hxxps://fauc3t[.]com/#download

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fauc3t.com/#download

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
384	msedge.exe
384	msedge.exe
3508	identity_helper.exe
3508	identity_helper.exe
3788	msedge.exe
3788	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 2980	384	msedge.exe	87
PID 384 wrote to memory of 2980	384	msedge.exe	87
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 4480	384	msedge.exe	89
PID 384 wrote to memory of 552	384	msedge.exe	90
PID 384 wrote to memory of 552	384	msedge.exe	90
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91
PID 384 wrote to memory of 4708	384	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fauc3t.com/#download
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb833a46f8,0x7ffb833a4708,0x7ffb833a4718
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3939712380461370344,12009143095745615689,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f6d41bf10dc1ec1ca4e14d350bbc0b1

SHA1
7a62b23dc3c19e16930b5108d209c4ec937d7dfb

SHA256
35947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770

SHA512
046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4254f7a8438af12de575e00b22651d6c

SHA1
a3c7bde09221129451a7bb42c1707f64b178e573

SHA256
7f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b

SHA512
e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\15447b99-cc5f-4f8d-ac58-0864c53331fd.tmp

Filesize
202B

MD5
7fb8a5ba63deb9fd551675f72b776c55

SHA1
c6ece1e34d94b617502b3ba8860949cee5d389bb

SHA256
8436cdd8666c3c322dfe6c8764242df984d7e402478d47d9591653938cdf4155

SHA512
1c2f43f77d0fa1455d896fcc65b84d353cf8c77de758685b63124ef4765e624ea88ceab5e767e35b550c903f97bc08e949d2537770bcb52ec8f84985f25f865a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1ffc7af0-1513-4659-b421-aa0a6773051f.tmp

Filesize
1KB

MD5
62c0e0eb9daaa42b8e2bd68b3c0e1930

SHA1
285bedf7d00d039e453244052e2a1eeb65e1decf

SHA256
1291db6905a80c6d6845bd2518538e22de13a7e3bb126e63808267160efd2b6b

SHA512
d7b1244d6a2712b6f76d8bbeb7a8b556e4033fb7d17673c0734afbf3cdbc1052e0fcc5650bc17da181cafd966b36da66051a3d1866d0a92cee62539926cc5981

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
08bb9a166cf36e3f4658b4c4d00ead33

SHA1
a3129f7eaa36efaac58b45a47e41bde5d96e7ae2

SHA256
c44e21258a7689043b79d60c02ff0c9df22d6e8fcccc04d03c6d7836464f72a9

SHA512
030ae70e944cea24f914e11adff447b2b91337833f42f7afe5d23dc006223af596a9f687068b0e0ab61043f6d68407599d6cf4a8d162752ac32bf00efb5de9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f69f383be492c960f51013a20883062

SHA1
03bbd7db556dcb13116811b9ee647e6f236b50d1

SHA256
f2a86ff2cf40c0e31942e1d64f66aa919c35b3f4fa5c422e683bc63b2008b6e6

SHA512
776654a13e906dae8d62d56377a566a628376446662e90cc2115e7ec140f75c01c02052e1bd8f4083b1368d3a3a60ea690cf1b487f05dbffd217b5920fdd4bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c78f3419c4162ec88240f9bc439a617

SHA1
c1d813243b0f7620b6c4721190f0f4166993d13f

SHA256
09de0b633ca51cff91c2bd0a02d43ca7df17d069577af2e72eecd12e40a5f476

SHA512
0cf3258e859df8d977d767504311e5997c6ed910e321509136bd739d6a45b75e43712f6023ae43c16d5a7d64ab62ab0d451925d14c10d754102702b90ec9313f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0294ecdfb49c389af4af396c134df368

SHA1
7fa6da10bc9cc4bd9fcf4e0e85066e722f03b92f

SHA256
18644fe83fa95c25076fff2024ddde407357800d98c257de8166092beeb829fe

SHA512
9821eace3b6df70164f2f0af331654b19a35494a648eda614bf8880cb73218117f23ed3d1b305d9cef352d992068d3ca32acd304d2dac9c92e5da8ecf384bf28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f802fb8e413201ad3a9552a9a17fce1

SHA1
7f00e7369e788c0e0bdaba0533ad2242c6e47cbb

SHA256
304535afabf888384fa94c7c6e75b102f48a252fa9161ac6bc2ca480802920c4

SHA512
e140fc884ae67d0609c624b8832d6bd845237ae6c55626245ffe340dc23dfd73ee65e4a72f1720c4f3e46a8b1a44f96dddd03a7fd26df2fecc81b8e0f9d499e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0b998a7bbdfaf790044ca2beab80c7f0

SHA1
db220e218bd47a444eefef66547d2db925902097

SHA256
d5478ee885879cfad7495ca47b7fad2f16bbeb0fb73dde2c57573614b740f493

SHA512
b9186d112839f136a770725755a47066fa8d243db7403bfe3d1ef4e0f34e0b7e078e9b49cb99856e446417772ed3a25315cd4c4aca774ca3586229738c3b1bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c59169f61b48f16cb4c96474cbc9079a

SHA1
f20867f65b6da4c7e529005dd7c8de02a6a2b526

SHA256
6606f97327ce09556f07840b9454f5637297f54408673f254c78b1b57073a6d0

SHA512
e72dd7c39ebb293fdf1626b591f5d61dc126bb9224ecf09760ee55cb40cffb3c2e5f28ddde1202f4d46126931e83f6fe4b3fb40be95c233d0934257070224128

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Setup_v.1.7.zip

Filesize
3.2MB

MD5
c00934060bfaa635731e42b1b9275995

SHA1
1a0a467bf242c4785e54c8d107d8fceea874c92d

SHA256
617a3b4a85748bed96d4c0ede5b4487f910986d502c2aba419dc807787482f38

SHA512
82bde89f06a8b550c255feace22dfe3a9b801d64fa9199b8c60e4b741bb1ecc802741f34aa774ed878316160a4fa4437580582a75dc841d590f93e2446e15044

Download Submit