hxxps://drive[.]google[.]com/file/d/1t8MmMzsL3yXW3RnDGnCobBJdiOVM2Bme/view?usp=drivesdk

Analysis

max time kernel
1738s
max time network
1739s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-12-2024 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1t8MmMzsL3yXW3RnDGnCobBJdiOVM2Bme/view?usp=drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\GD_2.2074_windows_vanilla.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
772	msedge.exe
772	msedge.exe
4120	msedge.exe
4120	msedge.exe
4496	msedge.exe
4496	msedge.exe
4084	identity_helper.exe
4084	identity_helper.exe
520	msedge.exe
520	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 2900	4120	msedge.exe	78
PID 4120 wrote to memory of 2900	4120	msedge.exe	78
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 412	4120	msedge.exe	79
PID 4120 wrote to memory of 772	4120	msedge.exe	80
PID 4120 wrote to memory of 772	4120	msedge.exe	80
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81
PID 4120 wrote to memory of 4400	4120	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1t8MmMzsL3yXW3RnDGnCobBJdiOVM2Bme/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff983b13cb8,0x7ff983b13cc8,0x7ff983b13cd8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,15287325854621419839,3787635797452604740,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3464

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Temp1_GD_2.2074_windows_vanilla.zip\GeometryDash.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_GD_2.2074_windows_vanilla.zip\GeometryDash.exe"
1⤵
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3c14015f-8794-47b7-967f-f341ea80d5c4.tmp

Filesize
3KB

MD5
259c5e181c23488d09b8eab5fa468c3d

SHA1
60bb104ea4505c48c2fc701c19aaf4cc5b7efb29

SHA256
4b2669ddd5e92430f05b476cf591fa726f45bd23cf80928c36a90dd1a882440a

SHA512
e05cf55642fea9967ab3bb27043ccf574f61cb6b589d30d122fe612a6f1520d09b326964af044f57af2c65bde2d7d84b73c4303bff097c710aa350ffc92ebb32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
6d9b21b43379bdf9adbd723be39aa7ea

SHA1
6eaf6475a7dff9ffeb79316c61a2c1775e614a7f

SHA256
b7f4385617733548f1d5b39f2d71475feb99b8c77af465745c809dce8d9a23d9

SHA512
c014ceadd8703ab6c27517d2207754a5d2d37e70d55bcf7647b01612086fb0d8a603a5413b9ed6caff5db2a077f65531dd7d80f19ef90b045d3413312083ed84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e285c7bae272bd2c4e8d137102be3904

SHA1
b4cb49c6f761ad9e06fe7849cae1af38853aab27

SHA256
1b0967333c2c3495677a4e5599f299113b8de7e26ee9953687904898bb8da5e9

SHA512
2128cf867130b88f1796f88a45d2d9a0a4ff67427a68abc1e8665687882f065a8a5ae8a044a537fee729f4b1f72f6e22eb8e617661518dd46fb0bee544a61807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8634c5bdfdc732e6973e5b9864d342e5

SHA1
e1e6b9e5fd4fbfc45b1a59236ed344265dd4f15e

SHA256
1c1a3510c54b50acdfa83f980b54da5e76a07d390d9dea1f5bf1ce9226114f60

SHA512
2300d1de58a6b1fa23f2456df3d2fb26521fe453f1837f0661fe157862f3cc78004800ab911fd6632a54338e8f56f5a02f9453e0f3374b02ce8273a9437ab5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a98d63ec1385f94d69fb10f250e737f3

SHA1
1a7dd157e437a0c0ad677ce720d01c9bb35eab32

SHA256
173426cb25cf555385f4575278edd658dd8eff7ee2e7e2cb369122ba6aa52115

SHA512
35097e98d140f1d1033ef756156baf33e2ff792da6092d463660fdcd290c6dadf435df00eb36317ba277652415da3d48aa17c002ecf21cf0953424a95490592a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0043f610506b2a5725572c14ed7bafa4

SHA1
e151823d619af4295158c98b3bd59cd54f257523

SHA256
ee89e7ca9638090aa3fa876e15ff14032a605ee34d6cd1bc4ce2f917ee99306e

SHA512
43dcfb6039c9e262bb425b10ccb47045e933655bde84396789c1c63831802445f2b6e422b343520213da41ab45b2a6c59d21bfe3837ba25f9d6814949b42b5b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
adf6cdbd6180d8f8c02c6ec97186e06a

SHA1
c0c92fc2eb1360839e5547871d559b9322bab0f9

SHA256
75919a7bafa09e06446b357d78d4a007fa485b69070b0faad92f8a4f6ba1c0fd

SHA512
f0ea56a21a29dee101224f497bab8136d02c5ba712c9804f9930b50b3f8eb9e6e7d171eea3cb95411200a4794076d32ab3dccde04e598312331f95cf28b078b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6123941641cc9ec71744d224b21ca851

SHA1
b38824aed6b7ff0788524a3c8c7e73bb9adbe7f8

SHA256
09763655341b03e237e2ce8de725a7167b69376282302cb8ded60b2b7253b629

SHA512
0fadce8c9213772210f5bfb1ce0c0a037296185ee77c0204a73d90873b31b231ab389769062eec1a1ad2d165447c4c822984a67a49714f00d188f00397506b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0faa596a8ab518a8924561a79ff3e277

SHA1
86dc593349529cd78844f02641c992796b4a015b

SHA256
886a04b88d3dcce25ec22d8585ed8f6def42a8718f4839eda01b05ca45763a3b

SHA512
a5389309fa4635579c81f1f460f4391d5ed7304e95047a6452d71500ef655d478218e2ff3752771280af2d54c6a8b08ff0d285c3bcc9d11583f73f502a74926e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
080204d2ea96b9aa53adf408eff7d032

SHA1
74d0e43bfa61b193b4e937b8101de3dc21d4346e

SHA256
fef7023da04d460195de91059f4130f9267d6ce3d3576b68c54a5e591c168854

SHA512
69cf4b0f82f323e673e328acafa02364e50fbc8c522a08848358c1ff9eeb71f3fbca5bb4f0a0748194ad6a416280ebae6d2f13b21d1a581fed17422d0b06ed9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dbc9b7eda09b6e147f6829037960941c

SHA1
ac9320348b01bbec68ca0b2e4a51aa484ea3379c

SHA256
32508203ce98796e043d2d35734d10e51ccd85baee261a6b861b13a7dbee0974

SHA512
9ae41e528e5e173b88277f43bf5b18db36e9a03fffa3ad6cd08f5fded6b12c184b75c6e9ee6ce8b4decd698c34ee3c08b2592c4aece71b48432188ead3529136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f6a9a8d79493186e3b475df13c0c9740

SHA1
ca8444b69df6a62b31329c243cfaa4df4e4b7997

SHA256
b435b094b521faabf2f59426a74dfeeb5a3a9496efe03ee5836de55f0585d137

SHA512
7fddb4e2e0b8386bcea1dad4827237debc230dc3e3626cedb16fcdf210b85af6044a3175c1d9591b0cb65cec3ba91294e12c73b10b07d3adb3bf6d79c48aa371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b3bc307d3aa22304cf776973614200b8

SHA1
f1cd3d5da57205e846121a5cac21983feb608a0a

SHA256
26dcf6bc31011ed63c76e8f5529a8edb00f4a9bf289b9ec7ea7b92afd337b804

SHA512
3c11041f4c5a7ea0912979363fd490549d61ec6cd9e3dcbadec3f1e09fa64169ca82d15071bd4ce5673fd038f25cbf3b8d526b4c5e9d6dab70119ba8783a05ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
30fcd02c706d0c290c45afac2bd909a6

SHA1
7ed91c33ee53db477a9e165755cc9a95687cedac

SHA256
fba38e0d2258973bdf4174da9d337fd1c92c5c45b8cae64d13e7468d3beb6c55

SHA512
f527f06a4993b0969627dfbcac280760cd57a970e87ce35cb4830239555eb00ac789b4f4a7185a679da3d1805f1ef0b9cb5da632d75f9665a0f5bd88af4b0f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
43d3ae241986c768fbeea8f7b1dfa818

SHA1
37307bab157e4721bd43bacfd07574882150739d

SHA256
feaadaa58490d7afe2a23a52003a9df4597d4a42acecd74d5143ba112086f452

SHA512
44b0de5f392d65371e74a4e20162f0987687f567dff559412749e2e311af669e1b9e0aee66d07195d2ad45598628d66f010190510aa3cedf494d62e7ae273e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f05cca01c52ef6b78c6d56a74bd7071f

SHA1
c5244fe8c608f73981797ab8fb23a106dcb4f2d0

SHA256
50112c612acc1e5509d585088769f32b290574658b212d1482069013de21162e

SHA512
e52d80456d95feee0d21bf4c3ba33444fab924e698fdceff3d354a372fa2edcabf990a6cfddc748eaa8ed5a07b2adb90ac67a9f55733f24ee56038dffa0dc432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c2cedd54c3741586bb4eb1ae58da214c

SHA1
9ff1f5d6c0699386e3733ab45c15ef58fcf5c802

SHA256
6340a0ba66f6426f0c624e1ce41ae1bdc6d98b525b5d022cb007cd4abcd452dc

SHA512
3ebe268b20978db12729a7d8379ea81b2ddfafe9be21ee3c8b36a484a32eb70a13a7c823d750a41c24ea9db4dc836e0b746d7d940559507de7428675d37fb9e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cf9f664a52b7f641c9eedeaaad5c95d1

SHA1
e1ea4a46111f1987ceeaceac25fb042e4aab7251

SHA256
a929029d9ba58649906dc027c04ae62e8319dd5da26a9a230722379ad13e56ed

SHA512
842369fc5e2f5b3570ce8e5d2b35e04c70cf7863f900a3faf55e1fa3d2a88b269332a4b70be18e16f528edd35b69383cabf163b385653b69d697dbb7b6b92598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f06691db3181ea33b11dcd04b8900b7

SHA1
59662d2278e131aa8aa482bb2a77d4d0c7133e27

SHA256
993098b1bdf15d6094bc20ada1f5ddbad7eae1303374f6d711c36ac4afd26e88

SHA512
5650222ab445f5b1e404f0e5b167b86b69ed77e5a1ad09b322640c74e45ab28489e95a8f8c3393fc5c9648b9a71ef80a85bf4e6bbc34b6c49d9bba67aa7401d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68337325559826caad298542ee49ab51

SHA1
1ae465ffd885fd72048e7e1d5675d0065b8226e1

SHA256
483d07eb83b9c112854738a95a883cc3d2d67ed7a4cc8235d50bc4619446e2b0

SHA512
4727f31d2eed4382cfc7da4e3d1fa3dfbbe4d78c0b622bd6308b4114f797e938230268b5d370be13470cc3e3476e5c71395cb87185791fe5e0d756a30004722f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
df62059206ae5ebaa34e6fd465be5103

SHA1
a25ffbe8ca85c6e8a72bab85cb19446472ce7d06

SHA256
fbe99e30c246e734bd356aab8d94c315abafb3e0e73aec86c2e44c2f2f8ae07e

SHA512
9e81beb9fdbedcb7fdadf30f0369d131f8babeec65afe08907475350cdfa97e5a434c57ad881ba0c08ab3db203d896f8b8daf2f877208ff7448f7367f0b9ba6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6847bc20bc6b4e2b7b423667d5660205

SHA1
a8a4bca554c3f1f476a2d4b57b12c2b24e562538

SHA256
c36744fd9682885b388d3b8f373534566e634b155752d97a571735d5f9b5cf5b

SHA512
a8133db6b6b56457b4b78a6a3184a3f34db6ba32bd91a7b563f7d3d067799b4767b49b7a96e63b1a9d69fd5fdf3454ed5c495d820ca51ee3c4a572dc794186ea

Download Submit
C:\Users\Admin\Downloads\GD_2.2074_windows_vanilla.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit