92e9e6765bf36034b5eba64e2609a4f53cbb4d8e234d06286504167a1ed39c62

Analysis

max time kernel
146s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit.exe
Size

9.8MB
MD5

5aa8497659e32136c48465a91e092d1a
SHA1

f03bd00ad306305630d647805648822b542beb60
SHA256

e02832385c39f13876f7416350a9d76a93b4e97648c77e073e226217802832a6
SHA512

abf442476c2d2646e62695bd4c3b9b56c445e0bf58b0add81a9f933227835a7ee959646ddb426a152b507b503c3df670b20e8ebb2c3a6f8fd69d023b6c128751
SSDEEP

196608:X0CW7PVmsuHfDpHHZ0ry9bUhLnCHpw4aGIE9XBp:X0CW794HfDpHHz1iWw4a/oXBp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1516	msedge.exe
1516	msedge.exe
4304	msedge.exe
4304	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
2820	identity_helper.exe
2820	identity_helper.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3424	JJSploit.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 3184	3424	JJSploit.exe	88
PID 3424 wrote to memory of 3184	3424	JJSploit.exe	88
PID 3424 wrote to memory of 3184	3424	JJSploit.exe	88
PID 3424 wrote to memory of 3464	3424	JJSploit.exe	89
PID 3424 wrote to memory of 3464	3424	JJSploit.exe	89
PID 3424 wrote to memory of 3464	3424	JJSploit.exe	89
PID 3184 wrote to memory of 3160	3184	cmd.exe	90
PID 3184 wrote to memory of 3160	3184	cmd.exe	90
PID 3464 wrote to memory of 4260	3464	cmd.exe	91
PID 3464 wrote to memory of 4260	3464	cmd.exe	91
PID 3160 wrote to memory of 4488	3160	msedge.exe	93
PID 3160 wrote to memory of 4488	3160	msedge.exe	93
PID 4260 wrote to memory of 2924	4260	msedge.exe	94
PID 4260 wrote to memory of 2924	4260	msedge.exe	94
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 4468	3160	msedge.exe	95
PID 3160 wrote to memory of 1516	3160	msedge.exe	96
PID 3160 wrote to memory of 1516	3160	msedge.exe	96
PID 4260 wrote to memory of 2604	4260	msedge.exe	97
PID 4260 wrote to memory of 2604	4260	msedge.exe	97
PID 4260 wrote to memory of 2604	4260	msedge.exe	97
PID 4260 wrote to memory of 2604	4260	msedge.exe	97
PID 4260 wrote to memory of 2604	4260	msedge.exe	97
PID 4260 wrote to memory of 2604	4260	msedge.exe	97
PID 4260 wrote to memory of 2604	4260	msedge.exe	97
PID 4260 wrote to memory of 2604	4260	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\JJSploit.exe
"C:\Users\Admin\AppData\Local\Temp\JJSploit.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Windows\SysWOW64\cmd.exe
  "cmd" /C start https://www.youtube.com/@Omnidev_
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff95aba46f8,0x7ff95aba4708,0x7ff95aba4718
      4⤵
      PID:4488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:4468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
      4⤵
      PID:2744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
      4⤵
      PID:2828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
      4⤵
      PID:4900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
      4⤵
      PID:3152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
      4⤵
      PID:2108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
      4⤵
      PID:4940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
      4⤵
      PID:748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
      4⤵
      PID:1940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
      4⤵
      PID:532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
      4⤵
      PID:3028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
      4⤵
      PID:1536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14431237940866364333,6985156214626184056,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5036 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3892
- C:\Windows\SysWOW64\cmd.exe
  "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff95aba46f8,0x7ff95aba4708,0x7ff95aba4718
      4⤵
      PID:2924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,12965912327747212053,6526546352596686333,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
      4⤵
      PID:2604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,12965912327747212053,6526546352596686333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
b401885ed888b4470e938512db7f1cd6

SHA1
705223b3aac65b33e49cbf410173972bf37ad82f

SHA256
8ff7cca6c8370ebddb510571dd24d28c904b8dccf8002d7f89354a350add5d69

SHA512
5739f761f76cc31895e4670e3ee4ea30118becbe0f9d6a789b3124f8a6d25739f45b60d49fe4f724a3fad939ed990258a1e45832fe6635dffffcbeb309ce910f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
06c811e75b922ddef358b5e54e540427

SHA1
2dbb8272866832319b6dc7f9e53e49582244a302

SHA256
dde1304affdf7b0f6203e90fe42308c68ccbd7fc19723736ab4ea3a8642237c8

SHA512
09579299369f9cc512ced5cde0141e5edfe83c83f79d4bfb883f889d3c1d431f107ca3d782dd0a3e1c16806c580a9f61cac0fd3cbf2c78ea16c8b8313f044171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7a33b8708801fcb3d7b3d8bba71df946

SHA1
9431d1eadc6a77609d7190a95403759936c5f789

SHA256
19421e5e929cb4de6a929c9fcb0d845f5fb63e9d0d5e359a3512d60c9f7a12e0

SHA512
1c77e70527c034f6b96dd205ce5c0a9d3edbbd4760d0c9d6f2919b512e1fd89693adf94fb467628b5ad576394b896f830730b9315e8639b7cb117596d8c93acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a8c0e04d1d664113956772127ae0673

SHA1
4e977d398dcbabcd891e035d67858adce7c6e42a

SHA256
d699263dc3ff8fd6f953cf87fb27cb6b7085ce25519bbcc7479b0dd044d5b656

SHA512
2df1fcbed5625f0c802717479de30f8da9e91798797033e6e7ebea5a04b64c3a0a87e4d96700afd2bc667538ab0ae60d03693bef20f97656eda54266cee2c0ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
211ea75d16943370796676d532172639

SHA1
e7d692628f8d931c7989fcc952d43fc9d40a1414

SHA256
02ad699352bed8b021c2a56569aaf93e88d41c352005a5453b86c3de0088f852

SHA512
89ebe6d1383b8a6e3b9d19519eb9a0dcb59b8d9d0dd6a24d0c79434061c6ee875365d8e9a5a7fee10df2ce227ff2caf084b6875b87c271e0a44a52a088c7c0a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
43688ebcf88c1554e1ecf11c2b74ccd3

SHA1
f2daa88e3a1b8d0f692973c18eb1c727bf20f8ec

SHA256
bba05fb1dd4bd68da18c425a78f8a8d0c7fd1c68eeba4f20a282a526f60023dd

SHA512
6402369e4826625f64e6a32a2c7b90dc9d0fa9807a4f481528aaa328b86e2f9c7089e36c8c06266d9deaa039ef39e7835de16683810067124699e96e2cf13ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dcc5a5c90e2aa8f404f570dbe94859bd

SHA1
1bedeafd8a94d1e5197cbbcaada3ab3d746435ad

SHA256
e781e3a5b94cedb1b6cd099bef391effde9340f1b20a204cdd96ac32eeac9616

SHA512
ae4cbd02a96d206db9cdfb3c94c5db91cc8747b569df0e866920078b87e6a4c01420b53f7b812c8177822fce0eb4e87a342a456dc62d451e95fa6a9caff04986

Download Submit