hxxps://fevreka[.]com/qwaz/new[.]php

Analysis

max time kernel
421s
max time network
426s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2023, 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fevreka.com/qwaz/new.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
3616	msedge.exe
3616	msedge.exe
1400	identity_helper.exe
1400	identity_helper.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 4044	3616	msedge.exe	87
PID 3616 wrote to memory of 4044	3616	msedge.exe	87
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 5044	3616	msedge.exe	89
PID 3616 wrote to memory of 432	3616	msedge.exe	88
PID 3616 wrote to memory of 432	3616	msedge.exe	88
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90
PID 3616 wrote to memory of 4524	3616	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fevreka.com/qwaz/new.php
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff83a2b46f8,0x7ff83a2b4708,0x7ff83a2b4718
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14255134670687464659,5167479429350105107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5ed6a5311be51086b76e6b04a8ec34f7

SHA1
2975910e6c52992e2d1cea2387b4dd6e16ea1a4a

SHA256
a8d7660fc4b9bb91d0f6446c3a19a4c72682de8731624e8790a6152b5a48670a

SHA512
66ab0f9ead4931cc4cdb33ac119f86a2be76bc84ba9af3bf873ea989c49fb65cd925e7d795d4be13909dde1d2a8b58e39747dfe2891dc947d1f414cc7f0fa34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
99e5e8a35162669f512252db0e433ef3

SHA1
3594db249797f6f0e608b441cf794a16e903259c

SHA256
add030b9927cc5e3b33f66890c689869c31a859cce37daaa59c4a0549a514faa

SHA512
5d2febc8ebe643bbfcbb0fb52f3ac9bae7cac2a88ff8608c5e310ca17b1c9915624c7e5e59c7f612c0cb4e310f384f523270d3d685be725487394cd9ea9f9c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
797B

MD5
583b7581a7e0d50f8d980e6f91f36efa

SHA1
a84d15e98713b502320962ce11d5a1a8d5e09996

SHA256
a43aba7ae34ae232e8840bf1e6369a86e72259aa49c1c618fb8c41c8ace3b390

SHA512
5398a8892b53ec8574b12c5a82e83b22f194e8aab2c8db3f58fea107f46c0075310a9b003018994d0f00d9f4170944fc1dafab7919fc22903744df2bab89a1b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
766B

MD5
4a09abf804e98353fabd11dfe61e10cc

SHA1
70cca55e403097bd57ea6f36b8369c3ce18ebefd

SHA256
193f57b05713a9d6b9224b587841795c883d26fcab764051968bf219cdb0e0c2

SHA512
9f0ac190fe59e5403d815009aacca8fe42f9853568f61f1fad29a347250482a9cb123719dcf465710e340de3d257ec96335215c84e121490198bd5253805c2d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
735B

MD5
42781c315dd490c9e1ccd71bf847f98b

SHA1
9da48eb693baee8ff49d862e50c537967feb9edf

SHA256
f2400b23240bc495ce0f0634e1565fb2b8328751b1b0d61be88a569d39359999

SHA512
55f56d3e4068327217a27298c9cc37624bb8e775fe4d962a7997ff7bf20507e65fc4fdec20c0191f8255cc9d342da5f5ea70da98eaace231292a526f70ac1701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8836fd5e42796f6f619b9ab4035c2e6

SHA1
4b9e820ac0838a986935ab39c9052c704cc59872

SHA256
404fe418e7001043833b49cea8d07c14b8a3c2f4f576bf35f3ae446b23be63e2

SHA512
960492e388fe5e7e12f7d15698a4d4c96c91a3002378f6f587b18f0bf281e2442193d29ae3a4bbd33ece549f9585a6ba1a1fc7280f7e64dae12ec7f91ec5cd07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b72b4f183a90ddab913362518046aba

SHA1
8abd4702665ffd452a8d96b59de3c43b817abb10

SHA256
73d692851871fd6468eb34fd6109a11a349e962f05d1ec772a4338b6d6ab737e

SHA512
dfdadea98bef0b4f71867c3ff8ba28653dbc54d1e3f6f9d5b3fe0eccc4177571b99da480de1b139f43bfc6110be50c6e909922075f3e492ab34ebc75414a069e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a4386beb29dd73eee9cb80d01bb937ae

SHA1
09ddfa393ba90c14e4097ceb29c0a2e92366ada8

SHA256
044305edf028e3967e8d9c32e95151cdfa1414770fef996556408f385b56a4fb

SHA512
449b9af20ff169a5cebf25d834b0bd8debfc6c365291ce06b6e317143a386d8996e20971f90e8144914278715647f4065d0ff5e17a16917dabebb2d2ad2dcf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7da9366c985fe0656c26be504b8bbbb1

SHA1
f9cfc2ad592dd7600d294c35278888af02f1ca45

SHA256
e5db5859f5bf86a33bec4d4a748461aeb68b1026856b16e86228c1d5444fa4b7

SHA512
aea6f23360d93f7eb789e2e6e01c22d6c39f65bb4c558b8dec44712a75f11b3755311308e73f455db57503560081d0593a99653a01c238bbcd1e88f917d6c315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5bc0b8d8c5709c04e265f86a13baec9c

SHA1
2c689db4bb731e27e55068d6e4d808dda08071d7

SHA256
9b6c204d76de12a5cd4dbfb123ed505f17421427d4283ec0578f5d50ee69a680

SHA512
38bae71024db14b24f5abcd9862940d8c97be4c060d1c4c557ad259114819d3fe9985062be82df6c73e4d24f9ac942cbed36e270dbb8e6897bd57f9972150ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f02f413baef56e88b12c1d3d53910dd

SHA1
c761e34f8fca834465fbd910f2fdb0b6c2c245d9

SHA256
230afa711cd1d760962b4b744e7019bf6525ac8d919e10d2b81d2458ebc9f53e

SHA512
8f1a8210496e615d55bb9a707207137effcee9557b1a8cc5dabbf2fbb3b05a6930fd6326dc75a03664a6cd36d75ddfc83dba9d82a65bd928a3c236bc03f26beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
917dedf44ae3675e549e7b7ffc2c8ccd

SHA1
b7604eb16f0366e698943afbcf0c070d197271c0

SHA256
9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

SHA512
9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
91a815f1aa92123fd564aa10378e4230

SHA1
e9aff767f0ed553035bbbd122beb59d42aa0da11

SHA256
285b843fe4e01f63ecc1b5380e580714e93407c8fc2c27973483a11d1237824d

SHA512
51643f5e5bba69805edc0c60d2139cae1427c35fe4d602ab2885dbcb172197a4e071e4b5e6cd59603d52fa50172daab6ee0ff47d3af3b1a31d7df88b21a815bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587412.TMP

Filesize
204B

MD5
b685b708578c0388eb4a50190286e63f

SHA1
a7c21c1b16629e860f3a620691fd82f0254451c7

SHA256
84279d15f08abee6fe4d1dcabd0dbba0d5d78c4eacd77931bafab55cf51ce7f6

SHA512
aeaba5ea58806e767c50a220a346f1e3f24e4953007fb809aa97bed96081fee3a198aabce3b8616a04a0b4b4f5403c85c600d5bea391caca23898f2a64f4cb8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ce70c3875bffa6cb437716032640064d

SHA1
fd572a8221d85bbdb730c791e8be5d82622d4ad0

SHA256
4a7ad935cf75a6823e4aa049d22da74c51c65c5aa795dc4c64fe158e1253cb86

SHA512
00fa25e9fa8d9fe222fd66672f783f2919cf162306d9597fef59140ab7b6272963e6036e1853311c3b0a20dbb1b6494f6ec58aa5109c5aa6e7f8fc8579c71698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
40c81f848fe750612e99f0328a7152fc

SHA1
8b29ebb8722cecc01f10407116b20b9d5efb57e7

SHA256
53af35dbb2796ffa624b1c263b79875e1e80fc90c512c1217c71061ba69e368e

SHA512
b27c2bb897d7ab1661e7396f3ff5ab3e34bf547d3c679960c66c98f5f594ab857647c54e430f302e30b0a8d7c7cf082dc23939d1d67d8a8c2249f79e4e6bf1ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit