHA1
9c592cd0b5d05e2dfbb08c6332ba0ab198acfc0a

SHA256
652b634864cce3172cd8baa9d1e629fee4a4876f9ac3d609b66c702a75a29ba3

SHA512
3c2682f92a114d31c6e0a3659e6d3a62a429bcb70915adf038fafc0bbad2b67c991aa6cc79a1d0ac91ae74a122dd186de43c9f58b1ef2ed4e359a1b72344953e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
88KB

MD5
8f5d39ef8caf02067a6c9e62b6547195

SHA1
a00170514835c98b5429b92605c099806051d980

SHA256
e0e8167fd55e12d05036b22c2e1fd8575210c40aa77bfa50ab08cd3752a7775e

SHA512
b8e28e491eb347967b33028ff9cba841bfe275b2dec2cdcd54ab724f077368a2478e974a0cda2f7b2169dcc10f925b8532ec74fb86b9bb2723d2b269a1658ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
25KB

MD5
bcc828253d91ecf52cbfdd3d0715d17f

SHA1
adf88e9922e87a12d624ec101ac38f94fce4c81e

SHA256
887e85a51be719335acd37214d1fac78f0337749b31660c2d6b5ab5f48d10007

SHA512
38ea7e38d1439ec2d4b86cf1d2cf412a8ee688b409554c2650ba140ee77a445161af7a991eaa7ad36457094a5707bf0b43b61276705efb2fdd477c6f616439df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
54KB

MD5
871825390932114174f30b8bc6317f86

SHA1
1e7caede35bf19115f9bf18b1a916a5be3260332

SHA256
fb162f8d2a770ce317923c13687a3a05d817dabf80aed28b9f5efdf80623054f

SHA512
54180896e9726e5865872f9b45b657e9dc1b57fead3676f3bc59d44db27114238eb5aca627b7ff6b7298a6dbe0a13262e0a0c9cf6221ea4a3eb6e9e1ca6bf30e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
36KB

MD5
21f4955f4e7a07d5cae4a46fc74ab263

SHA1
3e3e25ca71bb03ce2c9b2a495b346b9653568b1d

SHA256
0870954849b1ccc0e6a9754cfbd3ce33f791cde77156d1f84519713ac47c37c5

SHA512
ec857db1522f15d6b769dc775550eb0023e27c080de45f6c091bae25b8524ed17fba0ca84af38459bb1d772bf479327b031e5ef677d3eb7f65c703c03fc70b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
36KB

MD5
80c484a058ca2ae0f9bc62a38223d496

SHA1
8315360b781e7161b79df6bc8def9a66db7530a9

SHA256
d7530b224b4842c08b3bd6e33a059d33cff50653f06b3080504785c6c3997c7a

SHA512
5b3aa4494da9bed0fc7e7fefe00e8343e3e63322b7923bbb959a0d274716da283cbea5ebc4b59f4e508b8167c32479ffa3ce8b36465c6563bc20101aad9f8608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
2e34af38e9f6d04688076cf08b22c681

SHA1
2ea3b5e5b1de645ab2903ab1f77cf7cca91e871f

SHA256
d3ec787a178c5eddd2629e584fc5377beb4b8e25442add91c928c408dca217ca

SHA512
18ea5a9cb04ccb4f648be106adae873b792d69969a0a0a142052289c045c8543da9e43a0b33192c4f39e63a80e7588f68fd88ceeb35748d9e50d6dc4658f7d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
58073167770b63ca5ef0837a7e37e517

SHA1
79fe0c5943ed185864714328ae05e385d7c93661

SHA256
bc8d940e958d161d2c592af80db6bd01c56d7926a49e9a24a344da5bb5fc88fc

SHA512
6151b81ee7965b88254ac953d67f745d9f8a095210580b350df8f3ce979ccf94bb2341707cd113002e88f917e5b727d91e92d38aaee61bf71a41ea53ddeb33fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
551fca5af7ac5a82f9b4fdba342f07b6

SHA1
1b0056ccbe009cb0581b29efde9c5f6f1a426bbf

SHA256
a3a223d48534d038e830acd3e9ac1dbecf9eb50a5c716038ed624d18e48db2ba

SHA512
49705b3e06a652b818a1cacf315d9d2dbbaa08c6809d2f8996dbb78f0d89e522de4237102aa7035e3c47caf68c7bce7103b7e08fa12f83e2ef96ebdb0e72874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02797959942f0a2d4073bdeb65875121

SHA1
ed4f025cc285158fafa21af9631eaf93f8b37bba

SHA256
7ea62a01f437e28d3703617cb1c703f78980844819bc78dae773f2320df7d52f

SHA512
cd544cba251c9b9e4eda3b8ba18a260d51eaa5f910b3360dd4e30c739d71f844d25c53447abed3e09995e9eef65809e54b3ba2c7407bca46700838e3287f471c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
25279bf56e983b7c5a3daa620ddb0a3d

SHA1
c5bf77df294aadeb5a4206a2caeac083f7805971

SHA256
f6086352095dffa96231a64d96f40df5f5bc4c6872aa378bbf93da5647f0d47a

SHA512
5aa7ab35b645a4f7aaf3a034e9ef51a17453e9e075c0e2665e6e43d92e0e03e5646a7291d6b25bfd7d7a8b0b40fc75b5c2131de627b233d07869e9d89843cdaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5985e0.TMP

Filesize
539B

MD5
c4bea98f7e662b302f4f5ada7b0afbc9

SHA1
bc95deeda51a6672808868910cda179996049936

SHA256
5092dc29f9f5ce59de2574c79f463c3bb942b42784d35c553beb0df0fe72e4e6

SHA512
47f8c39f87702249a1292a10939c65d16977af3f5cf01ade6cdafbcc1f65eea945c06b9691648561ce449e1219ab49f160e997a2a0f629a88a5e07645df613dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ee0ca295-86ee-4a39-a437-d4c400d33793.tmp

Filesize
6KB

MD5
fc96096d9298af0dcf4ae949c7339f3f

SHA1
92ded07e91322f05a7ef8f13ab25969ba39adf39

SHA256
400d7af4014a84b3412621a2bc06cdcabde12637e63c48d3b04be52231db390e

SHA512
09f6089958b3313db6d212e5850fc79290dba876744d68d10086030860c84f983f0df5f58fd7b545a085830861c6a82dd53a7bb227de21aedc4339aea12125c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a8cc90bf1d088a388739f975e251e1a0

SHA1
3b818e24cfbc3fbad362f007e3c9e1c41254da24

SHA256
61deaa59fa3cc52592dc46f88eabbbf6f52f76535f814e454ea4b31dce78076d

SHA512
64e3e223852bdb5df2713b5e50f3971caf2bf710561b2126af4b7576be9dbd16140f5d258f4525ba1029a18599a36f17e908c861140d3c402e92ebfc55ff7c08

Download Submit