92e9e6765bf36034b5eba64e2609a4f53cbb4d8e234d06286504167a1ed39c62

Resubmissions

18/08/2024, 12:39

240818-pv2btstdrc 8

18/08/2024, 12:38

240818-pt66patdph 8

Analysis

max time kernel
146s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit.exe
Size

9.8MB
MD5

5aa8497659e32136c48465a91e092d1a
SHA1

f03bd00ad306305630d647805648822b542beb60
SHA256

e02832385c39f13876f7416350a9d76a93b4e97648c77e073e226217802832a6
SHA512

abf442476c2d2646e62695bd4c3b9b56c445e0bf58b0add81a9f933227835a7ee959646ddb426a152b507b503c3df670b20e8ebb2c3a6f8fd69d023b6c128751
SSDEEP

196608:X0CW7PVmsuHfDpHHZ0ry9bUhLnCHpw4aGIE9XBp:X0CW794HfDpHHz1iWw4a/oXBp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4876	msedge.exe
4876	msedge.exe
1436	msedge.exe
1436	msedge.exe
1356	identity_helper.exe
1356	identity_helper.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3260	JJSploit.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3260 wrote to memory of 908	3260	JJSploit.exe	85
PID 3260 wrote to memory of 908	3260	JJSploit.exe	85
PID 3260 wrote to memory of 908	3260	JJSploit.exe	85
PID 3260 wrote to memory of 2700	3260	JJSploit.exe	86
PID 3260 wrote to memory of 2700	3260	JJSploit.exe	86
PID 3260 wrote to memory of 2700	3260	JJSploit.exe	86
PID 2700 wrote to memory of 3092	2700	cmd.exe	87
PID 2700 wrote to memory of 3092	2700	cmd.exe	87
PID 908 wrote to memory of 1436	908	cmd.exe	89
PID 908 wrote to memory of 1436	908	cmd.exe	89
PID 3092 wrote to memory of 3012	3092	msedge.exe	90
PID 3092 wrote to memory of 3012	3092	msedge.exe	90
PID 1436 wrote to memory of 4812	1436	msedge.exe	91
PID 1436 wrote to memory of 4812	1436	msedge.exe	91
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 3092 wrote to memory of 4568	3092	msedge.exe	93
PID 1436 wrote to memory of 780	1436	msedge.exe	92
PID 1436 wrote to memory of 780	1436	msedge.exe	92
PID 1436 wrote to memory of 780	1436	msedge.exe	92
PID 1436 wrote to memory of 780	1436	msedge.exe	92
PID 1436 wrote to memory of 780	1436	msedge.exe	92
PID 1436 wrote to memory of 780	1436	msedge.exe	92
PID 1436 wrote to memory of 780	1436	msedge.exe	92
PID 1436 wrote to memory of 780	1436	msedge.exe	92
PID 1436 wrote to memory of 780	1436	msedge.exe	92
PID 1436 wrote to memory of 780	1436	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\JJSploit.exe
"C:\Users\Admin\AppData\Local\Temp\JJSploit.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Windows\SysWOW64\cmd.exe
  "cmd" /C start https://www.youtube.com/@Omnidev_
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9efc746f8,0x7ff9efc74708,0x7ff9efc74718
      4⤵
      PID:4812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
      4⤵
      PID:780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
      4⤵
      PID:2712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:4556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
      4⤵
      PID:872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
      4⤵
      PID:2740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
      4⤵
      PID:3068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
      4⤵
      PID:2120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:8
      4⤵
      PID:2500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
      4⤵
      PID:4072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
      4⤵
      PID:2168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
      4⤵
      PID:5268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
      4⤵
      PID:5276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17347511969693423414,16073686868003105345,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:684
- C:\Windows\SysWOW64\cmd.exe
  "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9efc746f8,0x7ff9efc74708,0x7ff9efc74718
      4⤵
      PID:3012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,11786110909617470849,7438740514588120544,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
      4⤵
      PID:4568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,11786110909617470849,7438740514588120544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
d220b836c71bfcdc8349198a8e0df82d

SHA1
6103deda2ce4ddcf95648277e6237d82c3624aa3

SHA256
a20d617cc08a8d215dd438be02aa507778f0e3b1b1dfb34f14d72d49b452dad2

SHA512
3faab24b679ffbb1230675a371410632ca46c73f0d58d23618274f55373adf75f559ab92cba25671ddb7016197cc76e8a64a95e6c3498054872f645dd8f2e096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4b0ae16e592c71399bc3009a247d13ca

SHA1
00d11a156be8fffe0117ddd9d78a1527ed7b05cf

SHA256
106f293981c9d607c9dc649f98c50418f9459039d7bf62d8b3175bca583dd291

SHA512
ef84f4ef23e0d1a9f630878e0c982053d8655cdd9a4ee2ecfd29539052dad6b04fae4bbeeab41ca6819e202544db8dee4bf99b1ed65b44da7efec09c4d0e8778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e68b693f278261fb852b2449316b9b3e

SHA1
653d35de3ed8d24a1f776f9f6229045b57360cff

SHA256
2a54b05dd910daaed2498c92ec7b88b5184b7533867091f26a403d5835932b21

SHA512
525562dfa0275e46492caeacbba4b930333e9fba0b392d317cdc5a722d6ca49819c34dee0bca6d0f2a02bc25b8ca2ec1ad63d0f87cc0661a9c1f08690a482fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f88b3156866941bffb51a2d432120de3

SHA1
20969955d7a7e9c9507a7d9d0463a49c9318ad6f

SHA256
89305eeebd6a01fe8af2b44ab3317524101d63af142a14ac1e4cf1b964b2eb64

SHA512
62ef8c64bc967022bb22cf6adb72ec74e3bc90b5f35fc358301c40f6a9b734ff9528ae90277fc6be2ecbf73584390b9da952d8448aae5d913ca6f1e755f9d482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b02d4d4ac3dd42d718a85b19c0028f6

SHA1
26e04f106e6144ccc76ba6fa3396a241684d37a1

SHA256
889c7f571abab117686ed2aed04fa9b032caa1283e4720a3c613e08c462742f4

SHA512
e4a2f293524753db954002239e97b1c310728bbb63c136b4fa5f29236cf92c8393180fe6fa959ee821994a60da7a08d618206f371ecf00e867003e434523d6ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
bf90f5d7af8a21a8fd7e1ece16ed29ca

SHA1
b5f2d9283806ed1794268e790fac979a1f69837e

SHA256
9ef5ee507a015dbfed170b9b010a25c34352bd0d1a5798772b8b15cbed44d978

SHA512
5db8b151f519c2f1a6e23d31ac6ec3b4c7a4d222690fa271b0537af8b700a06fbf36e459d67d0e8b7a4706d89f6e50e5f13c233226324da858fb7e6458576b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a4cdf9d22e34bb39c5a5267cf5ee40a7

SHA1
134b77d49e082067a42999aa9bfc5bc90ca23803

SHA256
b1de7ba31e8dcd0f1a39e09ab2b8740399cc7f429ce72ece205ef333544f45e3

SHA512
a9fac0278fab7a15a3f433ff18f5878ef01d7812f5b9348149a1336840a34de274ab2bd1c439f887f2be5dc9c54426a5dde9e5466cd2911ef64a41a03c665d77

Download Submit