hxxps://drive[.]google[.]com/file/d/1imWc3F1SkUfEmabIMjNh9iYtaon66l0Z/view

Analysis

max time kernel
25s
max time network
16s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08-11-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1imWc3F1SkUfEmabIMjNh9iYtaon66l0Z/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133755347378967244"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache	AppInstaller.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ibisinc.ibisPaint_12.1.5.0_neutral_~_sxbx2qs82h9wr.msixbundle:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
876	chrome.exe
876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3272	AppInstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 876 wrote to memory of 4240	876	chrome.exe	79
PID 876 wrote to memory of 4240	876	chrome.exe	79
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 3068	876	chrome.exe	81
PID 876 wrote to memory of 4572	876	chrome.exe	82
PID 876 wrote to memory of 4572	876	chrome.exe	82
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83
PID 876 wrote to memory of 3228	876	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1imWc3F1SkUfEmabIMjNh9iYtaon66l0Z/view
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0d71cc40,0x7ffe0d71cc4c,0x7ffe0d71cc58
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1492,i,17158146262317257028,10825866222306910345,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,17158146262317257028,10825866222306910345,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1996 /prefetch:3
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,17158146262317257028,10825866222306910345,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,17158146262317257028,10825866222306910345,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,17158146262317257028,10825866222306910345,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4268,i,17158146262317257028,10825866222306910345,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,17158146262317257028,10825866222306910345,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5072,i,17158146262317257028,10825866222306910345,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5344,i,17158146262317257028,10825866222306910345,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3088 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4396

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1216

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3272

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2cea45c7ec5c70cdad7ef60441713b21

SHA1
42a2336b87056bf40e63c577a7aff112ad512b63

SHA256
3fafa5e109e53ce49bd3141441d0c369e3a975966f09c3a5f0518dbdbd337a76

SHA512
f3dc5e5c0bcb8b5a6336efeea15b927864de37a650791e5313ed3da41d59279b2377116ae3de10a16c7726c2733b8ad86c8da8b8262de5c68c2e8594a2002a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
bd380fc011686c76547a027d980d852a

SHA1
c1dc680efc0106e6b725ae730d0a52a59dbe40d8

SHA256
0413aac81012d1536e4dd70966c7f666ea0a5b02b3e1a0fc1d7143740aacc812

SHA512
ee7267163cf9a31031ecfeae76c717a0b6b049d48911ca0a03a667d5ca108b2b06d5d2b73cab5fc3e36eeb665b72a88f0e3e5e7354ba0c75f294e0c134bfec9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d48c8d163a2ddadd77ae4aff4e2be02e

SHA1
6b4939e1a3ec439fd5e308c7c7f5445245a43c07

SHA256
65ac836bf343f9a67901065cbf9bd92751809dfbe745c6e1a9636db9e0303498

SHA512
2f39e0b72f82427cbac8cf15fca7078af7a1e63c88fa9c17e52e9e5162c8531fd343b63ded498212ba7205771b8ab50d8a16e2b360ea7563f988a9f4a1b03e2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2e299e0363c2af9caec2a27bb651476

SHA1
0ad6b7a1e918391564e1c2eca1f1f125b6c6caff

SHA256
fc83ac090284805abe77b8c2c9033326a9e81e15466b8c0dda383444b4f01570

SHA512
bd6ff3566f79da5075cbc23519082677cfc89bb952e29a70aeac93f373ec481640fb6060b9ea4cfed434937a5bb78b90a5d26f0254954c6d696cbd564e055249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3258d8c1b8b6485803924656f4167ce7

SHA1
3ea27b6422207717381892a5a2dfb1058314fe4d

SHA256
2a33f0ccbad8d8c013ce9b93b6e1fe4c5c3dda7db3220613a37f235ab8840154

SHA512
15c1ece5d03cbc94099e60766321d0558fd4d401c1bf268473960ebad689340df4522906d9b4a5d12c147802bd31c7cf3bfc2361b2c3e0640cf9a3bac4d6e174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4c768ff09fdb397f7715ef4887defb2e

SHA1
be2085dc30f1ae2e7cd8a26d699f5e8c2ca945df

SHA256
3b5c8ec4160c65a4b7dab8613dd4bc846a48eeabca96c912c35fc01b7baf7a1a

SHA512
5489f77d3f34caced9406bb3befd836f7e32bdad3a53313b6149a0bdcf0de34efbea8a243fec94c8bfb4369ad5887047ccd8ad48252be01843dd05f2156677de

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
885ef6927092967219b39584ebf25eaa

SHA1
ae8e192390190a655937562d7d5b997c5b3b446a

SHA256
ef90cf4c0eacee661ff91a5f36be49a07bdc422dbd69ec8d92c1b1d2e9f45a9a

SHA512
0ed69430f3b973287bdba8a816e4db1b6392dd54a9d7805d483d1ba599a31fb48a55abeb7a0a11c87917ee661f99db52b4a9dd12ead5de9f566a0dbbc08fe66d

Download Submit
C:\Users\Admin\Downloads\ibisinc.ibisPaint_12.1.5.0_neutral_~_sxbx2qs82h9wr.msixbundle:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit