hxxps://drive[.]google[.]com/drive/folders/1aiRSah3cXRCzBTYm6eWbaWaDrs6Ewh87?usp=share_link

Analysis

max time kernel
52s
max time network
54s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-01-2025 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1aiRSah3cXRCzBTYm6eWbaWaDrs6Ewh87?usp=share_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
7	drive.google.com
1	drive.google.com
2	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Soviet Records-20250107T210336Z-001.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
4908	msedge.exe
4908	msedge.exe
2272	msedge.exe
2272	msedge.exe
4524	identity_helper.exe
4524	identity_helper.exe
3868	msedge.exe
3868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 2576	4908	msedge.exe	79
PID 4908 wrote to memory of 2576	4908	msedge.exe	79
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 1480	4908	msedge.exe	80
PID 4908 wrote to memory of 2140	4908	msedge.exe	81
PID 4908 wrote to memory of 2140	4908	msedge.exe	81
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82
PID 4908 wrote to memory of 2120	4908	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1aiRSah3cXRCzBTYm6eWbaWaDrs6Ewh87?usp=share_link
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc976d3cb8,0x7ffc976d3cc8,0x7ffc976d3cd8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,7767454448995652063,16920302726764195938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2384

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c2be4db7b658337d6c8afc30650a7ce4

SHA1
bbd11c7e8beca9bcf4dced522f0a753da1fd5f49

SHA256
aae4047e7160d63e44f57c0f1069e6aed795b7f1e725b956b030d18d5d91eb46

SHA512
d5c0580c9a44a6da9394f0a1da0c91ae24f06a064a4017350751cfdf3457873dc779de0c165443a361b111aa97dc740c69db9c87483ff9fcc59d215d889c8e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f3c932af6c82a0db58f7f95a752e51f

SHA1
9d9c02eb73fd60d3e6307439ecc76862a987057e

SHA256
de583f6b5e525080935679f3144804d9aec2c9c2de119796bcbd3de8a1e4c166

SHA512
6f8b5c3c9fc4c9c5b22b4ebe2b7951f5d69f91ea9da1274cf795374a30c0f889ba2d2712726672adab11f28dc71584a0e608fff05c1983fb4ed7404b33cf60ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7ec0631c98257dd9d17151ba4da425c8

SHA1
245f99bf3b598e0a0e566e6be478e4036b566826

SHA256
9228385ceccdcd1e862f14fd4adda0fc5236c42b9b306c752859ce04bb70d13b

SHA512
1ed51cf9256786feb67fb3ac346d012e4964c6c2da4f232b632246be13d758649a2fecc3c54adc5f5d86018b6fe1e85cf55d3da785de592d1358a462a071a80c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc888bf46744e1a9adb00fd9749e0a2c

SHA1
43c0ef220824f50d19f591facae2f1b0532b4fb1

SHA256
1a945e5fea1e53b39752bfa5959c5be49f340747c774be5079ed765187932fe8

SHA512
10da380def73cd05d2c6d9ac889553060523a226beab1a2cbedfb52631923c46b839f06b7bffcc79421846da1712dbe7bf5194856b2edf0e2798969fccf952ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5804dd.TMP

Filesize
1KB

MD5
4d5d59740f08b9eb201c7cdb22dc7304

SHA1
99a37c046987fb8898a22a7b99ceb962cd65956b

SHA256
fc5e22fd5e25f49863719abef547e4e815e767f72cbc8d292917ebe4b5bdf633

SHA512
f71beb5fb9efbf340287a7bd7d4a8655bbe353624e35447945dd6eeccc132b8ffd3981b797d2fd6b032d3aabe8e54de678e65459484606bbeb24fc7ac74d0abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4cfac51dfd3fb13dfccd72919fa2a709

SHA1
a88ba49dfe21cc12eab34e5debbcf7da11bc3e63

SHA256
a799d26dd8d56104761c1a237e7d079d7cd3711c21d1c24198f378e72d7f35c8

SHA512
161698a6e8482c785dd7c2811ec5e49aae2d9d96fab524b577542ab48f99aef5491929bc0595adc435462926199074e204ef470a006935db7f4323ff04db906b

Download Submit
C:\Users\Admin\Downloads\Soviet Records-20250107T210336Z-001.zip

Filesize
12.3MB

MD5
3ca9e40dcfb8fd201ff51fa1cacf88bb

SHA1
6227f288d70506b5bc5e77bc073e2b9cfac3c31b

SHA256
75ef94f844559f81cc067cd0626c62209df6ca3e7ce93d8d628cc30c634d8a1f

SHA512
08270d38876c7fd7166aa452aa3f99b8a163f1b096363f6f29b203776abd5edf1e221cbd1e70c46eb09376f4fd654d595a230dad1d833beac8974187ec2bce83

Download Submit
C:\Users\Admin\Downloads\Soviet Records-20250107T210336Z-001.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit