hxxp://bit[.]ly/rankgenerator

Analysis

max time kernel
145s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
09-03-2024 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bit.ly/rankgenerator

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Hypixel Rank Carder New V1.1.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
1120	msedge.exe
1120	msedge.exe
4476	msedge.exe
4476	msedge.exe
240	identity_helper.exe
240	identity_helper.exe
2896	msedge.exe
2896	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2304	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2304	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 2416	1120	msedge.exe	79
PID 1120 wrote to memory of 2416	1120	msedge.exe	79
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 3120	1120	msedge.exe	80
PID 1120 wrote to memory of 4400	1120	msedge.exe	81
PID 1120 wrote to memory of 4400	1120	msedge.exe	81
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82
PID 1120 wrote to memory of 4964	1120	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bit.ly/rankgenerator
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f5bc3cb8,0x7ff8f5bc3cc8,0x7ff8f5bc3cd8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,16573303357875297578,1919573741099183305,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec7568123e3bee98a389e115698dffeb

SHA1
1542627dbcbaf7d93fcadb771191f18c2248238c

SHA256
5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

SHA512
4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
ec7971ff322d2efa8bd62ad39ed0c6f0

SHA1
b48dbc42b27482761d60256240a15ad1de0773f3

SHA256
173aff30d5a829111b982e368866e8b8b54fbce0d3d7e8b1fe15081b215e39e1

SHA512
f9bd5bf6e51a08aa67d8ce831c38925dadbac896b9d78d0dc121d35f8b06b61f234dff90239a282996b15bf6b65b89f1042b9ab46e93415eca234410fcd2403b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
6ba25fb4d5d62fbad6622c5b4324fbe7

SHA1
0cd1bf50bf27216a6106a21cd96876c6b951d7df

SHA256
d02335e2d68700ffd6e722b23612cd52c33ea8a200907fcc0ebe0a3434a5bb84

SHA512
b9a155cb14590b9a6c1dcbb157c37506c444ebbc8af7b102cc0d32cb0e19a24b6f2721d86aaef2e91ef8d6f32f503c771f8b935f6de065e2e6bb4bd13c9d4d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c9b42be80effc1216ea12c13d4b8305c

SHA1
1c82d101dbfb593406774fc9514941c2ef5cf050

SHA256
5085f33018116d47e4772b3734a089068d5441586d7cfa13499556181932e99c

SHA512
71b631b137ce0673ee16d3dc28506d314f245fc99e745496f50406c722037c914e944936be8834bbc41d2540bd87a786a8edcf8491f75ba0b72db0003c17befd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fcbb36466d63518e31c43a5cc1e7715d

SHA1
d6cf53c6ef214f38ff12e77c1afb0f0692e79386

SHA256
341e5fcc9ca994f4a273be64410a0161e483301ffc83b840864732eb58971f80

SHA512
22bdb7bd4bd2e9b228dfbb70812878d8b21570e4c159432fb8d90c6b73b3bff7aff9cffe2699d61a7cf300a8766950e22d7a1651a9e99fdeaa4169dcb757b159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9eb3bab1ed546301587931a92cae8d69

SHA1
6074bfe0658484841a332b3119729eefa768651c

SHA256
935ad90f0795d9e700dd0979681b054f387a912eccdf5fee6caa38dd1befa873

SHA512
e0d78ffe97a3ea9de3abb83eacf77ff7fc5a29c0308c5153cadf6e9fdeba75ef1fa56aa9389106d9419033d9f034b82492a4f6a31bb37a36f00f51050a5cd181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ba15f72ffb0a37243558588d3e78221

SHA1
814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

SHA256
3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

SHA512
02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
68e298294b6e0435d4a08c10b851e59f

SHA1
746217d24e079d81ea6b6a9c04553547a96d942a

SHA256
5bbf8814387a0a39cf200b35c9e6c594228a902a4999dfd96b377f42be38163c

SHA512
566b2e01cc80db2e9c34006d5d84d8398994528392200d222cc8520235c8a441d365618529878e4cbf50c31f1482a6074cda46394c4c0759b1254fbdfda45d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b0a3.TMP

Filesize
48B

MD5
b97c3ac71c3d480ad8964ad2486dfb7f

SHA1
720b5a9744e898acdc665571298429034cf9c87e

SHA256
b4c258c942a55e0dcd8290a8ba636991dbca24ffee61bcff8d88700a3f78ca83

SHA512
30f715f046a58578848ae9e5d0a8cd048990c686490825df5b15bc7ea98875d0dcb2784d83f92606745d872ba584e43ce0c56ceb80da8f7479e85d94a068bb23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a3c58120765b3f739d005199e4ac5cc

SHA1
c33bf1363f6bb8f793ff86f2c92b55c481aaf21d

SHA256
f255c28e0c42f74f051321bc97ed422182038ed80efc1dbfdd2e6b5617ad015f

SHA512
adbeaafb8257d74959bdfba1b04fa5d15b40fb7605e1547fe3fe818fa3158c3e5d7ec030547d208c51948e98d83cbd27969f4e08c844213a8d571ed2f177a232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
846fb4feaeb6027d7232aa23391babc6

SHA1
97f3737eb3ec9b427c62a79dbb4509a2fd768a75

SHA256
e9379bdb0ea6a3794d39205c576674e2cfc73cda56436b1ef948b29dcad1b0d4

SHA512
f1f44cd78b6fd71a9bd9b99cfa9b98b6e4075e8f2eeae050c6d404ae600a05d529a39a027ccf9c2a022652da12ac066dbd2cd7f12c9d69101b5ca917ad1ead8c

Download Submit
C:\Users\Admin\Downloads\Hypixel Rank Carder New V1.1.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit