hxxps://drive[.]google[.]com/drive/folders/1BoCUm_C_Zsj83moh8k-eOiPR7tEw7ucP

Analysis

max time kernel
92s
max time network
95s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-01-2025 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1BoCUm_C_Zsj83moh8k-eOiPR7tEw7ucP

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\VertyDayPreset.ini:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\VertyNightPreset.ini:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2612	msedge.exe
2612	msedge.exe
2760	msedge.exe
2760	msedge.exe
2224	msedge.exe
2224	msedge.exe
904	identity_helper.exe
904	identity_helper.exe
4180	msedge.exe
4180	msedge.exe
5736	msedge.exe
5736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4836	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 4580	2760	msedge.exe	77
PID 2760 wrote to memory of 4580	2760	msedge.exe	77
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 6136	2760	msedge.exe	78
PID 2760 wrote to memory of 2612	2760	msedge.exe	79
PID 2760 wrote to memory of 2612	2760	msedge.exe	79
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80
PID 2760 wrote to memory of 5836	2760	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1BoCUm_C_Zsj83moh8k-eOiPR7tEw7ucP
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xe4,0xe8,0xdc,0xe0,0x10c,0x7ff9eb293cb8,0x7ff9eb293cc8,0x7ff9eb293cd8
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,17191666102272703237,16976033767349266663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5780

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9d1d6d6c03c80b1b91a507ca012354a7

SHA1
1b79e32155d7d36c338a7c777e1495140e072250

SHA256
f9eadcdb04e0d7511ec6a2b3b3ac7c05d5c7a97f1c850548821f7c1f19407522

SHA512
580e9264d2ff48e67d449e7963d9b716b646554e98c3eb8e3644e4ea7f7a7a61329a9d5da558ce121c12c344fd99ec629ab491cbfcd3048336ea2a3c594afe5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
211b8f966a9415ed532490a29fe1f130

SHA1
9aaaa944fccb531980e02183fead2c14376c1c23

SHA256
302709fece342bafe406f361583499a90236ea2e0e6f142d0b0fddf5960a6303

SHA512
b765a9b07dd6813d1d1306e7c6d244abc7c05d44d9af661fa88b1cce7c26918520f92803994c23aa46265873f9da538360b3b8bd27e7186394fa79497715fef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df81c5412ca2c08a27e1a44f44eee801

SHA1
2b7899338f41c075cda0f151b7b910f63a8c365e

SHA256
26917c018fce02dec0d193f9b4541f8e97d8b4888caf55cebc2617611053c95c

SHA512
314743a0f96a83332e7ce200dd87ab8dbcb8d67a9339405bd863807c38a991260d48475ebc104fbb9f4c44c6aa3bb7fd1ec62ec25b21f01ee5aed6cf02d8bc70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13e20fd1d8ef88e476e13305607b178d

SHA1
83706bd9606f68b657dffd2727f086361ab598d8

SHA256
e129b8575b59fd5bdcd960684d064977662f46e8771a522fbf13ff038890387c

SHA512
2847ab513aecb7bb49627a49c09c1b1a0467004660fbbab999e1d4a21012f42c97a996b28a7b016da061fc6c51dda9296966b62f456fcc0b2e3f33e5d6df4409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
64b888770df198c69377720116f1c5e5

SHA1
a61c8b58d5c5e9868ea940e24f2fff80eb2d64e0

SHA256
064ba824fd44cead426881b179738ffa3c65699cedd100e08b1f36795be3caa8

SHA512
f686909ad5837307f354c35450c59800ce5826cfad41117ff6b31dd5418405bf27710a4b617915efa71573f5c0328ff1e31fd64caecc93f9d9597a7d9d6b2d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
65f505a9d198a9748a6c00e309896c13

SHA1
a7831d4c175ee40af9dc0b133fffc0d088fe1bce

SHA256
b2a1960a22223fcf16e050296996ec7364b46b8fa81ba1b84db544af37bdc8f8

SHA512
05113c1bab4a54899a14b643f4d1b52aa6672a849e140f7ad0813bbf8edee5ad18ae97b16fa52ad3d0cf5aca280e48195e3bc93922103b8953e2c2e7e48c7654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589fb6.TMP

Filesize
1KB

MD5
cd120fdb5b940adc633644ab20793d2d

SHA1
334a17e0bd5ce8f47f0d1dcbbb3f5248b72ccc16

SHA256
2c7b7855e25dc14415bc0a0f64c9ed0b9839a382d07c2e68257816282cafece1

SHA512
09dd5c2f729d31bfc65f1bcc6f6b92114be789a7edf5332b90ab946a0a669cf80ff66793e1eff0f6438623eb93de7e90f55818d0df41d028202084ab6524d023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0f115d12ae8efac900a1e22569c2755f

SHA1
dcb47ac2bc06c7718ac17e72ac619fa27037d260

SHA256
be600a2aeb3a230bf956f31192b87dd4fae7156729585546732545a4aa693240

SHA512
a8b066e55f2d05de37369183fa937bbccce4ad436b00a422054d7375b42fc554f96a5430a2e478649f4a4513731751bfa8440464fe34eb732ed53f9c145afa25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a193a4135fa0ad3114ee9e73fd267c15

SHA1
27e68176d9902e7fdfc63579ae7916b5f5042565

SHA256
11130f86fa5dc8ec93f90bf667b3e67969c51c046e568b4d0799105bf50f8883

SHA512
7ba27352137ee30c7743d5e2593b00d4deb05f462675e73abbddc01cefbd7b60f04fd1f00ba03025c4be28817aebed35a084e7c71a03099a5ae4d082bcc67bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
82ca1d45385e2bc39f5174fbb48b3f75

SHA1
5377de3debd72f5d9bafb72b648f8becda3450fa

SHA256
b8d7af057334fbdb5fcb63c528acd5a8fb624514e21bfb8f891ebfafba598691

SHA512
ce7a907dea20a9a56abb8eae48110956c3c77e922cdf253ffaf3326e3a8a999f6aba5d5c5aeef28439ae6de5747379d713408f28186739bbf53db5697b7beccf

Download Submit
C:\Users\Admin\Downloads\VertyDayPreset.ini:Zone.Identifier

Filesize
186B

MD5
8bd8dd45c95cc0f14d967b6727c9c94f

SHA1
1daeac2ce8041ee6f1e81edcb60da15e8738c3de

SHA256
d3f54d94098c2a069399fafbe435ff52d3538bb329e2723fef50d95ca32e2cc9

SHA512
f7455b608320cd128cfb70355cfd83a684bd0f55d71873dccbc58eda8d9fbf21ead0e429fcae8499310ea206d3e5a57f87b19756998000b4a0c365a1771c57cd

Download Submit
C:\Users\Admin\Downloads\VertyNightPreset.ini

Filesize
16KB

MD5
701470767c82125b969dbb1be1760971

SHA1
40e6d9f494295d71b3644b64658e47c2c9bed015

SHA256
bd0bd9c549c4560e035eb314fddafa5eac23cd45360cea331e69c3bb05698bb2

SHA512
e6d9a46801d06c463d72de9164769e7b786cebff24fc51d426bbabc0e84a18077ec9f100020136a77a259fe8a18a712ada965899f33512793c519c0e2398cd0a

Download Submit
C:\Users\Admin\Downloads\VertyNightPreset.ini:Zone.Identifier

Filesize
186B

MD5
85e39423c67cebc76074235be96a1f59

SHA1
f810b8af77190117eefd7765471e7766d1f8d2bc

SHA256
c471638eb45cb765848d1a9356dd1cbaf75de0650356c8ee472928524eb60bd3

SHA512
4d3ca891c03bc7869ff5210ac0f0947b9b98b71539c97990a82e5d5963e306850141cd7a714235a0bc65c3fa4638cd25403294af4248642cb13d3bcf08696a29

Download Submit