hxxps://drive[.]google[.]com/file/d/1EvLXSS8cjCHtY9fJ0YaigcAHa6Kqkavi/view

Analysis

max time kernel
290s
max time network
300s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
10/06/2024, 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1EvLXSS8cjCHtY9fJ0YaigcAHa6Kqkavi/view

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\HWID Bypass.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
4628	msedge.exe
4628	msedge.exe
4740	msedge.exe
4740	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
1568	msedge.exe
1568	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2072	7zG.exe
Token: 35	2072	7zG.exe
Token: SeSecurityPrivilege	2072	7zG.exe
Token: SeSecurityPrivilege	2072	7zG.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
2072	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 1488	4628	msedge.exe	80
PID 4628 wrote to memory of 1488	4628	msedge.exe	80
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 632	4628	msedge.exe	81
PID 4628 wrote to memory of 2368	4628	msedge.exe	82
PID 4628 wrote to memory of 2368	4628	msedge.exe	82
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83
PID 4628 wrote to memory of 1204	4628	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1EvLXSS8cjCHtY9fJ0YaigcAHa6Kqkavi/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb733a3cb8,0x7ffb733a3cc8,0x7ffb733a3cd8
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,4289959686114710031,6164841556859439471,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:776

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1904

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\HWID Bypass\" -ad -an -ai#7zMap17574:84:7zEvent20740
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
408B

MD5
151b2da686115c6014da1816e28612cd

SHA1
351e8fc9ef7772edca094c510aae3de497441091

SHA256
1469e88417b33cf263255061150ffa399e18d7ef725d4a28fa67c08a5808cdf2

SHA512
bbca7690a19e9573b4aef6d6b9e99e114e3b5249749b7953bdc2a0224ebbca9c58daf904b9dfaa18d66c879a0236ce1b43edee1c0187b2a502f9776de4feccef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c3e623cb0648ea485a7f9d30819d4feb

SHA1
8c809abbf688852cbb2c34b10ea4185f46bdb294

SHA256
f7a4351d7577506ca3e0778a6b585acc12033dc102d64539cd6fc638387c7c29

SHA512
c1de602b56c0992769770c96f407976931cd4b5f4127c870041ca6986a7a67c617ab3091434b0706d2ed63125d58569beff92714e120b0d3b179e8b4141600da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
127e1a03b2045a35fcefb482b91b3d7f

SHA1
534bd721373244e837641fbd165de379fcb1e9da

SHA256
0ddccc55a4f0c77cd764d3227b672855ff7f3be11f1e3a4f56dfd48dfb005b10

SHA512
bfaa795edb6678a48f8dd8848f941bd884c8b04534a8ab384ff427358784084181f4cbfc59260a619c671d5d82883f2c5d132a769d958737071feee4ca1e9d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
47d70a11e4da27deb9b0b6a92227f2a3

SHA1
fc5882acaf63073edf311f646aaad675c1c95e42

SHA256
8ed07da76bfde3d2895900495f02b8731fc625a84eef5af09223ab2c657d2c22

SHA512
44cbcc021c93721d7032ae1b3ae83d267350853e22b3c5a660a728f1adda63406d2c2a15b5289d53712ca4244b282381df1058ca337efd41071bf24b28f84546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ce9e5d05390994c1bd8bfd2e89616976

SHA1
28167d44c8e3d2a0cfbfac50b50d2a0a8eec9d12

SHA256
31025c5f8cdf7774db32e2c1ad697e1157277899a81e4c47af56bb5a5643dacb

SHA512
c04a89763c42888aa13331df057ef5de84752e3b9eff3ad24e5b33526654aff3dded25fa4a022963db5bad6118ea43d4bd3bb6fd8550a9ca7b3069a8123342dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
00f69c3620cffd0ce20f144833c55231

SHA1
a4a1037eeeb588fca21975549386bfe4a85af4f7

SHA256
ab173dedfb5d1ffc8c06799d8bc1141a66ee364c8b5969bff1b08cc8461ff078

SHA512
7df39b02997941a8282cb98eaccf512cad019ff67d9829545f355534017085e1f6e2bc407b0db111dc4bfb6b2a6dffec3b6d1fc7ba5c94dbef005669607d21b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
635406cfa646dd9a262155e324f0bdf7

SHA1
49bae689b25d27a1646600b4434afb6db377d4f7

SHA256
6c9bb3dee5c7a67b76175f4a7adf84b37581b8f5db95b406dcf678190a2f1b03

SHA512
bf3823795435382a8b2b41eafaaba7fedfb606c58148989d6b09f69a036bd6a77de8f768c8d189956153c157fd726b809290b5c5c5be350879a97007599c2734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b66882e21e14113ade42e6314c902479

SHA1
e8200b60719c7e87751462d67d4aa99bd1285786

SHA256
620ec34a32d59a106ba81df9d632f575fd1dc2244cf0393163fe5bd62b83c46f

SHA512
4ff74b7e9dc2bf65bea9120a5f74f23d1a16210206ffcd13be29bd54d0108fdadaede90cd18e63bc768f6e802e51e49cacccbce1a94c1eb68b620cc0fb609035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ac191ec3bdae55688feea98740f9327

SHA1
27b5b8dd631fd0ef82926122e3b405a2799b50ac

SHA256
571be1081552707e9a37ac34ff4f2162c7dee35fe7022a7c282cbe5ded856ba1

SHA512
9d775e26833601414c1eeaf568f8b6a76138762ff82fea3e5eba95a8842a54fce17e02f27e7574017fe34388cb68498a5499e1ff703cd51a9a9c363ec89cf258

Download Submit
C:\Users\Admin\Downloads\HWID Bypass.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 662311.crdownload

Filesize
3.0MB

MD5
998d4ee0271d8f535a4d03e686caa251

SHA1
4f18c1d5119522efd949e58f1891e2f80d9ae77c

SHA256
f2ff60957f197cf7781d73f0111bf3c7938e324cc8066eabe9f7eb34ee9c0c4f

SHA512
2b0472d5a096035ae39961e99ac1f84e2ac8d76a51ef2c75900d7073df4687f6e6e367b32750b461743143414f90b586b960850cfcd06393d3461997b819379d

Download Submit