hxxp://drive[.]google[.]com/file/d/1LQimdJ5-yHgc5QxkV40JWeofJ4Sfbww2/view

Analysis

max time kernel
146s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
24/02/2024, 22:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://drive.google.com/file/d/1LQimdJ5-yHgc5QxkV40JWeofJ4Sfbww2/view

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
11	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\FL.Studio.Producer.Edition.21.2.2.3914 HQC FIXXED.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3012	msedge.exe
3012	msedge.exe
4968	msedge.exe
4968	msedge.exe
5056	msedge.exe
5056	msedge.exe
3132	identity_helper.exe
3132	identity_helper.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
352	msedge.exe
352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 5052	4968	msedge.exe	79
PID 4968 wrote to memory of 5052	4968	msedge.exe	79
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 676	4968	msedge.exe	80
PID 4968 wrote to memory of 3012	4968	msedge.exe	81
PID 4968 wrote to memory of 3012	4968	msedge.exe	81
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82
PID 4968 wrote to memory of 3472	4968	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://drive.google.com/file/d/1LQimdJ5-yHgc5QxkV40JWeofJ4Sfbww2/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ffb484a3cb8,0x7ffb484a3cc8,0x7ffb484a3cd8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5656 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,9687200186049147743,11923075500056658147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
f3199a212a2ce2d7ec6db9d23ce10d3c

SHA1
e82db9f68eada664e77b7d31d1e52f058a21b887

SHA256
aeb95401d8c88c659f4f79af55687bb51d816cbf862abc05d4165f77d1273c61

SHA512
5529d1ae97dea89ef63fbad4131782ae486888ae72e188a656179cd05e28ce71fdb13011028330a35c34dc3b6a99e99e288f789fee1a0da5b3c211cc81f60403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
975c2b13394d774a6011bc12863726a1

SHA1
c395392a19975aa80246a50f106784467a929c5e

SHA256
92dd5ef4790bceab06a2272230b00143cac7c734d1dd0a69be3153af03744fe0

SHA512
de19d55a2ba3c98343c6314fefd0636d3757faee7b6f56b0d6cc4ae52dce29629697245acc965a36235ee87ace94f21c9ec56ff76f68d3241e1618350ef4c577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
37799930344d03427da528e260b9ff09

SHA1
8d2812eba72633d360dfd40d6f3cc9aaeb655ef4

SHA256
3e280cfb7b52482617f11fc62d9c836db2231e7c6abe626a505cfc2559c304e0

SHA512
7af26a46b6d89726d8933f247177cbb30e42763de5743d52e119f21539a8615801bdc98f3ee3c8f6d4bf53783e10d74f20b7fb72c5e4b219afb87e5312ba7d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f3f422074c5157537da4f69ff45b1f2

SHA1
e31ac9c7d7458049c1477124cbd655617c9eb5bd

SHA256
b3c7d7d4ca13d1299e8e85d3eb424d3442eca0e55e8579099465a2ae5838d536

SHA512
61f1366c1dffc3787b688aac5c6193baae1fe7595eccf0bfa61537439755d754637898cbdcd5d76d3b192a20fbe455fb04bf54b8b8be39abb8cf68ba5a82f6c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f6957b94-66f4-494d-99c8-d88ddd3a638d.tmp

Filesize
6KB

MD5
d491adb440e12a228fe62ba8bb746dd1

SHA1
64efa58b7f82317e4ce15057078541059d4aa351

SHA256
9aa9d4b5ab8c99b06947bfff6188f207ef65657ed61ee801d0cab3f293ace335

SHA512
0639fd51affc8738c9881988fa2d0dd7a7bf309bf51cebbc8b8ab3a9f24617c41d3c12036f14921714a2f080761f27132f9b3f516d1f077a51d77334185dc886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
20396c0ee7c90568b15da68a04646418

SHA1
ba41761370e5bbf1ce33f36c5244862ff1524bd1

SHA256
6317d9268b97cfc71da81f1c62023605aaa34886cd253c5a5bccd136512a5313

SHA512
c8ef7e036a1b9a9dc6277e71e0fe87bf54276975251267e478929d60621696fd72173038369194641e6cde5eb81ff6632961e108d19bcebca7b690e175357841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2c01856c1c631b8ab52d353c7cfdce60

SHA1
fbdaf75b464f27b50bdf78e44adc29c59e8910f1

SHA256
b64e9093bd62eefe4e0c78c7501f721067085d9ca00140ebbeb6a4276621ada7

SHA512
44bfc42ba3df2e834195c0ce3be403be327386678798d918ba2ccffa5da8689e2c1be007f9e2a75b5675a1e7ac26f6244d588f8814b11ec298f7a57d2f522fa3

Download Submit
C:\Users\Admin\Downloads\FL.Studio.Producer.Edition.21.2.2.3914 HQC FIXXED.zip

Filesize
50.2MB

MD5
828db0761d5f73b86d12b897cb49ef9f

SHA1
9dc3fc994408b33d033ba40ef6fb1f11e7de0c73

SHA256
452777f4f5508f062c79a97eccc1967a79c518436d3ee4575f834b394d845c1f

SHA512
9a69207afb14bd5c006e8b6eb37a632e5510747f2cbe676bf12ef54ce81d4f259b5f7fcba6f4c43b8cb65acbbfb5b914f4b4aab102832c93f8bf47be77ab667f

Download Submit
C:\Users\Admin\Downloads\FL.Studio.Producer.Edition.21.2.2.3914 HQC FIXXED.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit