hxxps://gofile[.]io/d/gn61H5

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 04:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/gn61H5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
392	HwidSpoofer.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs

pid	Process
392	HwidSpoofer.exe
392	HwidSpoofer.exe
392	HwidSpoofer.exe
392	HwidSpoofer.exe
392	HwidSpoofer.exe
392	HwidSpoofer.exe
392	HwidSpoofer.exe
392	HwidSpoofer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
1664	msedge.exe
1664	msedge.exe
2748	msedge.exe
2748	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
224	msedge.exe
224	msedge.exe
392	HwidSpoofer.exe
392	HwidSpoofer.exe
392	HwidSpoofer.exe
392	HwidSpoofer.exe
392	HwidSpoofer.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	4556	7zG.exe
Token: 35	4556	7zG.exe
Token: SeSecurityPrivilege	4556	7zG.exe
Token: SeSecurityPrivilege	4556	7zG.exe
Token: SeDebugPrivilege	392	HwidSpoofer.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
4556	7zG.exe
392	HwidSpoofer.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
392	HwidSpoofer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 3396	2748	msedge.exe	84
PID 2748 wrote to memory of 3396	2748	msedge.exe	84
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 3460	2748	msedge.exe	85
PID 2748 wrote to memory of 1664	2748	msedge.exe	86
PID 2748 wrote to memory of 1664	2748	msedge.exe	86
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87
PID 2748 wrote to memory of 3992	2748	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/gn61H5
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc9346f8,0x7ff9cc934708,0x7ff9cc934718
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3624 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16182204925697746027,10378741834813092926,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1020

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\HwidSpoofer-1.7.0.5\" -spe -an -ai#7zMap2693:100:7zEvent9759
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4556

C:\Users\Admin\Downloads\HwidSpoofer-1.7.0.5\HwidSpoofer.exe
"C:\Users\Admin\Downloads\HwidSpoofer-1.7.0.5\HwidSpoofer.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\464e1546-5754-4b00-8626-58f77a8f5685.tmp

Filesize
5KB

MD5
4d8e0dd23a763d0b3c1d4990edbbf0ed

SHA1
879306a735331f9007fc3b5e674f8b0bde562bde

SHA256
35c16ef5f5f42f49d815e00b697555029438c57b4cf3da88c073e48849bb7e9e

SHA512
13550fe483d408660626e1bbad2b68ee1f185c6785a1692132dba6edcb2f648a6128de39f9fe26e8dd09330b17eee211e10af33c85d3467d01bda982340e0052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f0e5401c2effe8d2d7a1d0fa574498d2

SHA1
ff817e711b2df2017b4beb11dbd09bc3b636d60d

SHA256
57d38cf9bf07740ff2f9c21d108c9e9b657b037b9fc693430cbf8dc141a9947d

SHA512
3f5307d71752a3109589cf3eddb53561e3b2f3c700f7d870e7437c692002402b0e2a86e752ff2db00119a225e9738500deafedc567f5f87e0f42df533c8cf855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
390B

MD5
9946e95abe11ffd34f0453e4fcab7bde

SHA1
bd9a25555c74849776d283c7919452d57fe63146

SHA256
a1201e93885eaf1d4410965bd9904ac2cf2270d213a3af0e116860692757b7dd

SHA512
e7a2e35804fd70a8b8bf48cc32b473094670dff4b969365b05bbbd653eeb63ddbb8632aa5a0fe67825648c9f01d29de0a4a323d269b12aac4cbc9d33cedbca3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
afc6cddd7e64d81e52b729d09f227107

SHA1
ad0d3740f4b66de83db8862911c07dc91928d2f6

SHA256
b5e81a7c7d80feaaa10ee7bc8aaef9f21a5c1e4b03b3823ed115022311d674a0

SHA512
844edb69585153c378a7c97709983776fc9303a32fb5ef8122ecca32adfc0b265f5ef7118ee07814da5c020ac7ba1bf2a2f66d46312e4d8e6df99aab2e5f9b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca1894ef300715e9989fb5b43baa9528

SHA1
2f2ea52145b2b0bc46e2a6ef6c306eb33f3c8aad

SHA256
cbea65d0c886e8a7feaa34bc05580d8b5f42e97643cd5c0fe5a37dff1426ff2e

SHA512
bfc7419f59cc80355f7162b5a6177a62e30dd5e6e492d9f7cf4af9f0f4a00b17390e96edd2ab34bd70af255b0905d6c130a283ddfb4d8df6ea6d7a5c701e5d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f133371634b43e58d804ac2e9d94ca1c

