hxxps://drive[.]google[.]com/file/d/1VnnRAN2RT_rsaT9lNIQj0UI-8IYYmVGT/view

Analysis

max time kernel
355s
max time network
330s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1VnnRAN2RT_rsaT9lNIQj0UI-8IYYmVGT/view

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1080	msedge.exe
1080	msedge.exe
764	msedge.exe
764	msedge.exe
3008	identity_helper.exe
3008	identity_helper.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	640	7zG.exe
Token: 35	640	7zG.exe
Token: SeSecurityPrivilege	640	7zG.exe
Token: SeSecurityPrivilege	640	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 888	764	msedge.exe	83
PID 764 wrote to memory of 888	764	msedge.exe	83
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 3496	764	msedge.exe	84
PID 764 wrote to memory of 1080	764	msedge.exe	85
PID 764 wrote to memory of 1080	764	msedge.exe	85
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86
PID 764 wrote to memory of 1856	764	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1VnnRAN2RT_rsaT9lNIQj0UI-8IYYmVGT/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,18444744013995567204,2395570674382251311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2756

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2656

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Natural Vision Evolved April Update\" -spe -an -ai#7zMap14532:132:7zEvent29788
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
c2046caa9d7c4e30785178ede27f33e2

SHA1
6e5fc5f78444b422f801180d1cade3897829e1e3

SHA256
24f0a5ac21e0c3b55cbbf24c7a3579c6745c0dd929417c202ba0aa17b6aeafc1

SHA512
b446d3622dd6ed8e06c425d3ec76b31d75fe26ad91ba2e7eaf62d38b3932e7e74d9989a52d6409c26f8590972cf413af75831c128fc88f589f68ac2cfe30013d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a8313d05d2aa70d37c028a2c49fead75

SHA1
029ca5a4b177cd4a22dc3e290352b90d5e1dae6c

SHA256
f1ebce486bc100a2ecd6e6a571a4d33c18a4e8eb16d8922fde6133ca023e3376

SHA512
fdbc637bae10481b58daf6ea22d71087876dd13dbed7b32389505519cea323bd81ef67424854d22161925ccaf1b4d516c580949b024a33a0ff436e2676356938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2f83c38bd03bb94255361fc6517a4283

SHA1
850ef5c51c94ee2ef55c99e3d5244a9748c768ed

SHA256
ab5a147d1fca061cb1381fba4871524e1ffb88c2fc49c1f2d7845e62579ad48a

SHA512
101aa04fe63096ef217f39f1cb286e174fea24540a616c9fd1caa1cc4cf88d025efd946f89807793f088f37a76cfb6e6a38d37e47594f06d7767884e2a56db27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d68749c24eb778fe60163222770ee351

SHA1
46d91aa22cd1bd34bb4a7c774c87b60f54bd1e6a

SHA256
ea667ff5f5c3c30dd7213be9c50f57023110da16f3f70d8844b12e8b964f6f3d

SHA512
5234e8b5a4a7a822fab6c415e08533146418aa1ec15af1f552a5e79511eb7679893e504e7bbbf07a51eebb364f9b7081f0a92b461051ba11260db91a733b402e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4feebaba86bc96598854eb3fd4848623

SHA1
3f4cf479d5b9b59a773c59412a0461726dc3bc5d

SHA256
5d345f236b665cb6e3a2dbec426c12b36dca00f74a90efb52c55986cb27e113c

SHA512
447548a177b3bfb61fec3fe9647fa98586bfa775f6201ecbc98eeddc1e85020c4912c927eeac1ae74e445507c2e133359ae88380aad676d10de5d95d2c6415dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d01c2713d013c25fd334879508bbc80

SHA1
492edce86cc0aed1d2c7c9e8d4100040c2e06299

SHA256
3840f6a20e96c815d1f6966f548d5d106c0b1736c974d876fbf98e0dccfe9ca4

SHA512
32e2f958c2127d6b1c15e408c04c066f4ab02408d6b141fd8c4601c6dd3da92514ecffd32dfa5520e4e3e3bc0deaa86f20acf240ff4ade10e85ee271649a65ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85d96325eb4c72415c4fa7f083f89114

SHA1
6aa9238336e49c035dc430c39be1b0defc8e306f

SHA256
9f8399bf3418c9d80204ab8f96c17604425ec512fe329463d734318319429088

SHA512
3d5c2b3d93db8d690780477aa6aa82f17da6259383a4f88cabd3555a599bca4c4cf1b6eaa15418ec86e63f376d9131f993ef4f72a17b8a3ba254a3b59e7bb230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a8f09cb0592928376669533e77ee4552

SHA1
0f238f983b424388d6d85200d603116dd46bac6a

SHA256
343689eace35538e4e15752126b7678351134c4f68a238083f4cb0dcd1d5f005

SHA512
267ffd8f4b7bd0b88fb31e020d2082ce29d3d16653fca4fecc2cc7f4abba84be437adc1ecb3290622771cae49a40f57e52073053af4dbf18b1c10f7479e7b34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
332b5ceeaf97c163b50821617d212b29

SHA1
dd9de8f5d04892c066886dda970e782dc88b63ce

SHA256
60406f64436bd4ed0617656a5c1f5e002b2b08485a7930a3d54c1671e995921e

SHA512
97b1ee1cfd9191675f3af7007f3fe5eeac25e0c471f92f80feb9116f68a6f4227c320edd44009db7264aff56d7ffde8d63bad7b851c2a026c8e729ad68415585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8091b19e6ff0a31b8d8b04fce7dfe870

SHA1
89ebe6ea7531dca1fae9cdad2687a6d27f733bf1

SHA256
a36c4381f3151fc8f9d1c2822b8953c9d59ef0795fdac9d9b551407b7285185d

SHA512
e84d629b9b1b06dafb74dac3ffe65d1c7a16f6a974a11c69895bcc3d544754364d3f87212036ee30d5473ac35f3bd4d5c849d6415bdc1056d634997506471106

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\d3d11.dll

Filesize
2.7MB

MD5
87345457d3dccbff8ab94e9536de48d6

SHA1
96fe39da29c36e488020a900c78705f3907ef86f

SHA256
90e2c20e103b14d9672c0059b7cdee43e05246d7a83a3e7d02633951c945177a

SHA512
ce3fe48e66f12925aa6ef507e82e178df92c9b80500148c42cd49b1f0a77f3b218060d1c5eae6603c52277e266c7756d1fb6facdf8992076e7de0cadd2bf3fd7

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\d3dcompiler_46e.dll

Filesize
3.7MB

MD5
24ea5c9a9db56b51d23673eb20dd5fd6

SHA1
d248255e107d1b692ebaff28476b526e7af7d2ed

SHA256
ff2fffaf99916720914753d10e1db6e364011bb23da143178250cbea7dbfb945

SHA512
f1a5dce642014b3bbdb477da1cf4ea212f0444fee58d3a636f0f8fc749d0b243dad3fc980feff4f793b352732db404cba5cc5e6e7be5e111684994189c4d533a

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\NVEDebug.fx

Filesize
1KB

MD5
03c013ef0b5dc2bd2c8dee73b854e303

SHA1
a50a8b4ed59ce401157eea2e4bf0719ca19273da

SHA256
064eacc10f855cbc57b0a6946f736e2f6cb843afa43ab7c26fba1669c3938222

SHA512
5ce79ffc0f08a36e0ed800cdb542ff0b275f7b07e2e3591cb1f1c97897a292353bb87b0edc2f714440c5e2b219cd3282b3968d5df0932819eb9eabe0bab25e5f

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\NVE_ColorConfig.fx

Filesize
3KB

MD5
997f52bcdb48d2257fb20c30fe679471

SHA1
3b122420e226d15a4a88d5843d593ad0937d98db

SHA256
ab45bdea1472483b8ffc9cd899282469ec1a3ce4c27ac355d393263f3ecd5c53

SHA512
7af87a85e976a046a85728df58703054c24856b88bae98c50af0cbce4edd82eb67798395d23ac6e20896249f2ff9ce22680f6c06dc19dbea22ad1472bf7c092b

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\SMAA.h

Filesize
50KB

MD5
ac5500623e0e5d00b6fc56756d912922

SHA1
717cbbb648bb32a3ceafc9975391a090e1d90acf

SHA256
a6e396730c1ddc7074d657168641cc6729ff3706b4a1f8fb3ba97e8f0d683eea

SHA512
a76cc16d3eda25f6285a684a51ba16a74682fc1ba844c58a4ee219c3ff41b2a76a3f3756b5ba3e650aed548259b0d8f9046b6cf2bdd2176a8972b0edd63d9327

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\SMAA_AreaTex.dds

Filesize
262KB

MD5
5da0e0577ae81ff18f65095bccfcda34

SHA1
08d9abb7f841d13b41f1605bcaff2d5a07576d87

SHA256
dc55cbf1c76126ea82c1d975bf7cc2990679845ce5dacb990a53f342e1745a61

SHA512
98efbc83458d863d447293610ede3707d73f8a8f39cf021ff74243f0b2b4e271afdc98202391e3c6055683cb26475bc7b7fd085e5aa06275144426984a68fed5

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\SMAA_SearchTex.dds

Filesize
2KB

MD5
441c37dbef9458e183c8ac18734f99a4

SHA1
49dece98e469fa2629412e6226ff75abe2b889b0

SHA256
21270248fcd044e2862b71b2be501be57896d6a09cd342aa640bb3523e994a90

SHA512
cd4088b73a1ab29525a7d0298d252e66622173cf0dbe70bf27fa0cb1b2319465de1a5bb6450efb84b7c061086c812727128ecbe61c666d3d42641c9c6cc0455b

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\_weatherlist.ini

Filesize
775B

MD5
c14cd302acedfa12736f303740de0ff3

SHA1
aa9b8fde723d18094ff15d23d422d747ecc07e84

SHA256
3e9bab7cc6ed91e93cff21aa93dad749a3079af24b5d0c4ecec67c9132a13919

SHA512
8087f0b9b429aba144f6ecd519edadd2520cc612d081f1350fd917f66a42701888d734ed643b32a273ff004329b0ef29d4d6acdbe0c642d53bfa001a5d942284

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enbadaptation.fx

Filesize
7KB

MD5
69031b246768116f89bd88174180a13e

SHA1
b1d7b8bf1516a60e6157bbaa0d0841a4bd076175

SHA256
c4c92e443e3e028f5a6e54718dc1044360e5af782f31c19d5e457db3db3f1d5c

SHA512
c7b6ceb6b88a384c1fcd55128e69324cdab8e9ddc5531e550fb707089bd02c0d412e7dd4311276f07a5c6a04b646f39a53fb9ac8b59a687f9af1b8558c0a5b99

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enbadaptation.fx.ini

Filesize
33B

MD5
10914094c1055dea1a91b343fd1d1008

SHA1
d100da1c83b925eb2e81771c7a6386d07886280e

SHA256
69a60ea8c3b9ba2b1439a8f703efd4a07fc5afef2be889db2a245fa704b532cf

SHA512
89a9f13a17b9cf654c228e1415f7a0cf976bce7fe1ed8f5eb9689ed74e2f3a182e1038f1637729e2e62d8c3cb9067ad5bb9beb4c8269e1a4e9c53a2eb5cccecf

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enbbloom.fx

Filesize
14KB

MD5
59e90d048fa704cf6b0e40569640af69

SHA1
2d4a3c4cee9cd76865076ae529fe785f89a5f0d0

SHA256
9b7d4b47d2b07f8b756f8b8f6881f5cb9f534170551ca6e2b3b4c0d5e3a2eb30

SHA512
6a03c5716deffa437761e521fcfd599ff225312ebd2355982c716377e44ca8908405fd0fa80fca2898484567e7395f78d15195f7274d3172edf8884a634441fb

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enbbloom.fx.ini

Filesize
347B

MD5
4079ec79be092e2714e30e238b34bc78

SHA1
9d2474842822239912e34cef47c63f672e5abbbd

SHA256
b2dbf3588dfadb5a195efdea23af1a24062da5f9018227e047e4c93a6cc22bfd

SHA512
fbdf64822506a3d08f8dc0fd65b8d15611de008d28802d5cc914c7bcfd3b4d098e670b76fde9005263c576ee55c8da41fe9c00aea3d333479cf7b51a2f66af62

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enbdepthoffield.fx

Filesize
16KB

MD5
47505dbd53149407024ad7561cdab43c

SHA1
67eb9d1b45c096d33fb9bf35a12d26596913f8e7

SHA256
3b63f4f6e5d0e823462166052440d4bf60edde15e34d7d3e3770ea2aa7b2861c

SHA512
1d5146df8b9cf53748db2f52b1de615ece7d4f2b3705d20db5e20f19b9b65024e5b2ff007a5a373745e84846d742765a2dbf922ed26f0f49c29a7560fdd1158d

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enbdepthoffield.fx.ini

Filesize
1KB

MD5
9588a695d4afbad3117605799c63bac2

SHA1
bb6db9600d5c7a44e722361ef5bd5f6d48f2eb5e

SHA256
97f760cd6882f5cb48e88c122b1f654e210427f8ff04398cd79927b2a2693a7e

SHA512
0a9180966cc9d5570f5bd9c6392f75c050725f821f1211b9feafa5853c17d90dc2eada7b207a7099077653b1551d56e27a6284ee273a84abffbea97a59033f99

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enbeffect.fx

Filesize
16KB

MD5
18659fbce9a810d2f9eb9eb7788dfbae

SHA1
61d8b6ee48cac132470192250f67554e99617873

SHA256
8ed1b54bcde1880384fe99d04545e400cf1df52f166d9b566cc0659ae7a90eef

SHA512
a64c1b0642587847e185c62c4c5f46b4f7df3268c1e1c286ba587ce328346b864992e794fc2c708cfb1f62c560aa3ccd1ed786919ac7d557a36bf316c1b5ccef

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enbeffect.fx.ini

Filesize
507B

MD5
eeef90f21824714a2cc9c9c57cf842e3

SHA1
a478712aa4dc82ae1ee92d3541c014ee2ac79513

SHA256
066ecdbfcd6a44d9f513a6383e8ef3420472667fccb92776118fdea079846e51

SHA512
ff35d9eacd209872393620d7571d932d7824bd5f4f7513c83a3358564ab63cbee945b649c869940d711c3804635e023d12acd8f4b5dae5a23903d2d3d50889fb

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enbeffectpostpass.fx

Filesize
29KB

MD5
e1422c64bd91f7fe214043ca22245d12

SHA1
7a873fc6502cba760b75c8ae9b362e1665703837

SHA256
a372374822ec9184987140b82acc7dcd914120f4e645c8badf47ec3ce41950ea

SHA512
e6dfc8dd2393d741e6d47eabafa008e28ede0bc25db945068b316515cf813c67cf385936fc7fb51f053bacac4ceab837cb04afd6a8a77561e24c5917e1916daa

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enbeffectpostpass.fx.ini

Filesize
1KB

MD5
79c5331ff75f88ac62604430ba0f0378

SHA1
61cc202b8bc0c9e385a79bb64f886a4ffd1c835e

SHA256
8e4a686857686d2b627c37e7963e5401bfd2f416f0aa1643ca503b7123c61e5e

SHA512
2ebd2db8d40e256a65c6d075dd081a1bb3241008e96f9c10c74470fff3f98d3e750cf627c2001148e27d8d923823a92abe11b603d82304a217d331caaeacafba

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enblens.fx

Filesize
16KB

MD5
2e8d1aea8d516a041e1624f926085886

SHA1
65de3023a70c3ff561171c217d2ab7c57d00800c

SHA256
956204c73f1046308b410821df7971a01f56f3d080a770780c1ce79ec4b5eb37

SHA512
bef280b7f0fa5ed34ba003682a94bb86b7eb3251fa493b84df218fa2f5dcf8f67e5b02320bbf476f29da4b765bf4f2d6af0ccf0d6d30a4ef1cfd9b72aad09b99

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enblens.fx.ini

Filesize
587B

MD5
a06870f36ba021c14dc45307b180a041

SHA1
fdc4c5287109b83815839184318611594728b992

SHA256
ae536f0354319854e76d88c75a7e7ce50ea245fd2b221f18d4cd95559c62a10a

SHA512
4f8fe537cd4ee6dc0ce0b4b68552a6024e5839873ab7fff3b62909d527f05daa161d805b2c40f5e835af32e80e0bda944b787586f0b983e5fc9e6294a492a1e5

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enblightsprite.fx

Filesize
12KB

MD5
279df96f3c3daa87049a03ff10219a49

SHA1
c2995c6fbb8dbfbbc779a60a799b0dfd29d4565e

SHA256
bb4dca578ed4365120f422126f8dafd78d81990f98d51979564407091a551536

SHA512
dbffad8911f6edec038df861848b2bbee8d6926bdcf14a6a5bfc5e620adeec4ea9b0da07296224c6ad803f5d58bd67a4f019d49da03e83d83eceb45eaf8db79a

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enblightsprite.fx.ini

Filesize
206B

MD5
7f02908503720d15d2e74d4009bd5ec9

SHA1
b50a927ac634cb5d23d72e44d06ec6005e7afae5

SHA256
8131790c3c53b0e321ae09cd3fbdad7a84b513a4ac85322bd0b4ee001d8c3ba4

SHA512
1165b3e7115e63d7bf886771a1f616a3976162ed3f6c7cd7ed7b1b1243543f7a5861fab3769fe1d0315e62bbd679f1a8dacf50e55e3be576c8d037ab8306e7f0

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\enbsmaa.fx

Filesize
16KB

MD5
d4671c4999e7d71c86e9cb9023414f57

SHA1
5bd411711b8545d63e594835c76cd667cb4fca22

SHA256
bf315365ff9d227e0b5dfe317d935fd03597ffe5dfb5ed6f1a49cb9b551f9ccf

SHA512
c835895b705d1aaf5a3556f39b6ba3697e28d53e40c4cfe9a7a8ccf04faefdb6e90782ff723cadb5dbfdee4d94eab11ce4a66a1a2722aae8c82aae60af939ec1

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\intlightsprite.fx.ini

Filesize
143B

MD5
7e9cfbb5f7d1162f9eef030861100ddf

SHA1
5afa36c664bd5d48dcb1598b3a46879f36c14843

SHA256
647e9f874376da493b237d4cf193d5444b75fe364dd24f6e77c4262edb8cb7b0

SHA512
4e2e5ee51962fba96766aa27037a56c2a2266b70d6d4731e776c636bc21e320175d28899dbc670a3a9e11512148285e6cf5b668e725b6ca975120c8ef6ae7e8c

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\lut.png

Filesize
863B

MD5
47d3a7c4acc732c5231389d76d370977

SHA1
9a8495a119798bd2e26832a6e0d4dae12378f4bd

SHA256
544f2c0bcd7251ec0d2dfefdfa0ec4d08e5e8f7f9cbef0a1621903272f2dbe7f

SHA512
73d26d70f7048f534f0e47663274dfc3f99ec2c90ab2990cc8c2682a3c6217ff9f2426d28f820a1d077517f0f80bc919960ac1d79f568e81e760d5478425a113

Download Submit
C:\Users\Admin\Downloads\Natural Vision Evolved April Update\ENB (Required)\(3) Low Settings Preset\enbseries\ns.png

Filesize
20KB

MD5
e213015ed8dbbb59e59b465372e784c1

SHA1
f5674734b67db5dba1fe5cdb385a62b6a6811520

SHA256
31eb78554e12d519cf147d0d840b1296f75d2fffe80b5127c83c1b988d3e4b23

SHA512
aa9e2c61e3fab856308c4b22b145e9704da1d75a30862b88aeb09030c15316097ba0444ca779e114d539a0ac147a81b15356af5c01a721f393fa6c66319b5a38

Download Submit