e84972e7286d4c97b224de4d3478606312c60db56a9a532c8ed600825fc236dc

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bitlife-life-simulator-mod.html
Size

175KB
MD5

50133ad1325baac1e92e148e7d4da5a9
SHA1

d805a274631b91acd99606c928130e67caa4b075
SHA256

e84972e7286d4c97b224de4d3478606312c60db56a9a532c8ed600825fc236dc
SHA512

d8e9b28ae3a894f024f6366ca1aaa38292616beff24e3b479549d9fa96d672b26c955b82431b9463808b569eccb2b27cc6620494f689deefed8fb7d3444b615e
SSDEEP

1536:JbThNHLHkh5ijYapj3x3GgvJ9IIi8UQ7ZHb046OJkeLNVIwB1NZHOE5aZJxLrBo9:lxXneQVYMIwhZzG7DxX8YvG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{1AD9B253-9846-4076-810B-833090E5E8EB}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
4840	msedge.exe
4840	msedge.exe
5384	identity_helper.exe
5384	identity_helper.exe
2516	msedge.exe
2516	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 2620	4840	msedge.exe	89
PID 4840 wrote to memory of 2620	4840	msedge.exe	89
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 4568	4840	msedge.exe	90
PID 4840 wrote to memory of 3560	4840	msedge.exe	91
PID 4840 wrote to memory of 3560	4840	msedge.exe	91
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92
PID 4840 wrote to memory of 4536	4840	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bitlife-life-simulator-mod.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8131946f8,0x7ff813194708,0x7ff813194718
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13308764539650554250,899355041806959259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2120

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x498
1⤵
PID:5568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
bb08497a0f2341d2df748be1f30d5584

SHA1
70923815fd1cf6624462814ce4839e2b5d674bbd

SHA256
61a6dd070c3221b693bc7fc87f69681c34c99c8ef9ffc314ae224e93941bae7e

SHA512
cc7a02ed600795d8ace4efd5794fc0f3e28fb9d86ff6d753a65e4e412405af15b1430751ee4afcf8eed0e27c902107be9e0ac9125b2bda25419d597e90b2137e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
e40d366ef411885f929474d8dcd82f70

SHA1
5ac45f2595fdd4610c90c39402b6007b91de5aad

SHA256
06fb4323f6c47dd6921333b32ef2d12e0f7989ac33e22dd1ab66ad813dd47c9f

SHA512
f5fc82838501ed76dd467c3eb9ab881fbeef751ab4642117485cce5b24681973b0c9720d9164cb1af062bab6f8c507735d97887a0dd29778b6e57c10bd6d3b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
32KB

MD5
3baf7c2e036abf00bf52d8e4a918e970

SHA1
0eb5406e14050dc41227ba74b64a38da778fe5d6

SHA256
d30dcb199ca26a9664a46c01b4eccb26f5b8682f04480d0a9d2beffab7d0a049

SHA512
c12875c0e5085f534496ca9f1f43bc4d5097f6d4d969f70ad1651bf01bdd4e9f5e27c93413ef0589c06c647c0a22d8c4b7a2ffbda2fe61bdeb84657f53a6a429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
1.1MB

MD5
0ce69a11dfd09b8a2ca58850bfc4d1e0

SHA1
df1de8879150e22e3a549fb901a854eed10d40c7

SHA256
7814c9b8b7adca821ff5905c4b1597cb3fd592ba5f0586be79e6eddcc4558ecd

SHA512
038c01f8272ba71f092b6067e2c358c3ff2b370013519c372e7c98871e9464d56f2960cc66f8ffee582cd5626150e621d022b88b6016f4a872bcff10d6f197e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
91c94d58a00afe2b4d7427ab208ceb1f

SHA1
59d9ec399c6b246ed8edd188b600d9ce589a37e5

SHA256
74306567e764e3833eaaabe594389e869019a4cd9f4a74dd9cf2aff36c8dfcb3

SHA512
a939a6fd2d0caf02df21ab58547cace0c88e582bf943058400a0eee6a15b1431c306dc37e8bd0f8c13fca82a9dab85ed546cbc9762aa01d379dd0af8ab1eddcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
22b04b49d0161357b902cb05ff496876

SHA1
77d1ad1d69f3387d142abcc2a36a101355b203e7

SHA256
c6a7576dca5e7093e120241eb0c5ac08e8540a1ea1fcf89fcecd92833e83bb83

SHA512
535348e1faae659dee2ed94d29d21aef2d3100da8f4f6863dddeaa66bfe9d4415dab0c04bd02cd7abfee0f14487bbd60f70dd60b04b3713e57c2b73ebe047988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3b0eed931009f7c05a9abca9f5b93129

SHA1
5fb7f3634cfcaf842d5b1f3c47d22e9a33519fbc

SHA256
7a6be3e5f7e0d24e512960ac870be9463198229e64447add2124088a605f0620

SHA512
6867f15db4ea2ac6ec89b5e48690af1c4201297526e1d157c9452462db3568b5808d3409b4f5b3d3e037638e82fd6d1eb94d6379ed7983caf9df2c86aca0eabb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd1de4c93cdee049026222446841b9bc

SHA1
e08d5bb98a7de1d37f20e8a5b6f43da8c879dd10

SHA256
79cbe16fbe305f46a696dc548d18070d6a062b7148548f2e731acd6e0ea3ed41

SHA512
b68d4b2cc5ecaa5096e862432ffb30f0c9b154212cdf0636443c396ca77c89650293d0de8f3ce1fb4632b354ba326f16dff1beae68fd9b48b88eebb918fc6a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3de9744a6b923739c44cf79cf67415ca

SHA1
92f1ab22b705a3203b35242c4836d14bc9c0b8e5

SHA256
564d2cb72e50b3b6c3b4663fc3202cc536b29ec19bb6bb6ce23b759ed7a57849

SHA512
b2bb643be53c91bf4e1d1bbcbdb83d4002bd9db205b5779dc108d2f0d5d2bd9b3ab9d73b719009fa16d747f1f8598e2433114f8b5837a03492b6a21535d9aee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
894684fb5240cb6026e67623790f9a05

SHA1
cafc83bb1726292cc1021c39aaa337b00d934e81

SHA256
6dfed320741cf6b3411f5f7adfbe8bdd6395ad77718344e686686e21f96201f3

SHA512
7faadada0bf2e26fcdeb3a195108e4a5f4b25761411208f392d2aa738226a90fbc7d1e050a5415cbbabfb07e74dc7cda0fa971e47dc27ad97235712c5e95f4cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
43b566882f666a90b3367eb8c65e0b39

SHA1
88dbbee2bb573e5d6535499bae7a11e508df9954

SHA256
23f32e6e5cc43009e4d39fe16dc9698275659993cb3fb8f505ef470febdf01f1

SHA512
95c236aa201d78ba6419329aaaae8bd19df3824a53895098522e0a61c25b9cfce316c6a436337fccbbbfa9b615cab72accf860f2644fa5090f7999efb436eeda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
867B

MD5
1dc15eb143da7d08031a3d6085f74ca4

SHA1
1088c1c1faf4fcd29c98104046996fa16ed5347f

SHA256
9a7fcff009b56368d8c05f8d3a8917b427320d8cfed611705c9ea4fdbef37638

SHA512
466800936930ddbd8b3717b126c1a8723825ad40963319c38726f7c713149fd2b769bdf956e5d9a94bc247166e835c1842ed9a8b2b733949f2e0ad566525d617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
0649e326aac07f377e168f4914a7b747

SHA1
00aaf5f8746acc4ae5b9b5632b110e2f820b3af1

SHA256
be5426b7ff522f11501f20fcd6e02ae5e2ba39b0d9636451ad145b6ca1a90d03

SHA512
e1e914a7c0938e489418a1f7ad2f9052cc0ecaef534c8f7ea0bba7c661a1baa66ad472ff1e2f6a43340ef4a2584c9921b7098e8f20ac67ec68d89f821a6472c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bc1c.TMP

Filesize
367B

MD5
1dacaf57869947321c99760280573b86

SHA1
f3b265e536eb4ad2374ac6794339d3cf3346b11a

SHA256
8a7b8b4eb0b2f11dec1b5487026c8a69f0a7510b3b4481d42799afb8703c190a

SHA512
cdc485d5784d8f1db688c51364b653e11d707eaedcbf72cd22d3df5f1cd52399710b5c143e712d4aca902642bf0966bf69f1ce474fd8b45a08262b32f73e331f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa430f5292585ad01c9ee0fb25acb14e

SHA1
bacfea6185f4ed6473a7f595ac6b04829af38e29

SHA256
9c6e5d6b484d19212b9db2c6a392835d6819c14f58372d9233c511cbd7c378e4

SHA512
6a6084b0050595b581b8b23a31f6cec9e488e1c2eb231e5726097e712ba9716b3e85c197550423ebf6e1d295caa0049df20491cbe08608c68100b5c7830040c4

Download Submit