cfb2951a36a089d7c39015dcc738f854e4f979177fb06a4c0dc883638e886f02

Resubmissions

13/09/2024, 14:26

240913-rr5aesthra 7

13/09/2024, 14:25

240913-rrd38steql 8

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit.exe
Size

10.4MB
MD5

cf1abbdf344fbd0d14934c620de5bb16
SHA1

d6646330f3be032a8a16945bb94a412c7d2b29a0
SHA256

d3178284048fd809f2cf63a96cca1af122722ab29768d71b6c1152a233490dad
SHA512

194ebb98531dfc41b9777724d98d81980454c4cd1fb08219285de0c3c3ac36c358af9937f890751490ff1fc3ed41205e04aa8851509334e75d36b16f150e89d7
SSDEEP

98304:vtxARZ0toLC0XbUMhemGs0ITIECwa99bUHpr8U7Y5T7RTGT8C4gCI3s7:vEEo/eGY9bUtP78RTC8ws7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
2920	msedge.exe
2920	msedge.exe
1324	msedge.exe
1324	msedge.exe
3280	identity_helper.exe
3280	identity_helper.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1636	JJSploit.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 3208	1636	JJSploit.exe	84
PID 1636 wrote to memory of 3208	1636	JJSploit.exe	84
PID 1636 wrote to memory of 3708	1636	JJSploit.exe	85
PID 1636 wrote to memory of 3708	1636	JJSploit.exe	85
PID 3708 wrote to memory of 5084	3708	cmd.exe	86
PID 3708 wrote to memory of 5084	3708	cmd.exe	86
PID 3208 wrote to memory of 1324	3208	cmd.exe	87
PID 3208 wrote to memory of 1324	3208	cmd.exe	87
PID 1324 wrote to memory of 4196	1324	msedge.exe	89
PID 1324 wrote to memory of 4196	1324	msedge.exe	89
PID 5084 wrote to memory of 2432	5084	msedge.exe	90
PID 5084 wrote to memory of 2432	5084	msedge.exe	90
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 5056	1324	msedge.exe	91
PID 1324 wrote to memory of 4108	1324	msedge.exe	92
PID 1324 wrote to memory of 4108	1324	msedge.exe	92
PID 5084 wrote to memory of 2780	5084	msedge.exe	93
PID 5084 wrote to memory of 2780	5084	msedge.exe	93
PID 5084 wrote to memory of 2780	5084	msedge.exe	93
PID 5084 wrote to memory of 2780	5084	msedge.exe	93
PID 5084 wrote to memory of 2780	5084	msedge.exe	93
PID 5084 wrote to memory of 2780	5084	msedge.exe	93
PID 5084 wrote to memory of 2780	5084	msedge.exe	93
PID 5084 wrote to memory of 2780	5084	msedge.exe	93
PID 5084 wrote to memory of 2780	5084	msedge.exe	93
PID 5084 wrote to memory of 2780	5084	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\JJSploit.exe
"C:\Users\Admin\AppData\Local\Temp\JJSploit.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\system32\cmd.exe
  "cmd" /C start https://www.youtube.com/@Omnidev_
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff305346f8,0x7fff30534708,0x7fff30534718
      4⤵
      PID:4196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
      4⤵
      PID:5056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
      4⤵
      PID:2636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
      4⤵
      PID:2040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
      4⤵
      PID:2916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
      4⤵
      PID:1000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
      4⤵
      PID:4988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
      4⤵
      PID:2944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 /prefetch:8
      4⤵
      PID:3792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
      4⤵
      PID:5040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
      4⤵
      PID:2908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
      4⤵
      PID:1364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
      4⤵
      PID:3420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:916
- C:\Windows\system32\cmd.exe
  "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff305346f8,0x7fff30534708,0x7fff30534718
      4⤵
      PID:2432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11213031339089786282,13327830710711216005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
      4⤵
      PID:2780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11213031339089786282,13327830710711216005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
efd6dd52295dbe997d9d39b0b16be6c7

SHA1
8cc08e8fe1ede89e640afe34956623db49c64c55

SHA256
9a6b8fefb9eec21e2137f9040b0dd5c3aa5a7fc001b0bf32eb6b39273ed092c9

SHA512
616636fd7a1dee57ea05afe618bec27bab075a512d7682e7f71162be0bc17fea8a03a352e4b80008657023db2746c8947a0e449405b250d750c35e70c2ba17b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b6b5340eefc6d1b28ea1c47509556875

SHA1
645e6d196f9cc41d8271ca0a53c6f3ca703ae5a7

SHA256
6b6977b56699b8aa1dbbad902e1907bf3c6a7b80202ac3a6f18324046ac05e59

SHA512
9ef7c40a5a0d91305e3753ca97d4db642b7f4aa0fec70b4e2c8c6018beabef2f884735fda6632634fa6b31d8b701d2f429f788849e4c41d6cef19b0b5493bf6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c478304d6174e49d5a766378a635546a

SHA1
7a67e4fbe9ff001979d01f7ea6d8f020b03899e1

SHA256
9c68fc219d0173b25bccf1b270228bee6a73cabf8b71d64a92f34929bb01877c

SHA512
3ee16be936ece2260944e8910a7f7941082fb40e9b8b334af1e88ebc2c01360cfbd2adac0586db4b0e3cfb3fc5c6f6d00ac5f546f6b56e3045c81cedbef09d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2fc6a0772d69afa8eb191e0a88b3220d

SHA1
d046d8b3007104697f3a01aa7965549dd77d1f34

SHA256
0879e91a32f98bef99e500207f45de73a82fb65dc8493df3f658f46a86ee22d9

SHA512
1c4b8906633f6f2c5bb5eefcf3e45d34d472b948f7d9a1e7b58a6f41fa3ab8dfbc39a0b2919c3593168718f77cd93a76699483bb326207fbf870c92a3c3b25c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c70a16f7e17e92e594fb8771853f3df5

SHA1
ca428d61f8f2fac3cc617bd81567be276d21ac1a

SHA256
691812fb749f3837a92a7310dc2c7ffef2b1e8e2eff93603bebefd3c8ac05ecd

SHA512
996ea79f4aa95596b841a75546f0906606db70c399c36a4c80515727a2eaf8d53ffffe8c476c7bc8a4b124b5f1163ff7040d2d6c2d63f269e2c8e6d2cf1cfd2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a544bb0ff9fce96b3c5a56798467af62

SHA1
3d5ee5384701861d1e34b6a8f408a4f800ca0de1

SHA256
ef1422d31ea9da95dcaec59a4d772873816a769694791b0a4498d50cba432a6f

SHA512
f41eb7e7d6d534ddc00ced1573c6983da9a8abc6a53fca02bf5d1b1302c9e223cdaedaf75e5c581a5b41d6ad6a0b47494c26eca1c54ca52140277d6eaedba935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9070c76b3a98f131c814f40d81df85a6

SHA1
f19d44b73c2730f50e50fefc2d622ecc4c641852

SHA256
1649747e53173d99db1dc56af87dd160f55a68dbb0c7bfa33de68f6d1b3c4336

SHA512
a93274dcf547c9b355859e87c46a5c14e93c82b5f6cf867d608c314ce85badc0aec7ba29456cd8e20cc46809f26ac73f74bda40a46ac9c7eb6724040fc12b68f

Download Submit