hxxps://drive[.]google[.]com/file/d/1LCisvhkFCVgEIep5x_gCfYMipPIKgybx/view?usp=sharing

Analysis

max time kernel
55s
max time network
56s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-09-2024 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1LCisvhkFCVgEIep5x_gCfYMipPIKgybx/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com
1	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ezyzip.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
4576	msedge.exe
4576	msedge.exe
2764	msedge.exe
2764	msedge.exe
1608	identity_helper.exe
1608	identity_helper.exe
3536	msedge.exe
3536	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 392	4576	msedge.exe	81
PID 4576 wrote to memory of 392	4576	msedge.exe	81
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 396	4576	msedge.exe	82
PID 4576 wrote to memory of 3620	4576	msedge.exe	83
PID 4576 wrote to memory of 3620	4576	msedge.exe	83
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84
PID 4576 wrote to memory of 4880	4576	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1LCisvhkFCVgEIep5x_gCfYMipPIKgybx/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e1a93cb8,0x7ff8e1a93cc8,0x7ff8e1a93cd8
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,9460272179914456424,17228349749616914138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
e669e37c97479b12ca4c8043094d38b3

SHA1
4087507936db4f2916bfddbcf511a76903066ee3

SHA256
db116259162b682fa84a40ba059db5087a8655ac521f2eb91bc7fafd04510cdf

SHA512
84bec5418de2bd7a74301649a0aece36828e3756a3dd03ffbb9b30f122c71478e82f4fe604aa5bb4820c759a878ee23506ffd33f90ec58ddf08785715274dda1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
73db9cb29e33f0f505ee53fff72bdd28

SHA1
653b3b3d4ac22044553bc3484fba9f7ab9e2cde8

SHA256
44d642d8e29fb0b46f1338c1687fa05b5b437e7e196a4748945b57d5f5010aec

SHA512
ad4d2d32a1c57c72ac9f7b378b58062a3da044ef7e995c90d6a47a06df85880e037d216d2aa0c1c254bae3c52caebd941dd722e43b47f5adec0a68ca67f3a5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dad95b460d3cec0f6278467a87d0c504

SHA1
6a5fe4f62311be96e0242a715233f9b40a164d0e

SHA256
fedab2a1935eb4b9d93d602921b785f063ab406fd464b8792cb0fb4676bc0679

SHA512
12f8e0cacbe8a690017f33e97fab637812bafaf6b5afeb9934e8593243887cda0d035af00976088956acf15967503e12441e7826892bcda487a68b409dced446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c2138569f2146faac0fb181e6f1dfb4f

SHA1
cb73cc4885bc5d4b447bd361287b7104fd528a6b

SHA256
e55694297a13a6c3dad261823fc4a2be33e946e76625f31808ebd4f4e6a6102c

SHA512
3c79f9bf7b271402c22a03351d14a5a5b13b6828978a6e41696506d8fdd2f8dac5551cea0f382a6f19e81e3efbd140d92d2d55acedb5f0bb3f2cf59e26465539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c800b28c8a80e3ee57b7c197f565ca82

SHA1
0c8b5afd8ce8b35d02bfcb82323f1e982c876cce

SHA256
d753fe28053a4b4635ddbdbdb0e2b0bbeb55daf8f636f1637fff9fdc8ea1e479

SHA512
b299403fcc148fed02131a5f56d350ceaaf658c3048845ed0474bee276f171de4a687dc776d5f564002071558f238b729b5a547738d22077a2c375a2d885838c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a0d7ebbe9bd3db9429ff2cf8e8194b7e

SHA1
cdf727f1579b251020845bc4e5fcbb2552840102

SHA256
ca035702079934f801821b13e29dfad5571e48b74ea90420527526938cb3ab51

SHA512
5f3a80c947d83a5beec7524d087a254240d0727b9dcdfdfbdb3354ee2fdbeef088a3f5f1ca539994b8e189652cf35a498a25c22a75ee6af9b17ff248fbc64bf1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 773220.crdownload

Filesize
16.2MB

MD5
f321638f5a0b46501771fbbbd273762f

SHA1
43773959b2c4b58e21950bfc5e8aef32139f4fe8

SHA256
e3028023882cea44433a22e2f9e1db263be1ae20c0b9da655c77aefed25982d5

SHA512
33fb54c5d69793b3482087ebcec9eea6faf24dc9faf6847dfa9be716911309f4d95a657b7746826a93ade9992713c88922de10bdabc806fd9d09c45953c2bdad

Download Submit
C:\Users\Admin\Downloads\ezyzip.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit