hxxps://drive[.]google[.]com/drive/folders/10mfTZxIqfpKXx4SNbbvBxj2e0C6Fj2ob

Analysis

max time kernel
149s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09/09/2024, 22:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/10mfTZxIqfpKXx4SNbbvBxj2e0C6Fj2ob

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2244	Minecraft2.exe
128	Minecraft2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
1	drive.google.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Minecraft2.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 770617.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Minecraft2.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4728	msedge.exe
4728	msedge.exe
788	msedge.exe
788	msedge.exe
1364	identity_helper.exe
1364	identity_helper.exe
456	msedge.exe
456	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 1412	4728	msedge.exe	80
PID 4728 wrote to memory of 1412	4728	msedge.exe	80
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 3556	4728	msedge.exe	82
PID 4728 wrote to memory of 4864	4728	msedge.exe	83
PID 4728 wrote to memory of 4864	4728	msedge.exe	83
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84
PID 4728 wrote to memory of 3040	4728	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/10mfTZxIqfpKXx4SNbbvBxj2e0C6Fj2ob
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff816e03cb8,0x7ff816e03cc8,0x7ff816e03cd8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6736 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7036 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:456
- C:\Users\Admin\Downloads\Minecraft2.exe
  "C:\Users\Admin\Downloads\Minecraft2.exe"
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,13503541404829918452,18432589319086561126,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3484

C:\Users\Admin\Downloads\Minecraft2.exe
"C:\Users\Admin\Downloads\Minecraft2.exe"
1⤵
- Executes dropped EXE
PID:128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
28KB

MD5
4dd36552638146f0db4bbb586d77bbc8

SHA1
40eedaffe7ae31d329d039266ac9d0e684abf7c2

SHA256
f6834510e1a68c8ff59e74df570dff297539a877ae77f26438a729d7b4a3b140

SHA512
2f2fcff9cf628a64b0d92944fec0665d2ab361fdc670ec62cd69d4bcd48f39d93fbce17f60cbdcbc51752b536f6eedad2913eaed2f193c80bf5723284d366c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
01bee62a1b673b469b25513601690b98

SHA1
ce992c7ccead3449fc05690565ffc2b99168ff94

SHA256
c3302317b844cd7de202fc440a5ac3b78b1203f77eab5a6bb9a4be1b4aecd4e3

SHA512
60d59632f6f75a9b1d3f7fd2858d65ef771aa4a636023e3d43c86f378be45a09d0127760d57e96aaa8417036e471a6242c3f74886e9b059c827ea0a4a76e8afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
98602582ab03ce1bbcc99dd7ab0ada69

SHA1
b0068ba983802bf5332783655510bb9880ffe07d

SHA256
a48a86e5298296c0ab4ebc4fe0dc5e360ca54a7a0fa0f5a8624ddd35a9d7c329

SHA512
9562e7c80f8d82fd94d3f802386a94deb83f52056ad6e21f82c8109cb922341c1303b8ee6ac48e89f26bbb47540e5723f10a02ecdf9a39ef2c364485a821a7ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5cbf4b32788a65aba8e8c80cbdd6c61a

SHA1
54fdd87fb77974206c3389e5e5b02a4992496e06

SHA256
47dddd02227fd44fab9c0dc5321f4a48936fd9196e8489e22c5b7e6a9a66a8e4

SHA512
a091797f9b009fc28fb7dad58b8d756e7a79b25de1f58dd83be0761b77b9971dc35f45bf536aadd36345e0727a0efe07f2ac1161c3779634ce029e31e63080ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
997a81b379a1c76d1aaa076cf718c143

SHA1
83f4b44c426e968dbb039f73968d88057689740e

SHA256
8b7ac44432afdf8a991ba810b4ff7d846951a7afa3006a5d9afb6602d6f9758f

SHA512
57f2a8cd008a146423f216c02cc1d96401b9d5c766d34423d4925617f2986c40cfa7d0d942bc839b12e869798387064dbcb1f50b70770fb7b2ff7392987708ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
864ce008eb76a5f02a83fbc7dffb306f

SHA1
77d92308310e9cc3187b77abedc86dc76fff6d08

SHA256
ba551f61a1421b2612131b0efd3f095f87a820641e706564818754c77e31d7b0

SHA512
4d6e0ea30c1dc2a9a5294115992619ab4daf4602f66a182d68f32323ed0f355b1ff62a7620af3e686540e94c506c70b5f955e9bf327eba0d0479b8f4f3c15d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca2725915f136c5924ef47683b9672b6

SHA1
2df1d30a254a4f75d14c7383c6524d862d485a59

SHA256
712292309510c1a6bb3c6b624e7f179997dd2313eb7dbad010a5fc8975d86670

SHA512
63e32f239bee52d35482f64edf5319d7fff07012f19d853eda7d075757f050f6c2b1b6eb5819334c22c8c00b63ca078669306789fab60cf4ef78d9f24110669a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03134ce812acc88ef9182e22742c35c4

SHA1
f7d571953ba086aa83a50875d9d8ecee7752b2aa

SHA256
99a0c0b2ebdb52b3571f845b1d2d8a8ae8309644e812dbb038b6483b508afa9b

SHA512
2a4ee740caa298c1e6901a05f8dd55837f4626a83c2322208bc6eeb658041cab75ca339980d8f668ae48629b128fdebd230bdc74de08817fc7d451e9ce7ae35e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f951272fee43a25662e7a79b88864b3

SHA1
06f0948ae000e29236e0670fa865d8c0baf8ad6e

SHA256
3454a50093a00004959bf5e53aa35b9ff587eb3581416ce45c4e0b62618c6ee9

SHA512
640a1cf9bfd65c75b14017372f68291713d70e2ece0b6f4c58cff9cd5f89473b1cfbd3bf83d6fdbeb47033371b6e4bfd3af5c5cb85b4feb768fa64793eb45c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
999bb04e212b6b804efca11988e6b9f8

SHA1
a94ccc87487925bcad1c9e808a918ce5036ba654

SHA256
d7c4b40038e44b5e00d562fb0c9abd31b7ecccdc67a5329b7a99970f4dbee8dc

SHA512
cb18e154db3452b8b4e99347d6a9176a9e65af95f44c5640fd545e77304bf8623dbca3b805dadfdaaaaddf383d7933d17b4a1235e053b3de7dff9a3f1c958bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f947252c58f7fbd6eec47283e92a8ba

SHA1
36041d490203f6a35c4fa579a11add2fa4417de5

SHA256
5e9c62184dd61360a2c5720ef814238e23aa90783d87773de2ad57cc5ee0288a

SHA512
7e4a445fee0933ccb57de038649151c54c4c2c28cf43872d74010a1e2052e014fa586a44b1cec65def303fac7d724afe7ae521b53067286441efc88dfc762582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a09cb4ff4bfdd6cac99c905830160ca0

SHA1
6bb8e78422c265ea1346c52d3e95e4284c8f6455

SHA256
373585d33b9db49b8920bcc619b33c8d7efe26c982bb4d1683dbd4f71494b0a5

SHA512
b24a9dda4bd6fc70d2a20cd451510174c9544c068a1c9580619416ce689d2f4d1b2e179b4ce07cb612d40c24960f382854487fbb65ab4d58e4d51bbb9edbc03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
623cc89546ef25e1cf4af59000b4b62b

SHA1
d2414f5c17809194af16dce07a4e28d00e890f1e

SHA256
91ebd2f52b29f9a8033abed407aacb73b8910181c7d701d96537fffada4fcad0

SHA512
c3e05e0f6afacc3944826c9b78d8cc0aa1919473937fbcaf5d22d2044cbc381bda661e95b07237cc1e80bc58bb03902990894a8ce891f28aca31d4a9f37af403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f721.TMP

Filesize
1KB

MD5
f46ea21c66f8434b349992c9ea79b2bd

SHA1
1f9fe08dbd569e7668eb5360a50216a7f0f034f3

SHA256
54e7bb941318984a85a93182b29ee187f272e3ccb0202f5400cdc20eb91a47bb

SHA512
e3ad62a53682e780a1fe8bdade8f419c45b16eb5a91eb4c15b8270a6106de1e5c95356f371ef5c701af7663d110a43727d3d6dd0b070154b252417f3c9fe72f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
66d34521f73784df5b5181b22255312e

SHA1
9423eb416ceacbdf924483843e2ac7de539e3e79

SHA256
eb2648bca31bd3610998dc5f0022a2c9559cb751d48eadf2f5e9ce915448a4b6

SHA512
5975efbe80fb8749fb22519c91c2dcd1eb905cb678a715343cf84cee72c43d6ce9a7489c1edbad3f272daf4d0c565312e674784a4cc9f67b658e89b090ff7e8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
66ccb63299acb9fa34d1e46f34ed8770

SHA1
65efdd096293393d9f2d74449ad52a638ed8752a

SHA256
34957818b35b8683221c9f88a0a281bcf444e62bf4b7cfa066f964fb557a03a2

SHA512
c33a59af994ae60d9d6fac77eb5d1d5878b7bcb8b6e1dda157465c0c2c81953de49d9dd6f8bc5ed56c2f4fd801dbfe2574183a59afd7566f8fc5366401bafe6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
281f75b7df0aeb2d3a2b9494bfe1bf90

SHA1
9a88b898252ad9ac83d66bd28891de0449ba42a2

SHA256
12e68d0766ff99eae894db64dbb4a692d702cc2c8fcb0a5c9497b5001bf2ef25

SHA512
ec27b9c606c53cc0e911431aa4791e2e62050a6dd066a637d66d5f66f1f53c6ae121d1a8ff16419961a3dc2ef1190a133bf0ae120c5f64c9d23e32867c8e942a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
92e4cd4a57135d7e49cf4450a775ca7b

SHA1
e60dde30e78fa84c70d6e2a2af61e5871a41d1a1

SHA256
4776d30fe3ee89a446fd20333060a7424c3760daa860040ceebf58df9369a9f7

SHA512
c514368110c8015cedc0b404fb60bb10abc634f77db05555c7215f9ca4615060f076911b18f9263929b29eaf241d77a2388c0f0210e4962eb7a3a96a6f6019c8

Download Submit
C:\Users\Admin\Downloads\Minecraft2.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 770617.crdownload

Filesize
18.0MB

MD5
ac48212367c7ede82aa179e9b0265436

SHA1
88ae278ea411d4175aea0ba75b71453c6b6cee0e

SHA256
6ffc46accf5539368ded9f1fd0533ec258e9a5097214dd8b82f35c31b7d45893

SHA512
e85c0c4a101bb2938b75614fc611e21ce9ca89e7c780c0eab60bd340d6e36c62bcb896f65d42f7bd826aa6b1b8456a5c7dac3519471705dc3f7bfd79c26e8d40

Download Submit