hxxps://drive[.]google[.]com/drive/folders/1VTcYbmiGAxZCJLCQ6QGmLsNv7PpSEAEW

Analysis

max time kernel
1008s
max time network
1010s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
25-07-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1VTcYbmiGAxZCJLCQ6QGmLsNv7PpSEAEW

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3866437728-1832012455-4133739663-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Shark sim 99-20240725T223017Z-001.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
4892	msedge.exe
4892	msedge.exe
4520	msedge.exe
4520	msedge.exe
3548	identity_helper.exe
3548	identity_helper.exe
4588	msedge.exe
4588	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2912	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2912	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
564	Shark sim.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 2592	4892	msedge.exe	82
PID 4892 wrote to memory of 2592	4892	msedge.exe	82
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 3844	4892	msedge.exe	83
PID 4892 wrote to memory of 5104	4892	msedge.exe	84
PID 4892 wrote to memory of 5104	4892	msedge.exe	84
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85
PID 4892 wrote to memory of 2176	4892	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1VTcYbmiGAxZCJLCQ6QGmLsNv7PpSEAEW
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff59a83cb8,0x7fff59a83cc8,0x7fff59a83cd8
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3428834919355024658,6711485356030244445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2560 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3372

C:\Users\Admin\Downloads\Shark sim 99-20240725T223017Z-001\Shark sim 99\Shark sim.exe
"C:\Users\Admin\Downloads\Shark sim 99-20240725T223017Z-001\Shark sim 99\Shark sim.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:564
- C:\Users\Admin\Downloads\Shark sim 99-20240725T223017Z-001\Shark sim 99\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\Shark sim 99-20240725T223017Z-001\Shark sim 99\UnityCrashHandler64.exe" --attach 564 2060080910336
  2⤵
  PID:2660

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004B8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b26cef15e9a3cc82fb429a163f96ac6b

SHA1
718ac4822198b1a21f43b6941d0d8df107fd0015

SHA256
73af2c2ebc9187187d887e4abc8b04561c55f36f7f9cdf20293d522ce5c2f506

SHA512
87f96314ea9a1f394d24de5657e61cc6809c961fd05280b4875a06bb928f4e19dadf725fcd0417f16c93cdceca349dd27dd95d0f8f0f756020322803b2f91cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5efcc43219d778bd14d32016100f2708

SHA1
b06f6726698a68781854bc342a54e06bc4562217

SHA256
a7534c7d125854f7fe662a7951443cad1d1ff0d8d3eb537dde5a381cd3415666

SHA512
6bbdf16b41bbc3ac5d4e2b93683a712d56eb58719799f69cb7240a77f799928b48af2771f76d9d7829846db12d0116e3a8ea6c5d0f02d5e840db1b3c018480b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2c6ac678-072a-4609-8849-3cdc43ccde01.tmp

Filesize
1KB

MD5
25ef53600cb07417f6548bfae0ec5ae7

SHA1
05cdd8ddf409efe1dbc2837c6fc87be465ffc5ff

SHA256
dab05f00edd8e62eb9d2c310345615ddc095449418530d406d04b5a971b8080e

SHA512
773353d343252b1ef1a096c102d06451da6e8bd2b7878a8422aade75f863ecc947352a0e104ae88646ae723fa83164c932793bb9edc3c1daf98b05170ba2bc6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
378e713c0f6b3760bc71d8114730c1cd

SHA1
70af627bc6e6d7560604faf8b2f7fb8267e5413e

SHA256
e6e794ef0177654f712e07103b5c182cd7b74fa5a79777b7168337d277083703

SHA512
0b071fdbacbe8d8a8073fc60b131f55bcab6b0a13ef493a5ac85b103664db3ce754d4b4bf34cfb2dbf1c1675e920c295458b81a2fd28dd837c8d3c50c118a9ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ed1a59e918f1191dee888f7f2b08fd6b

SHA1
288d4f375385425d2a238b68ddcb50340409c41f

SHA256
f0e3ee2c52465ece94441dafccc8e78457a6744d7f1bcdee9f7a3a0671e95616

SHA512
0ae31f0e2326ec1f8f0f68041b0a0945a9936a1d4180278b9897554a20209eb226a832c4878650d63bcaa93b15fb2e73bb808ead207c616236a8b91291a4008e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
07710c47125d3b7fe5ebd645e9727817

SHA1
1d0c0bba1153de20f96fa98ddecbbc42ba5d3ba1

SHA256
93a0f5198c40f755a159a39aef7b13b423837f9e85181f83c8bdf244777a3a9a

SHA512
fbbb13f2655f6d04d7a1feb020c42de2dd87f3f47069fc6af7e192cabe9fe325cf173f1b513047c7b899a5fa446142d7f5f2d6feb187b4c260143135001bd55d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7d0be32faab53c332167b1533560f13a

SHA1
a43f1c148923919856daef4ccca9af8867b6f669

SHA256
1832d5d90faa30ca9963ead6e34b26074773613374186d2509aa5ce461d95ebc

SHA512
667e5e163ca8b1101e2a1a0cd443c518bfcc81a22deff86dcd7ce634b15819aa1f37fc7793a4fbb8572e01c4eb938a3d6574729ceecc5f4c1f573cfb81c6bf4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6d2e57de741c232ac7cab0ef8c923ca4

SHA1
8cc0f9e570affeb1d12806c520c21a9f6866f458

SHA256
8a3c2e06d17f90a47eb25ebdebb1b87b8d44c18cfd04ade3378cbbd37751b82f

SHA512
09211612a39c3dcf44a76dfd05372754804717e4a36b45d56fe2704c21bc781ae65b629f52738486b606800cf758493dd10930e5c83b8581abcc47b022b24e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b580bb190ca253896114edb4a4697673

SHA1
14d255b7499a4dee6057ac9cf1a14b55c96550c3

SHA256
4ac36b5fb4f9d24751530262dbcf4799d9f1ab89b253c8c555c0f94a88206701

SHA512
10fdcc2fd8e8ebcd55e01afe9325ecd37589fa2304ee6393931ac7656870a4da804c1f4a0c05ca430daacc6144a1b70eee73854735e78daa5a77fd4bf05a1de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0edccf3fb4a28fa6bf21eb9baef60cc6

SHA1
ddc22d63a31a6e39bef222e8d8de13c675214f4b

SHA256
d9d545afebe0fac2f0bd6a5fc0452f987f6c3879d02ced3625c8d69e59d40706

SHA512
d5e52d89e1d7c60b8f25dfbf57839aeb29cc5c83b0b27defa9c9aac791e76179cdb0a10095c8fa4447e491612abbdf4b23dba30cf2edc433fffa9b33caa08b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
88a65569a2440b9800254433a5539483

SHA1
a3fcf393e2a77af2005c3066adb1c3ac2d40c49a

SHA256
030134bea35b640f0f774cd6dcf0a586014825667df0001e4c33b64dd2306aa8

SHA512
c3e6076aada1d5d8fcab4afb40ac2aa1b4959e0eadb7cd771d2fe8acee7533485597c8b5ca30f78d921ea2d1481330b984eafb668405b9171fb6d1621cc203df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a4ede8a42dede0d034cb9f58b11fc5ad

SHA1
117f0e8bf94e8ca18a91d8088a7f56d0e207d07b

SHA256
e13f59e32721e28f95f219430c1b44bf1960a2474ee1ded61d3d042475fcde46

SHA512
bb6c3786aadbd10a00b10dd58f24af29af1e73f76f74aef6d4cc704772ddba5f5a25f8a72ff7906e8546e314468fa2c38469e4370f0cae114d57a25c4fc3636e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2e9b499bd00ba43815d10c3f828f77f7

SHA1
d38b116b557964809d8612c60228d54aa62a396d

SHA256
119b2ce2a8bf111dfd5ee813e86666fa7b2632f12fd990581a734ee89efd1fd2

SHA512
89eccf20df0216f974accebe4f8515aec23f54df9dd818eedb2cdbee9826231fb7d5e325bf17c490361fa018710bf0f5e0fe31239d31b7c6edd2350680f22565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eba8bee6625506c38ec7e23f5815fb01

SHA1
258989c6459f2262af1b6b061971d0a8bab9cd98

SHA256
59c8e390273152495a07945b57f810834d0122e45342a4c95cdfbd25b48d5223

SHA512
9e9706e70d6a18444a8598189c02c3381b23f247e85b975cdba25b19ae76f7245299b29b3577da7c2b2b02272ea20fe1cf5ea75da3a9f2c28b921f6ee69ec0bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
af1e3d8653fc22b4134850d17ad7a5d5

SHA1
3ab8ffdf1c26634316ec683e3c2f796c0d994b57

SHA256
ee8da5621ac1e19a194fcdf497febdccca6313daf1b0eda8fdd95c88e0a36748

SHA512
cbdecf646d57f9cc04c9257e2409df68f8d91948a4524a3425f7b679e15be763dbf44c7ea8f874413fb6d50edc634b31d46a2017bf11f0c213fd906e1cfa7bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
120be0c7a433a08c592cbb23d89fbd28

SHA1
ee59b7a0302b42952d85e79733f60766e9f1cb47

SHA256
c2895e0a2c328b25d5a7b358d4fbba63769bf5d9a20353169ffbcb12378ca9b0

SHA512
bd7dbc2fbb36de2391601853155e893302b52fa0f621ed561baf9d0139a276c002b0eabad8507fe487bc5e6f25b0e55e08e4179fd6c4e092953b1e629af3ff52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cc98cd984225273b0d020dabb9fe0007

SHA1
fdbbe64144dd283e0f87daaf950ead82e50256c7

SHA256
3ce773081200d83187947ea3dab406b6e5cecab2ff593a1b5cf2d2e47655646a

SHA512
9320d2cb947358763db22c9c36d8adfff8ad4429316c299e5c701be3a6824a00780b89b404ea268649b798aebe487f17f6b682018c9128400930652ed8d11df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4e82afad33622b32ddcd13e7c9fd6b8a

SHA1
46c0b8e4694415e8be36e178774be58161941cee

SHA256
4c1b99974a2f76c0d1e9ea2a8e931f6efe71f91e883f61c239739cf581cdddbb

SHA512
e945af9aecf855c403d0734f2e3d6e98704d02ea9cc90807e6a3b3f07a8dfbd3f60beab512b758ae177b570340404690d12007af1d73a5ed0a08b6791244f1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e69e68a8b249e5e02a86f039f021d8b

SHA1
45b75fb929c806743edbf930c59dbae52105cfec

SHA256
fb6097d44d460ff3d4bf276ac7169f1971b310811d4a20be0f2cf06cbd0b3859

SHA512
3df2fa6daf6537b555b3d34ace97962aa2fb3202acac187aa66e930d1d89b0f5b8d5925e613b8e5191b9da1eb610c7e71f6bff36027096032b106d445ae5b35e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d756af1be3b2a5dbe8127345182c9680

SHA1
2de14abea61b5f837f04079ddf118bfc356ae317

SHA256
1467183b94a41eddfa7ebe7f43b5e553bc09000339b5564faceb2543c5ff1a84

SHA512
16ea74251eb156722bb221337d591e332cab183b7d5d4286b9bde7882e25dd4449038c402d9b0e8195c4f90fde802313ba64c2221bd8fa786976ba08da159c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
829b306bdff60ec18521c3c2adc42005

SHA1
f329489441a68fa803cab5335a4a2f2240b8dfcb

SHA256
4908d26229ed946b594d9db5f99bb9dee9ca5734187e08d0f1a15efc1dc0717e

SHA512
b4f63b1e7238be8c26437f88552d5fda4146ef00ba87dee7d2ae30e051b09f4efe7316d3516bc15e7039be63811a773a43570976dcea45e472a15432df05a16c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
adcc12fbb57a11d8c1da3eb08ad8b100

SHA1
4e948c40130f2dfba4071a73dc874bf6f1b00f61

SHA256
bcfb0b537fe7f6cf7db533740ed4c43be28de53c6be184cce52eb5d1863eb961

SHA512
634588ba1b930e6f612ebb036400d2b029711561a38bb15843eeb59ffac56f64b26c30ce2e5d910f1c98e7260e0c93af92ecdbe1cdbc874b47eb37478589dce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b9082afbb2f59a7bd12a61e9985db374

SHA1
c440c9a86867c1b25206f613dd4f04c083443c6d

SHA256
512b7cf1fad751c8da7ecab0ec6f08c08a3ada59712e5a9abbd8178438f29338

SHA512
1279da41de5827ea0bdf82dcc7831f275a5f8f9f03c6fce0813060b3d2bc013c5d84cb119e17a1d8eb71b44b55d486d30dec1332f38d3c84c03f2e35d2722376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4357ac1d59bea90e7cf7ea21ad0f6b14

SHA1
53b9226a7697696490b9ccc4bb8377001f696e0b

SHA256
62a9d09b8b8d0d631b5058717b01447d3c0d7bb9ad970f3d26c8ce26062dc5a3

SHA512
e9f99a0c0cf93cfe52b5242a4c0a7a6375aac84120978c2f01c3e021fb8f676fafa6d1c6d6ca2d1b76290ba561499b087577f8574dd6c3f8a853492e130c99ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1cb753c2f5a7c1bd78e96eae364bf9a4

SHA1
5244dd2df3eb9c3586cfec5e01eb858551d1908e

SHA256
25303873c97a48b28aef45aada8a77e8b35561461cf0211bd937f647001b37c3

SHA512
95d7a1a0c5203a91f1c39dcf438099b255c0a1eebe9838621f366fb8a2f04e35a74edf08c0b54929665ea1be95dfa211d219b8cf06313f50a6cf63c674b9d622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1147c14c5fe89b2ffbf282692af812a6

SHA1
c300a07c8c319037a7213007a2cef6b74a91e6f4

SHA256
0aa873b72ed81791634a735cf89b5dcaaadfe26b4426a9a00146436484246c89

SHA512
0a8d824c2bffbda8de31be3c1947e3a6c25c8c3f5337e93d5ffe5576e864885d3fbd4fac8feffea6b751e5f697b691e364c7ec032d84b76e5503e8af452bda5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fff8955f339358b23499a4f12f0ecefd

SHA1
27f8ee7c7bd0a66bc788439682c9947e36591496

SHA256
e4c338366beebd3eb135bc53591eb5b5eae90fff2a73902b074354f53c116dcd

SHA512
0199fd0e9655e53f12e34e1c3d6d3a399e7f7dba61e0d72c7c46eb0c6658d60c9125da20db25eddcb0554dcb9f21fbd2eb40418ce81c4d4707f9fd18631948f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58435d.TMP

Filesize
1KB

MD5
490b46e2ad1f6e23144bcb43a62fced9

SHA1
f79e748ce552f1e6123e7756dac5c1a57aa30dfe

SHA256
54a0b497db43c3b37c0bbff03115002389d67d76fa664fbec645d88781fbb7e5

SHA512
9a4ae521562b9d37da08ce907dd1ad151e1614e42a2db5d30f37b0636b2b3d94d8af33f8e62f962bfd84d77b4a52da79bc66f035a0eb39f9e9c5c93b260faac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
102842474896c9b3e53d4579e0530f10

SHA1
bd5b71e1a8930e4810b07f4c8649cec2cc665429

SHA256
d29c762fc5fbf9da2d585d3d3d259593cd2c18b4e35d57f35d5b15766723fcf1

SHA512
2ce40ec7b0f70c624041f868dd6f3228eb54ed39e6804ad99489b6121373a504abb0738a32e44fab905b52b54c0afafda8c02f4463ac8993c52fdb29381639d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b43ca3bf067155c936d4f9138bfab407

SHA1
e367600f155758f91f37464f252f417b4f25b54b

SHA256
f7338e4cbe7c33e66176f1ae87043f98069b61cc1d62cc319f9bf9a008b850e4

SHA512
3317240368d39fccbbf067800caa8aacb59c1a3e85fecf2ba55cd708acce9c9b2147308f2a53b5c5151349dfc8f660fc48e048b7a17d174a19f0a6a48eccf7f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cf1409c7e76ef579febad393728896fd

SHA1
2f672c18116922a376ce5b4b86597ba6f6c0c8b2

SHA256
5121951eb947f1b0c72b603b1ddc9ec8a062c6d4aeb0a070d7fa7ccfec514300

SHA512
4dcd4a90a219f8c12281a50cf1d744819643651ca3820e07bdaea53338c7a626d59871c0639c2583bb47ba6c5202be542b8b3575ada5b371a7ae47592cf13500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9154df668da9c4dc60eaa16944e5f747

SHA1
1e66aadf6f8aa9e44cd2fff997231849812321ff

SHA256
509d21d28e278aaf367b4a9586ac0ec1354def45b1b5fd57619a788da256d351

SHA512
bdcc71422011c9ff3f18f02b7550353d98b538ed5ab028bf4b5f243ae9117182c493428cac77760a51be0d5998b9ac59d44124cd0a40d193212c213ecdf2fcb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b968b4e787212ffe87212c90a921a54

SHA1
3dc4d7d07b9631da53219a169eb3c3b593961e05

SHA256
580add34acc761f77b4075d9bb4d715a2c9902a2e1f04657b30d694e95240f64

SHA512
d48c7e630686bbeface89ca0aec6da6090ce5e434d82fa04b5c9472fed3e82dcaa433db1cf91904496a909f189d546e0eefea74621be71a9df1204c194c32571

Download Submit
C:\Users\Admin\Downloads\Shark sim 99-20240725T223017Z-001.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit