hxxps://mega[.]nz/file/piNmiCbI#qXloxd8EBiWYSVm-wccGiC6kOxYa77MDAnNGpWLt0W8

Resubmissions

10/08/2024, 23:51

240810-3wk8wsvbnn 3

10/08/2024, 23:47

240810-3tbaxavapn 3

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 23:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/piNmiCbI#qXloxd8EBiWYSVm-wccGiC6kOxYa77MDAnNGpWLt0W8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zG.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
4680	msedge.exe
4680	msedge.exe
4912	identity_helper.exe
4912	identity_helper.exe
5200	msedge.exe
5200	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6132	7zG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	5008	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5008	AUDIODG.EXE
Token: SeRestorePrivilege	6132	7zG.exe
Token: 35	6132	7zG.exe
Token: SeSecurityPrivilege	6132	7zG.exe
Token: SeSecurityPrivilege	6132	7zG.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
6132	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 1996	4680	msedge.exe	84
PID 4680 wrote to memory of 1996	4680	msedge.exe	84
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 1948	4680	msedge.exe	85
PID 4680 wrote to memory of 2548	4680	msedge.exe	86
PID 4680 wrote to memory of 2548	4680	msedge.exe	86
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87
PID 4680 wrote to memory of 652	4680	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/piNmiCbI#qXloxd8EBiWYSVm-wccGiC6kOxYa77MDAnNGpWLt0W8
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6d0846f8,0x7fff6d084708,0x7fff6d084718
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,8632878929968535189,9063245258981164902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x15c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5008

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5432

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\rip-bozo-cheat\" -ad -an -ai#7zMap14122:90:7zEvent5448
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b7c7becfb17414d86be3a1a3f4eb9c09

SHA1
2423e22960788d29c3fb03642ac9b893dcae5c4f

SHA256
522f3643b8e06ad6bcc8f39ec0065344ac2124c026626b307a593b3380199370

SHA512
f33c854cfad8e223908bce7c4213bf978c75084cfcd1e37cc9018bb859270d3e2a22c113d339411c2962e5c97e8617c8fd903f926cc8bd68dfb8a567d863c221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f6dc9f277ff5b3bfe7cd6bd515fcd31

SHA1
039c350f802a10eac98c45ecad270ceb12756210

SHA256
b148331138558fa64e49fa0242c0d9c60426be145a21f853e3469474a4a0d09b

SHA512
825343adbae35e8a5883e5112cbb6989f716e2efed436d8cb1e040df9ce4773cd71f75ec3dce8ba62bc237d97608d9a8bce17c6f0ee30dd7c26369651338839e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d171654c0563486893b160cf3c3a155

SHA1
f08959e0340533283e79b7b64d70d263fa18c857

SHA256
395222694ca2a9a2ec9ed9dd1c2babd6d80ba186d447bcb64e9957545fbe8729

SHA512
eaf4c2339bdb0895d1aebc8d94370c26a618fab672044dbad167a85a2d93762bf618dcb27e13ba334eb95b56965fb0b2ad30c753c7a62c8084c2d0fe06d810cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a56798f0e9229b6f161372aa758cccf4

SHA1
b6b2cde074f4bbc46f143de454491253df8cfb0d

SHA256
eca52e6fa8c4781de5566e4a26cf2b08a6afe2165e15f80fa5aa3cc37c0d1f85

SHA512
168f2f3ba0b725e3a79397d44c82b000e1fc7755dde8e815757333adbaafecdc2a4e11509e66ab8eb5432bcbf02ab8524a3109de2d6e1bdb67d0676dc6e9d983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
475ab40402b832e316a27fd79a1084d7

SHA1
3e43780cd45906da003750f6e61010a567d2e7c3

SHA256
1f01114b726b6b9a6d12e03c2462f92ba722174feb52654018904e29ce9814a3

SHA512
c40c66f6d97c52362d28dca468584de4bd075ec1373228910de24263d4ca9f1f604a8781e122736988f5490a85e6a81729ab5739730cb04c70a687f6fa64b552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582100.TMP

Filesize
48B

MD5
eb8986d5c2cec14cf61982d802cdfac4

SHA1
419747fa91765a857697f08a06a889f997d9c5aa

SHA256
31216b77656af6888e5627e12c036799146777275395e2d7d879c0c572feb445

SHA512
f990886acc017c2748996ee370b41d9338acda49d1453f043dc2263309cd382f5fc1b3e955ea210b43174f679edfafe48960e3ed2e6c4fa9f5dd6e2589322c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9b88464d221a6ac6964f7ab15aa05f03

SHA1
d6d0a1307d61a0b11a238e4aa6e42edba6f3899b

SHA256
29696e50b334267d28c038289b67ca724b99b828de37e220d54cfe02647df465

SHA512
e5a11043cbf8362e5cd4c34862377e241de1c50da6e294208a00ff95e46f939e5cbd06667cf2a54f8bff3723d0a32541c5586e12e46da9393c7ecdba51a2c276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15b6bf02ef9a36288cdb0fd32add8cdb

SHA1
4dac8154196d94e63598822a4ba9d47dbe1dcf8e

SHA256
b4933fa7246ad00276e1cfbc340a7a3e9e75580b3fed4992714c9d92306db6c2

SHA512
934bad6c47c542b6382d543588605a804176c80bc80d65c3e11873e74f05e1ca63ce1a5b4a4a7c2ac1ecd8ba85f64ebb472fe5ae412ba4aef630b3b311aafbd6

Download Submit
C:\Users\Admin\Desktop\rip-bozo-cheat\rip-bozo-cheat\death - Kopie (10) - Kopie - Kopie - Kopie - Kopie - Kopie - Kopie.txt

Filesize
19.1MB

MD5
a13bf50465c64acc6381c68e27a07940

SHA1
b6d6aad5cae9934c8a21fee7ce07a71c714b7c4e

SHA256
d782c0e1efee09f8df627cd21d10d7eb7937a14773553a754d49ca71a398bcdb

SHA512
baaceae40ad797ddefb510717463ba146dc7fae7f72250b7a71c2fa5cfbed6e2ea2dbdcb7e942d52bc86d8b069a1b410341705c014f3634bca9831e1aebab20f

Download Submit
C:\Users\Admin\Downloads\rip-bozo-cheat.rar

Filesize
25.4MB

MD5
2c910498d2b3f917cd7ff74400790c4e

SHA1
714ed2aa2dbf4d25d99e8ae9b2c787e42c962baf

SHA256
58befb2a95622b3d773e8c96a7aeba93c693112ef743907bd778799a315f34e1

SHA512
18afd71f8191d22e2b1cfeea4689ce29d931273f03961e8520cfb95ad2fd5e76907d765f7a217370cf6970c5aeb655b1e71b1f8efdc094c044c74dfb3b3eec23

Download Submit