SHA1
b1005d90420726d58ed5034500b0457bb268dde4

SHA256
f3cd9595c8c4e799574315ad1b21b20ede49f248c22157d54a880cb8c1d12885

SHA512
5242a4e5918ff8b01d6014698d459a671162b8d4849a11ae0698c987c697e0d02660f0bd5805f22c5bb2523e7669968722c937f567abbb55669f36b6964903ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c384e8e78ac299e04282acc88d7bdc5d

SHA1
0be86d57576e68c49ef5d1c6ee973e5aedd66bd0

SHA256
419f9276e1cb4eeef4b784ab45c3e6b1f403a1dbd2e827dae9875362c32c6ab2

SHA512
e5d0b46014e2adab349fcd4ffa1ea40ed75c432bc356a2ebfa297d0d469230880739f980ba44a3f944a52373183e3edf98a4ee3006f38a27dae675300f341a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
550f66826af2a6648f95b9dfbbcc428e

SHA1
df4beecde37a1850897c1ae75cc5772dcf337589

SHA256
3afdd59e9d1fd25dc7c497a1b4cc99c1a2bc4bafb59cdae4557f2441970ef98b

SHA512
c5c6b38c40d5d167ab5e296b4bafecb3d110d1b23d53cb5b469084a6c5b6200e82a54778ffb49d148a39eab5b7d4188343c343696d20af4fcb95119a1f8afea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3e7dc6105b3ac61cdf9a5095db8e2941

SHA1
07639ae1bbc63198ec2eb07c810b54640144436f

SHA256
45cc2b59fd73abc762fbe72f6dcdb04467a35ff57e5547abf120fae2053af7cc

SHA512
5d924bb3b246baeb6188a9778485261f075b45a31e9386186c4d2ffe5aa80c25126945c4df86bec7538221b390c3bde4562714bd22086ace94bb0eb72c926a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5e131cdd15a22243f56841eb504c78e7

SHA1
c406fd543637dcb9673038ff67d69fa573d72ead

SHA256
9bde323fa820d28d922bd615a10cc5b809a581d6763dc9bdf614acc4a1254159

SHA512
d58dbe8f9b044ce2cc9caf29cccf86e5c06e538ca926a30bd570be10422d619759c48e84de1a45df542998fbc240ed5c5667d0c03d9e8bdc1c9c5b2270750372

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp2561.tmp

Filesize
2KB

MD5
5fe6265e7baa0f836e21b6a4cc31002a

SHA1
2160f9a2897e6ec268d8e64b6f54e8716c8d9d89

SHA256
af4515dad7084823faf5865e9565b8ef61b5995bf9a54688cd70be1539aac61e

SHA512
4dee4d0d293aa2511a06adf1cb4644d187bcbdb45bcf69dd8fd4ee4c6ff4bf432211c183025614d2a5d211ee8c408fddc39ed63f32cdb66f9158776017840997

Download Submit
C:\Users\Admin\Downloads\HwidSpoofer-1.7.0.5.zip

Filesize
10.5MB

MD5
c75bbe6e17cab1a64dcbea76a7521824

SHA1
d19590e36cda9a7fc40c24bdd6f2de6919d7578c

SHA256
9c6e1c3f7564a435e0c0bb09dabd271d74f8b4b552d95af7c78b86202b6eb8e7

SHA512
be90dc67d6f7de264493be7b7bbe13c642f110e687507523fd285695748e460c454fb728ea8570d36e622966b3c419752c3e9b88d2b5f43cb991c0186c36d49e

Download Submit
C:\Users\Admin\Downloads\HwidSpoofer-1.7.0.5\HwidSpoofer.exe

Filesize
10.6MB

MD5
df22381a267d90387393a8621b230afb

SHA1
6853b40f1ff9e987e8f3936ba8e0d763af1c78ae

SHA256
048673b23887b50235a3c0511f5f7978dcbde85747923b0f6c9da557a214c646

SHA512
4bcbf80228d99f32ef92c5a9026a095d1e7b4683a82deb837b853146a1a23e1354cd4cf9996057b976001ab08c17c3112e53306efadd3abedbb5f2b4cdf13a81

Download Submit
memory/392-181-0x000001EF4B250000-0x000001EF4B25A000-memory.dmp

Filesize
40KB

Download
memory/392-204-0x000001EF4B970000-0x000001EF4B98A000-memory.dmp

Filesize
104KB

Download
memory/392-169-0x000001EF4AF70000-0x000001EF4B010000-memory.dmp

Filesize
640KB

Download
memory/392-170-0x000001EF326C0000-0x000001EF326E6000-memory.dmp

Filesize
152KB

Download
memory/392-172-0x000001EF4B010000-0x000001EF4B064000-memory.dmp

Filesize
336KB

Download
memory/392-171-0x000001EF32710000-0x000001EF3272A000-memory.dmp

Filesize
104KB

Download
memory/392-173-0x000001EF31D40000-0x000001EF31D48000-memory.dmp

Filesize
32KB

Download
memory/392-174-0x000001EF326F0000-0x000001EF326F8000-memory.dmp

Filesize
32KB

Download
memory/392-175-0x000001EF4B1B0000-0x000001EF4B1D6000-memory.dmp

Filesize
152KB

Download
memory/392-176-0x000001EF4B1E0000-0x000001EF4B1E8000-memory.dmp

Filesize
32KB

Download
memory/392-178-0x000001EF4B210000-0x000001EF4B24A000-memory.dmp

Filesize
232KB

Download
memory/392-179-0x000001EF4B260000-0x000001EF4B26A000-memory.dmp

Filesize
40KB

Download
memory/392-180-0x000001EF4B270000-0x000001EF4B31C000-memory.dmp

Filesize
688KB

Download
memory/392-164-0x0000000000640000-0x0000000001C0E000-memory.dmp

Filesize
21.8MB

Download
memory/392-183-0x000001EF4B320000-0x000001EF4B336000-memory.dmp

Filesize
88KB

Download
memory/392-182-0x000001EF4B3A0000-0x000001EF4B450000-memory.dmp

Filesize
704KB

Download
memory/392-184-0x000001EF4B340000-0x000001EF4B356000-memory.dmp

Filesize
88KB

Download
memory/392-154-0x0000000000640000-0x0000000001C0E000-memory.dmp

Filesize
21.8MB

Download
memory/392-201-0x000001EF4B690000-0x000001EF4B846000-memory.dmp

Filesize
1.7MB

Download
memory/392-202-0x000001EF4B880000-0x000001EF4B91C000-memory.dmp

Filesize
624KB

Download
memory/392-203-0x000001EF4B920000-0x000001EF4B954000-memory.dmp

Filesize
208KB

Download
memory/392-168-0x000001EF4AEC0000-0x000001EF4AF72000-memory.dmp

Filesize
712KB

Download
memory/392-205-0x000001EF4B9C0000-0x000001EF4C23C000-memory.dmp

Filesize
8.5MB

Download
memory/392-206-0x000001EF4C340000-0x000001EF4C490000-memory.dmp

Filesize
1.3MB

Download
memory/392-207-0x000001EF4C550000-0x000001EF4C60A000-memory.dmp

Filesize
744KB

Download
memory/392-208-0x000001EF4B860000-0x000001EF4B868000-memory.dmp

Filesize
32KB

Download
memory/392-209-0x000001EF4B850000-0x000001EF4B860000-memory.dmp

Filesize
64KB

Download
memory/392-210-0x000001EF4C530000-0x000001EF4C538000-memory.dmp

Filesize
32KB

Download
memory/392-212-0x000001EF4F870000-0x000001EF4F87E000-memory.dmp

Filesize
56KB

Download
memory/392-211-0x000001EF4F730000-0x000001EF4F768000-memory.dmp

Filesize
224KB

Download
memory/392-213-0x000001EF502E0000-0x000001EF50808000-memory.dmp

Filesize
5.2MB

Download
memory/392-214-0x000001EF4F680000-0x000001EF4F68A000-memory.dmp

Filesize
40KB

Download
memory/392-215-0x000001EF4F5F0000-0x000001EF4F60E000-memory.dmp

Filesize
120KB

Download
memory/392-217-0x000001EF4B200000-0x000001EF4B208000-memory.dmp

Filesize
32KB

Download
memory/392-216-0x0000000000640000-0x0000000001C0E000-memory.dmp

Filesize
21.8MB

Download
memory/392-153-0x0000000000640000-0x0000000001C0E000-memory.dmp

Filesize
21.8MB

Download
memory/392-152-0x0000000000640000-0x0000000001C0E000-memory.dmp

Filesize
21.8MB

Download
memory/392-238-0x0000000000640000-0x0000000001C0E000-memory.dmp

Filesize
21.8MB

Download
memory/392-240-0x0000000000640000-0x0000000001C0E000-memory.dmp

Filesize
21.8MB

Download
memory/392-244-0x0000000000640000-0x0000000001C0E000-memory.dmp

Filesize
21.8MB

Download
memory/392-248-0x0000000000640000-0x0000000001C0E000-memory.dmp

Filesize
21.8MB

Download
memory/392-151-0x0000000000640000-0x0000000001C0E000-memory.dmp

Filesize
21.8MB

Download
memory/392-259-0x0000000000640000-0x0000000001C0E000-memory.dmp

Filesize
21.8MB

Download