hxxps://drive[.]google[.]com/drive/folders/1VTcYbmiGAxZCJLCQ6QGmLsNv7PpSEAEW?usp=sharing

Analysis

max time kernel
91s
max time network
102s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
25-07-2024 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1VTcYbmiGAxZCJLCQ6QGmLsNv7PpSEAEW?usp=sharing

Score

6^/10

defense_evasion discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
7	drive.google.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\UnityCrashHandler64.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 12 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\UnityPlayer.dll:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\x86_64-20240725T144450Z-001.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\x86_64-20240725T144450Z-001 (1).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Shark sim_BurstDebugInformation_DoNotShip-20240725T144450Z-001.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Shark sim_Data-20240725T144450Z-001.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 155363.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 697796.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 996708.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MonoBleedingEdge-20240725T144450Z-001.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 662494.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\UnityCrashHandler64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\_desktop.ini:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
4532	msedge.exe
4532	msedge.exe
1360	identity_helper.exe
1360	identity_helper.exe
4936	msedge.exe
4936	msedge.exe
2852	msedge.exe
2852	msedge.exe
688	msedge.exe
688	msedge.exe
3236	msedge.exe
3236	msedge.exe
1932	msedge.exe
1932	msedge.exe
4312	msedge.exe
4312	msedge.exe
980	msedge.exe
980	msedge.exe
2936	msedge.exe
2936	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 2660	4532	msedge.exe	81
PID 4532 wrote to memory of 2660	4532	msedge.exe	81
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 1096	4532	msedge.exe	82
PID 4532 wrote to memory of 5092	4532	msedge.exe	83
PID 4532 wrote to memory of 5092	4532	msedge.exe	83
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84
PID 4532 wrote to memory of 2820	4532	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1VTcYbmiGAxZCJLCQ6QGmLsNv7PpSEAEW?usp=sharing
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff49a03cb8,0x7fff49a03cc8,0x7fff49a03cd8
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3668 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9150984068479846208,3114590090446256308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:2452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaeb604a99d78c4a41140a3082ca660

SHA1
6d9cd8a52c0f2cd9b48b00f612ec33cd7ca0aa97

SHA256
75e15f595387aec18f164aa0d6573c1564aaa49074547a2d48a9908d22a3b5d6

SHA512
1091aa1e8bf74ed74ad8eb8fa25c4e24b6cfd0496482e526ef915c5a7d431f05360b87d07c11b93eb9296fe386d71e99d214afce163c2d01505349c52f2d5d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fe10b6cb6b345a095320391bda78b22

SHA1
46c36ab1994b86094f34a0fbae3a3921d6690862

SHA256
85a627e9b109e179c49cf52420ad533db38e75bc131714a25c1ae92dd1d05239

SHA512
9f9d689662da014dfae3565806903de291c93b74d11b47a94e7e3846537e029e1b61ad2fad538b10344641003da4d7409c3dd834fed3a014c56328ae76983a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
36KB

MD5
eae5fc6db735938044a4741054dca29e

SHA1
5ad3a1d30f1123fda791830cd373b9d9041a5663

SHA256
967e35cf9787773151cb0a3945617f4a25b0232c8af0b8b8db30797426c40d3f

SHA512
a996760ff518a4781eb2d5b6074fad7645b1c06fb98d1dac86c919b67d0e04289790a7e45c57c22b8ac28421b46ed299ecb38d6d979711bc95bf804f47c8556a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
1.1MB

MD5
c4264291f6977324a9f2b9f8eab663bc

SHA1
0c81f845222743f8969f579d70d923c22aa2c9c5

SHA256
916f9d3af7f8ecce58c4633f9fe7884d5d1341fc1c45ffbb36b846b67dc92ed0

SHA512
c1c404ecce2491b5de0ce9c1216f77a1c525f078febd153623f95041a726cebcd01401e79e6484411994966a2182ae7153d4e0767bd9a1e7c6e57143a27f142a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f0f8badeb3b5ff6d9c02a88fbcee2d2c

SHA1
1647588c5526a55f61ff29fb94dcdb048e42cefd

SHA256
5055d32a3192fedcc9023fe78ad2d2075e157283b1035604f5f6debe51cad88d

SHA512
821d86cbc956259cbdbd6b451681c111f102966f9541ec5228bba7d2a3d66b8c5df19bc3b508dd3fb7ae643d4ecfa8ecb6f4c7dafe4321d540002461f548ed1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
89970500371f57671a237699ad8209ef

SHA1
9fe7cd5201ce4714b2c7ed899e3b40640e69d452

SHA256
64ce171405b49eebeabdea985580a37aa4218c680cb4a763776a09801e6f3943

SHA512
0b240e0c7837bcda4812d14722a9675f24f6ee646bb26d4d0112ed91a3acccee4707baa7fa5277ba6ad274e3c44b60b52b60f3a74fabd42532fc8b2651dacb4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
50b6d8edc14fa5cc6b6458f7b240ba22

SHA1
f4a2fb04fc530d89f8b568f964c604cfbc0a02cd

SHA256
971601c6c52709d7560d621517004b5d0f29859a51b9d524e1e0ef088fd1aaf5

SHA512
59bd8141300aacf67e705a427b89abbdaf394a84ead16de5ee14010970c0739881ef858067cfb010098f306b2c7313c686bedc023856051e7cb9af5da170d85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ad6fee00dfbcf974f5e402da3b3bcb92

SHA1
4738f9d1a0df26e76d67add2b7623780e4a202a0

SHA256
c6b95b6a8cea1b2c57959baafc61b20e1eb86a2bf18a30dc3ec104a19754c089

SHA512
6d37e1ef8f11161888bc094aea25f994ced81ac1702af2066197fad8c91aad059779849f63368a01855e9ac6e6b7abed09fbec831af9dd34365e7463ef308a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e48a0b82d3434e67a148400fd65fe9aa

SHA1
0228f76e7a2530c39a101fe383a20009651cd3b2

SHA256
06162938b01c85151959e750e4af5e8844ff8a9746a5e70442d5be7d8f32b53a

SHA512
0ca87bd1bb757cc66c63b6c7db97783acb7cf3ebfeb5a978d2247a9f445d4188d3abfbea5b930bb497ba43d9a57f8c58f7b1cc3d830a125849296389a3eec5e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
143c36162131279950c6c6bc3e06ea7f

SHA1
f0b4f056cf481314a8ee45e1e31045d41ca04cb8

SHA256
d4f132f41296dd84f0d7f325682c30347cad8c2160c9ee210d1ea945f71d5719

SHA512
813c5989866e8fe00c9b730a4d3d7d97f35eadd4589e1850a8fb9802c41bf2d242e39ee829c207df288f10bb123dc4c48a0b659a18183449414934a2f3da458a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6745126bb9fedc32f4424f2b78ddb65

SHA1
a6ee514de96de961d23effe6e67f6f4b33f7b12a

SHA256
0a63aacdea70a8ac652af5d46c97b68638d95a9b3d8bf3fd368b853ece9df148

SHA512
5de1cbb2a34a383f56f0bba8f863d05bf6916acafbfb6c47cbb6f3440fbf04d488bbff08e35363bcca739dd42789560f60f8278c3fe76b807b3e61f37e682ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8161b67d083bfc2310269cbe4a0e95be

SHA1
ff77882379cb10427a5acb1ce88d84dba1dcf8d0

SHA256
76e815ae085e04c82866e20563e2834c0e85edde701bfe80078c9707ffe999fa

SHA512
f603884bc70144cf94c3f09750f6943474635707abcd10ed634fcc465847b8f35e1f90941184f1d20ce1bf37c2c9507721443da4da8c8c3a9ae96134425e5511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
899abbd5ae71c12fb633178381c7d2e5

SHA1
648ce09ae8ab80c057921a93fd3c5a7ed496edb3

SHA256
faf266e23a74fb027156d7409c4c0e1aba0a15da2943317a731d580595d36470

SHA512
5a0ff1b714d048844a9352da138eafe21c333935b7e7cbd1f3b4b9182e1e6a44d149d890721de0802c971ec0a1ed550d13baaa8c4f80e645a6dd4d46cd08aeec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e8c62aed1689bcbe4aeb14e5ab7b5762

SHA1
d4506bf8181f76719a0d4dccb76342ac5ea77297

SHA256
5845e48f34f3cc15e20e3368c4e399e7de2d05ba78f0627aa8cfaefe5ccf5ea9

SHA512
402546d1cc80744bf67c7e58018d1248ee4986133eed7413c6ce5a41db0cea7b3ae602ae4cb7460f46cf6adb5677a92c7e3ccb0a65e3f5ae8da28849555537a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4f20878a959e557f424585a2bc7b105

SHA1
ed82717c90edd8c1bbe62d84ae8a55c04c83c915

SHA256
8a127ae99311b4a4114cb39ea925b799d55d1a02837d193c769dc0a7b98ea7de

SHA512
b35813190a4d59a4910ebe3720faf35da67acb398f5b90901547e3bd9f1cd82a72b95cef8e991b8cde093f7f60b97f1f651be8c9afd0615ccd3cd25a9d411192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bf06d6b96333ed5fc2c8136cf386a40c

SHA1
28dcf3c150dfc707a40b9466b45dc0c90fd894eb

SHA256
8a6f3ad80c65c9d29a94c16e063593234a01e4694e0a355fac825d0ae217f6de

SHA512
2c74cf2952c341f2960eb0f51b5f0c52bc7d48db396e0cfaba5eaf14f48fc266073aa56b4af7b93200f99f06c3af74bd714c3efb67f10b75d524162f66f614a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585bd7.TMP

Filesize
1KB

MD5
924f19b62c2939236457f94d8408f857

SHA1
8cdbfc5263d9a9f0d753f35784d8f21a56fddd55

SHA256
8e308de4b09864a6c000b120ac5534b089a9e8f7a822ff2c0f3e687731e884a5

SHA512
ba9b49c032049e096fd991e950e876eb6d41c78cb764634f4dd623369e19377dd7c2dda4c7ee74dbcff723194a8d523e4f6bb7d1b54aa5d620cf094a6be1be77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
923a9d2dce32b86c5456dad23d43ad59

SHA1
694001bc38cc455187c5dab93c85cb7d0a51e952

SHA256
5af2f0bd473aff426113a2cefcd7e4b0f3894cf8b8e5d73c74e6a813209eddb8

SHA512
7e9e049acd27e8c3a02e5bf20ab33b29e6b762c27fa75adb3f7f200014c04c2678f1674c737e1bf4372b2ac1bb00cb1a143a34ea41dd0f46a7503f8ee8d7223a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ad53e2c1f35c9a330d7e600ff46f24b

SHA1
a703b6b71a6b7f75b5ea2e89fdfb7988fc6661f9

SHA256
42ff149d0b0581e8ecc14c966955939e557c9c85b37e252b83153f4454bef892

SHA512
9287cc97a91ec0f7c57ca72543344dc8816903e808e3e305d3ddcd216605e5b801e8365707554aabcd5959c6de2a3749df5dd6829043191fb3653084ead0709b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
973502b7952e15d3a389c4c9a81778b7

SHA1
f21ca9799bdc9d99baec3bc0ea0de38d632f0740

SHA256
d2207fab794ebd711a760e3e3befecfd44d08e775e6c649ad0b7ac1af8373420

SHA512
2d2acc785752043ed85c7e2edfde09a69f47644829f088215b31dc76313ae88c7a4fa8563f5298761a4ff03d569d27f9434b69db2dcf0db72f4483852d87f41a

Download Submit
C:\Users\Admin\Downloads\MonoBleedingEdge-20240725T144450Z-001.zip

Filesize
3.4MB

MD5
97da8e29c5c90f377cb85a43b385d573

SHA1
09ff8f99e49cc89371a7224169b829bdbf36497c

SHA256
f75980cc80d7eb5a313bc43246d3ce78a41c828a187467fad15e5b7c6adf72b5

SHA512
d6c805c3a6b54e406c7fa36fd928b05aa9d3e4783e0d4cf7fd0674c974ed572ba2b80b03d4710c5697564a5f3757df407033ac8528a9f27a7171b9e438d985a4

Download Submit
C:\Users\Admin\Downloads\MonoBleedingEdge-20240725T144450Z-001.zip:Zone.Identifier

Filesize
220B

MD5
6a0d0b97d9f0aef23ff02b16fcfe6071

SHA1
3e0bd9af330bfe63e576cb67130f533ff17cd234

SHA256
713e0513ca494ac953fcd07062eb7776af6252dde6a0793db01b68071dbf8954

SHA512
6f79686668e092f52e0c39e6e1a74885b455f4a871b7ba953b7bf5c052037af4fe9a2898e0669def3f4ce50babb2403ecfe6dde950f81067b712a83f56702e66

Download Submit
C:\Users\Admin\Downloads\Shark sim_BurstDebugInformation_DoNotShip-20240725T144450Z-001.zip:Zone.Identifier

Filesize
220B

MD5
0c002c84c5c767bc99b3f342eb35f2fc

SHA1
ddf7aa3355ede6ca8bf2797279b012ff54db68ca

SHA256
8492c3b40683609685c292c4bcdd419f027d7174d3d6cb8f90dc94d3a64c59f4

SHA512
6cc2e50629491ea4925610912889c27e9f18bbfc822e0b86da0b9e85e1773a54cb2a810fe46d3972db735eeafd8bd2b0f816ec65eacffc7d4e39e23a4c0e2d7c

Download Submit
C:\Users\Admin\Downloads\Shark sim_Data-20240725T144450Z-001.zip

Filesize
12.5MB

MD5
00dae16716c5893001bcc25a9f41bcb1

SHA1
d2817282668432f13085fcc8832879d1bd66e546

SHA256
ecca92c05c11ed7659f09950bb45ab1366b441f68fa41b20e75f0f42a2ebc4fc

SHA512
26e78f22a13047b9265d22a40aed2fbf719e46950f24c76d3f8966c3b87a8221ae14670316c81f0b689b24434290412f5ebd54ee4146ef8163a453a03e793c0b

Download Submit
C:\Users\Admin\Downloads\Shark sim_Data-20240725T144450Z-001.zip:Zone.Identifier

Filesize
220B

MD5
57b516b0ca632f14811c3b43fe264a58

SHA1
e15b420c87702543b721a163b565e103145792c1

SHA256
20b6343564b86d0226e30538bc76a60d4b6f2bb3d4a77e24d973868c6cd67fba

SHA512
c5e1eabb19b9afad3b49c0d1e7e9d92c303ba12b3387743ece1d67811d887b4245cb27741d213905d438115e7e43b43bc5a2dcee9838a777821fc8ebc3c4245c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 996708.crdownload

Filesize
651KB

MD5
0a3a99cf32005cef822b21f126b21192

SHA1
ecc6242584f41a7c554c82a5a0dbc155c8b80f55

SHA256
6adbc0698bc3039a09e67a1cc21e3b1b16f4857d4086fcaf5bea0cf232b8cef3

SHA512
abc1ba13ce2f631a5cd4842ee1ad35cec94863c6534b8e5d13e7c428e7f782f3a2cd3b2742b1eae783e7083f4728aec944c1a070a332a5b86181675d86ff7ae5

Download Submit
C:\Users\Admin\Downloads\UnityCrashHandler64.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\UnityPlayer.dll

Filesize
29.5MB

MD5
9052036704c83aeaca5a27602d582397

SHA1
0e8f632c6a13fa4a9864e6e2e556cc6b4874f68c

SHA256
4f03d3defdac3a36d59e489fa32dfbc7401e0968669ec6a9831f50835419bc07

SHA512
9db6e5d881f5cd649a42b151001d54e047aa3dcd23f6b6cc83a36ea0862534f1474dc69d6707ad399c88e27da59afe8cddbb4850f6a7883986a09cbac2e0225f

Download Submit
C:\Users\Admin\Downloads\_desktop.ini:Zone.Identifier

Filesize
186B

MD5
5ab5420caed3ec7d9e9cc499a4b4f659

SHA1
abc94d7c8832f53cbcea76f77bdf0949214bc59d

SHA256
a61fef6ece075c3c6e5e85bc7a86754de3341a2eff94d3acef4fa9e16520c496

SHA512
2156a38fb0685112fbda6c61b6846c17d5f44e5868e2ffed41375d9ff15d008d31ad4d1fa0078d3f9954470ac49eacfd751d2bb5f6cbafed6cc064d92928a10b

Download Submit
C:\Users\Admin\Downloads\f6c0a976-df80-46c4-9677-686e14b2a11a.tmp

Filesize
42KB

MD5
203917c655faf66937daf5f3925b9490

SHA1
7e2f188e9991b123b16070f38cdccbb6bfd724d6

SHA256
112506e9f6427a7b9dfc97356fdb8344a41a2d0619e45a3a6d7769a245be75a9

SHA512
8684553e7ecedcb788a11b07aaf752bca3768087ad435844dec9ab9d97b47213c3162a33fa18a71baaa59c51a57c4785f5f31e1ae0e2af2add6cda26d8a566de

Download Submit
C:\Users\Admin\Downloads\x86_64-20240725T144450Z-001 (1).zip:Zone.Identifier

Filesize
220B

MD5
5fcfba9d1ea853e84e023779a2036520

SHA1
27b50b8f21decf164d6121aebe1642d0bdf6754f

SHA256
73cacd4ab2bd8166fa72d859d6b9e07051f511814b59492bc8220bd1f96dc327

SHA512
8332ce7f70366404e24ec1c6d80965ca882f3fd7cb22318d29e20b6d9f86e0ac1babd9027305a68156f9bf7efe18ea790add10ad77a3adf0d90f5c3ea246238b

Download Submit
C:\Users\Admin\Downloads\x86_64-20240725T144450Z-001.zip:Zone.Identifier

Filesize
220B

MD5
6682922ae1dcbd3a1869276595f079f9

SHA1
fce03b567fb4203349492b7d4541f13bcf740387

SHA256
d9fbb10caea4ad88ab43fb321876b3169bb5267fb4366fe00fc223501aded12c

SHA512
59536afe44b92b78fd6e20c014484464026db3dc91d952c2f9269e84595d128489624a1bd2c215c3053c442d463004b08972655396480e7330a932d9801cecfd

Download Submit