hxxps://drive[.]google[.]com/drive/folders/1BoCUm_C_Zsj83moh8k-eOiPR7tEw7ucP

Analysis

max time kernel
113s
max time network
116s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-01-2025 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1BoCUm_C_Zsj83moh8k-eOiPR7tEw7ucP

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
2	drive.google.com
6	drive.google.com
14	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\VertyDayPreset.ini:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\VertyNightPreset (1).ini:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2592	msedge.exe
2592	msedge.exe
3200	identity_helper.exe
3200	identity_helper.exe
72	msedge.exe
72	msedge.exe
2832	msedge.exe
2832	msedge.exe
2796	msedge.exe
2796	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3960	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3960	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 2980	2592	msedge.exe	77
PID 2592 wrote to memory of 2980	2592	msedge.exe	77
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2920	2592	msedge.exe	78
PID 2592 wrote to memory of 2492	2592	msedge.exe	79
PID 2592 wrote to memory of 2492	2592	msedge.exe	79
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80
PID 2592 wrote to memory of 4812	2592	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1BoCUm_C_Zsj83moh8k-eOiPR7tEw7ucP
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffeda43cb8,0x7fffeda43cc8,0x7fffeda43cd8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3952 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877711603577044048,4818367351680983774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4008

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3960

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3228

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
16KB

MD5
701470767c82125b969dbb1be1760971

SHA1
40e6d9f494295d71b3644b64658e47c2c9bed015

SHA256
bd0bd9c549c4560e035eb314fddafa5eac23cd45360cea331e69c3bb05698bb2

SHA512
e6d9a46801d06c463d72de9164769e7b786cebff24fc51d426bbabc0e84a18077ec9f100020136a77a259fe8a18a712ada965899f33512793c519c0e2398cd0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4eedbcdbb4fa86fd57435c8ccadc9abf

SHA1
91a11c97b7131bdaef1e3e0770d0b456a4b69992

SHA256
451508b9f9976476af316ce4ec66306d94c98d95b305bf73bf951165821812e7

SHA512
54982c1a133420e3a4723e902130cfefbe4e2514e60910ae8da8c38c694871d33d1179b7f5db6e3d233de7962a25dc239a8128b9633a0ba164908a7b4d40caae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b8233d0173cfd6996ea86e32c34023c2

SHA1
ce1894bccdef11ca395517f1cafd12edf4d166bd

SHA256
4a2e2ab23865ac1664752d90b52f05cf36b03d76712a588316bb995e6aa842ce

SHA512
19728db285b915a5163f96d2d8296bac743a6660032bd028840d0d853f2e13c7cbf38ec28bf49bf02dd8c9eb136e0305891f75c31c9d05e614450652dc913186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5e8c0170a331fd2d394122c04a853140

SHA1
d102ee0539546f98eb2e4b8255eea55f168569cf

SHA256
b2d32e15e4615987a0758aebef02d54b5bd0077e2fb967f58bf1cac244dcdb8f

SHA512
264344ab291c2f754fe0dc6bd5d3f92a8ff9eb087522752d5476daf92960975742bbba9140c723e6bbb55145161e894a5d823e67a08c570aed233b4c03d3f5b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5ffb97b45bc4f19ff4e960de26811892

SHA1
1fb213ba55872e5ebe4fa76283a101185cc185ca

SHA256
5ffffbcce4fb581dca74892ca7149d8f04204b0ebdd3b7fe49ed68afb65cf460

SHA512
df52948c9fadc1ef304d845fab63e38c449dbe877ab0cea91c7e6dc7a5dfcabc06ec9cb96a73d070774195c70946fbfbebdf9290afdd24a52b37eb87f036a62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b1158a3b8c2da72786ab94bf58ff47fa

SHA1
e5b7bb4c5d9e635067346a71176bbe20a5073f55

SHA256
32d2aef808c57395490e54c61fd9997510ff6c4507217dca50de598f0bdb7a93

SHA512
e2cfff0d601c6dfa6ccf5caa0e6c7f7397ecf157bca8f78013ddf44c447ddf4cf9535bf4a9131d5227dee302af47e5de951f6ceccbefdc4ccfe3a7a822b77207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
305174389d5706f780918efc1bd39ede

SHA1
032c4a632e1e19498bff036623ef6a789400135d

SHA256
f584941f0ab022307cd7e003704b9cd85ed55f65176f0e2cfbe8d55514dd1a97

SHA512
fc39f4a1ae45dfd162198f0e8901dfc3da38db07354237c87ab2a50f8b1e087824e027eb3ba837adcd103eb7af722fa558ca9fa9596363eb65782532fc089677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8aaae14926a7f1bc9c672099284ea80

SHA1
b70688efd77c93d761eaf85ed3d7a0a7c1e142fa

SHA256
42e54f1748c75a4db69f62e9161a9daa5858167e1b92db735f976c6cc2f857e6

SHA512
ac675e887f055552fe9f00b18b3bfd9d256907b1ff2d124fe975ff9138e2f8f97e41354955716d9babf1753ec3ac15b3e30bd29fdbd5453e4b2c96e0f0e540e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fff52eed9f3d93b6b73c97e42d111a08

SHA1
3c4ef349bcc9d371d027a43c2f56f74ed22c3cd6

SHA256
5d57d9b8d2fa3346e96167bec047c7d0e0bb2c29521e31b3bfda48883eb83fdc

SHA512
0e3b54d3bc791ba85ac9cf68963ffda6d453120e3a831be74fb32dbe57bbadd14b1f5ef92edd8771b15a616c8365b92bac1796d10b2267828ecda31b934203aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e2d4ddc038a0d08b2cf150b92488feb1

SHA1
91287e7bdbd54f1b03c835cfd07adf77304f8874

SHA256
7ee4ef7201f1e155bdcde784e2bba5888489be095ef42760e801b1b5211776cc

SHA512
bcd7421ae808ded45b51e6827c7a8e2810fb77d812e46579398c1b1f6cc71b64d203af2bed82f45c3c777712280d9f795679329ff4f17f52da409e1a0d9b2fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ff40120cdc01f43934df8d32b1f6e1a6

SHA1
791ecc11879349f9f55bd46d8992a886c94b8be6

SHA256
60b3480c797e39af82dee6dd2878ce418f594a6ea7e16db41fcd402d8561aae8

SHA512
4b582ce6431b728452dd465da37178ed7ece69e47cf7f102245f326a55fc2e71b95ad5a88129602237fa47cd158c4e36d1654c8bd2f2151eacd72db85f2cdf12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587c7e.TMP

Filesize
1KB

MD5
843b9b13dd169fc0be211a8a23f536e3

SHA1
5fbe6d40860b9c796181688f1d49ad544eefe46b

SHA256
962c997c6904d0f4e8cc0a7533b7be0284317b79432655d9b6fbabae59f711c4

SHA512
69c395a7bf4255eea99e80170794cce35728e613664f64039813fe4251d430ab916c2c31c697af840ceaa14abacaa351495c6431af69ce329cd7eec761986c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ab93900535ee59abe437e170ae8da4aa

SHA1
475bac70abb5b3df9322ac509b0fd7736615e700

SHA256
29ba7bcbf33bc8d5700814a21f1003af1c51c013d8d8447807ee272efe95e788

SHA512
c12bfd055bd4232d2255350fa02c8c6c89e65e14764792913a4cd4ce23f77755b586cc4952bf969a98f57c5b963ef441029ec75ef4972b3d6462c6129abbfb5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bbe682fe7b403f1cb69914046f503ff2

SHA1
ba12fa1c19f833f1561a1ec7aae72629d4bf55c5

SHA256
d862890298f349f0b18f0ea9ce82123c367063970003ed1cf6b921bf75e587ff

SHA512
f950221c8e39da940bd5ad0699fb494fe2cb269b5d18cc4e40c6b1c495fabef8b8dc9338c39cf7b16df14dcc81d9bcb0d0d6fd400be7bc26c338117ad794164c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9a66de2644b499a2743b9622f01b8e04

SHA1
89f84c8df23197a805b0eda369343a661d068458

SHA256
ba1b0eaeea7ae9cccd6993741769d35cdb85d6fe6cf457e2d3f040b6d0d7353d

SHA512
df5d28b316fa871a128218d82fd1cc8137c1ff090b1f18ab2138f8b967f92b5e9a545aea708a2f9d4d51fda562f29681cb246ae67856cce14babbcae07d3101b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7849c8cebd29fed8213493880b65f7c9

SHA1
11836c1747994cf4e9bae22de6d7b067399bdfea

SHA256
0fe8a6c57fa95041da2a2398d25bd84730b21aab785a033dbbae9b889a56dce4

SHA512
4e183c8f66892203994f4fb273b7ac44a776a6b102dcd36620a10c7f467d7035445d1b5a1728fc140ddf32943547bec2c92600ec36486492ecf08fe1ce9e40b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\80386cdf-983a-463c-be0f-2cdd51bb22a2.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\Downloads\VertyDayPreset.ini:Zone.Identifier

Filesize
186B

MD5
7f441905518ee54ed6fda097b40acf54

SHA1
39943eceb1986ec646cd472bd781c6bf30c657ca

SHA256
34a4a2387afcb479609bcbebb5220fa982935661beeff59c86634f8298049200

SHA512
da78a67bacdf62730633828f979cd8034af3bda799571564102dbe56a613baa901c0a98e9e2d53bbb05b56de02cf03bc979ba4c2748c21fd104be04df8b29437

Download Submit
C:\Users\Admin\Downloads\VertyNightPreset (1).ini:Zone.Identifier

Filesize
186B

MD5
a283b6a7407e9d858d875f7ccba04a8c

SHA1
4a131f918501b92590d81912f9b03e32b41a52bf

SHA256
6f869d68e49c4bb02bac1e54dbaf6273c5b52713d5a3f04ceec9c743cc38aaa5

SHA512
f1b6d4b6648c7c8e68ae0173e0ad6584c072bd69a62b4789d4a3b1f40c2c1162b1acfa6371e3fd3dba520d0b7ba42a40e4028f5398e5859a3462b6a5d23fdc25

Download Submit