601a6721f634bf8c81633679f9692b3396d091cfde58e9f84b9065e0c0ce5528

Analysis

max time kernel
62s
max time network
82s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2024 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit.exe
Size

10.4MB
MD5

b3d9dd590aca552fa889ada909282a72
SHA1

5e7344ee001b4cf541f539f1c3ddc4cbcd39bdc6
SHA256

601a6721f634bf8c81633679f9692b3396d091cfde58e9f84b9065e0c0ce5528
SHA512

59a9e131b16dd93d31684b78ccdd114fc90ff447f537d5e73fed41bd18698747d1971a214b79ba5402bcb8ae5d4452ca998377e90e4f2e168c595717c831f815
SSDEEP

98304:Y8IRb5LYIiHue/DN/1mGs0ITIEC3+a99bUHpMSr7uIMC4gCI3D7:YXmIy1Gs9bUr7hMwD7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
2056	msedge.exe
2056	msedge.exe
4072	msedge.exe
4072	msedge.exe
3400	identity_helper.exe
3400	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5856	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5856	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4196	JJSploit.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 764	4196	JJSploit.exe	83
PID 4196 wrote to memory of 764	4196	JJSploit.exe	83
PID 4196 wrote to memory of 2312	4196	JJSploit.exe	84
PID 4196 wrote to memory of 2312	4196	JJSploit.exe	84
PID 764 wrote to memory of 4808	764	cmd.exe	85
PID 764 wrote to memory of 4808	764	cmd.exe	85
PID 2312 wrote to memory of 4072	2312	cmd.exe	87
PID 2312 wrote to memory of 4072	2312	cmd.exe	87
PID 4072 wrote to memory of 2356	4072	msedge.exe	88
PID 4072 wrote to memory of 2356	4072	msedge.exe	88
PID 4808 wrote to memory of 884	4808	msedge.exe	89
PID 4808 wrote to memory of 884	4808	msedge.exe	89
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 968	4808	msedge.exe	90
PID 4808 wrote to memory of 2056	4808	msedge.exe	91
PID 4808 wrote to memory of 2056	4808	msedge.exe	91
PID 4072 wrote to memory of 396	4072	msedge.exe	92
PID 4072 wrote to memory of 396	4072	msedge.exe	92
PID 4072 wrote to memory of 396	4072	msedge.exe	92
PID 4072 wrote to memory of 396	4072	msedge.exe	92
PID 4072 wrote to memory of 396	4072	msedge.exe	92
PID 4072 wrote to memory of 396	4072	msedge.exe	92
PID 4072 wrote to memory of 396	4072	msedge.exe	92
PID 4072 wrote to memory of 396	4072	msedge.exe	92
PID 4072 wrote to memory of 396	4072	msedge.exe	92
PID 4072 wrote to memory of 396	4072	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\JJSploit.exe
"C:\Users\Admin\AppData\Local\Temp\JJSploit.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Windows\system32\cmd.exe
  "cmd" /C start https://www.youtube.com/@Omnidev_
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff839bb46f8,0x7ff839bb4708,0x7ff839bb4718
      4⤵
      PID:884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13015022849514022441,18093183527317080877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
      4⤵
      PID:968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,13015022849514022441,18093183527317080877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2056
- C:\Windows\system32\cmd.exe
  "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff839bb46f8,0x7ff839bb4708,0x7ff839bb4718
      4⤵
      PID:2356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
      4⤵
      PID:396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
      4⤵
      PID:1044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
      4⤵
      PID:1764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3380 /prefetch:8
      4⤵
      PID:2280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
      4⤵
      PID:4020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
      4⤵
      PID:5032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
      4⤵
      PID:4708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
      4⤵
      PID:1256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
      4⤵
      PID:1808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
      4⤵
      PID:3404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
      4⤵
      PID:4636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
      4⤵
      PID:2884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
      4⤵
      PID:5408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
      4⤵
      PID:5560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,10952275233446348103,12128811734605670394,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6092 /prefetch:8
      4⤵
      PID:5808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d4 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
34f7dff65191141c13e37de60437ff0c

SHA1
64c805135938e38b46366f4e727a622b3aeb5491

SHA256
bbfc82154b8cfcf5c4408b731156252e929deca2980dcff68984180bcc286765

SHA512
be66f0a0d88eee0418011e4e0ef5ae5cfd488f470c9162e406c56cc4cc172a1d604df78b381f99d52c068e5245cd69fddf5737f47ba4a3d8440850fa2fce02f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d6bc4efe9da5b5a592b069a0599eac6d

SHA1
8a0d5a85c84d35bb618f03de0fdaa3674b473050

SHA256
77ffd24008df9eebea9fd6f64b74e11a7223935cf86998fab29f949244c9b4d8

SHA512
449c49154723c2666fd563ab9ad3b65973cb841bf1d485cabb2aca74e193978f38e0dea2a0cc113186c8269e0549c3134da03159c3f2ec2fa3e5d71c29a924bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7ec5c23aec9aa5908d903a89f57fe5d

SHA1
1521959a60010b4aaedcfd3fcd6d63f573902a66

SHA256
10a06807e5a1a958f172ca44dd44448a80da234742c1207e2c2d914f88eff06d

SHA512
60a58a6d9bcb6467cfccba38bb7c19b68c76738eb21973074b14079ebadffc4e11c98cdcac73fae7edc29c26c019d1f37107860d161f9e1b999590880c6c671b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
abb0fb64b9e7d590484d37f20e0a3be0

SHA1
9ee13836fce2b0b7fbe04277a87be674bba0aa58

SHA256
e803f58a928d5b94fc233522eb9220b717773b8c0281d4a46bc88b85df882706

SHA512
f1cb7564a30a68b4126888341751b2a42ae948a7b9733cb3ca838e6fd4f87d2d5a038be7a2628dcb2489617e7c78bb5a3c4c70634abd85fa7b07bca83d29d063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1f523dd4d60c22b8e095c73e912470f

SHA1
7ff0b7758fd61760f44ff2ae2fac41f58195011d

SHA256
9da5d6ae00dbf186b84da3b99c3b253e607f6595a79f8ee6b5e6362bd1a38b38

SHA512
515e275ec8ecc3a833bf5a0d09b21996243885ef7495c0bb310bec33a705ef271c06de8b6cba77cd5abccd686b8e718db3e9ae05181181712a711bffb64d46a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f669ec3b5e397025625a9564662d4ebe

SHA1
bcb1e7628f3b6c09f1c06e57347065a87314e8e8

SHA256
e0b83bc21ccbfa9ef130fc136fc44f17ebcb6518dacc2e2b8b465eb43b4f3f39

SHA512
c778a7729f57c4b1a5961dd18ec6642f06a6d2aed7368064f3dff091054d950c5b72c7e6f5a2eaabc5dc7e6108fff49d1fcfdaee8ad834a4d7c73b2d32a21fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0c6a3fcb-cb41-42ef-82ef-3451212fd58f\index-dir\the-real-index

Filesize
624B

MD5
f5fbba62f4d438c03a036aadea34ddcb

SHA1
21e930332eb5dedaabc32cef38d8880c44dc74dd

SHA256
758c314da0ba40a2c3d01fb6acbe19e2451360a1172c84878551017111e8b233

SHA512
620c4c8be0184e48a24868be787a689c8b74da6cf4d5b71446673348484a2d336aa33c3191c216bcd325aee7b22e97624c6946498606623c91542bc847f5cad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0c6a3fcb-cb41-42ef-82ef-3451212fd58f\index-dir\the-real-index~RFe5819cc.TMP

Filesize
48B

MD5
cff4c4a5004b13a59802b349fc64d40d

SHA1
4255edc001332b5b60e935d72eb307f58439b9f0

SHA256
4102a40cb6dce109ab14633d1c9423327f99fa910c7bee6510cdf1a88fda5d3d

SHA512
7d86efd7d52852cd5f5585f0c1eaddf51275450bf1f00ab01c98d8d37abdc964baa031e4f59728d55f5f43c9234850f756872ce361ad3fb0528306cf0497b1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ccc7bce7-f172-47a1-9dab-800bea45e3c8\index-dir\the-real-index

Filesize
2KB

MD5
9f55be5b50cea292525c0e14463a1f1c

SHA1
ea9103ede1878cf697389a7a336eabc388f48f67

SHA256
8fe55c083ec2342dbe3d0bfbdb45691b9c7abd1b30769e78851a1ce518eebadc

SHA512
7719aae82558c4c1b540ad00eaf0ce75dbfd2036ec85768d38b2df6037c834dc679b2dff4683cb34aa4dd6bbe5b5fbd4d80d850f41b63e98a93b883e34e27828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ccc7bce7-f172-47a1-9dab-800bea45e3c8\index-dir\the-real-index~RFe5819bd.TMP

Filesize
48B

MD5
a65d12c0f956da006ecfb5379a766e43

SHA1
c4b2c6f7c567bf2b61e37e335eadd19660ff9358

SHA256
c714b5eeb6827dbcefff9f7b61614451774353add5f2d34b4fe62561c323097c

SHA512
b77ab879133633aba9fb5cc426248e033ff510962dd940eb28998789b772dde5b110b38c648c8593527598703d471c4e2c7ff92611630b9453533e40c4557b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
8ba13dd48854949b6454aafcd6873f58

SHA1
c77220fcc009c59f17739c2174fe73a7199b663f

SHA256
be2905dae0dc2c0eb433208ffd9ea157b29decf0bfdbe95a5dc9cbc14b80bdaa

SHA512
64891d8df72d1664aff471da6f4099e7dfcd7afe1911cc8d8a9a6cdc6e07216587f8dbf146e93c061262a5a848fafa826abe7d83556e4a953ecc081d6b8a4267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
6b00b0332f89e7a462d8bce7a0e1455e

SHA1
e48565161c40213afe10a9bab73f2d66a50de9df

SHA256
99e94c28f6749779fc53ed222c88a391f88a58d4530a76a6b6f9218a52f463c8

SHA512
d1d7998bd07e20e4f6ba640256714336fa7acc90bd0ad45e7489e0f5276ecfd73ed3b29c21ff801e5a4f7f2322a80f64d6ddd9f5e58a063949e4f8d3a0a52c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
156B

MD5
7d8f47919e0cce57ddbcd1396bfa4c92

SHA1
35163356689cb16d87497f360dc177465013bedc

SHA256
8c1eea30c2e084e52512ac4fb525f795ab9b1c2cd2f55c9bf70635522e131511

SHA512
3fa629930fb9c5d4ccc25dff57926f6b9aca4a58e557643c29a16fb240babf91b20fd7f5230ee48c20a29029bd20954e9ea76f2a18746e07916c1e5f36b8bf1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
43a5c2c4c90df21e26cee1fe9bfc6e8a

SHA1
91951ffee3004a56a919178d11ce2988331196d2

SHA256
f932da1e7ac40fa76cbe94e8f0706bd5066ccb680cea10f3d698b5dd8cf9b43c

SHA512
b54eb79e73f0d8c77d0c7e253499af055e6a3b0b3302c8d30b05684895f73ed3e12267712e27fb09e8798c55034ea4ede98f6b22f82117975d5465a6014371cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
adac318f2aa37ce153b611cbd0e3ad8c

SHA1
952a579407230c468a7801f83336ba3446a0513e

SHA256
78d698f25919de3d48f37d05381ef90071ed6a766d43c414ba436be912494952

SHA512
0bfb0614183541f4101231c66d247619c7adc87a2e15be9eaa8818a376fe52544e0b07fabf3558d070391932d3d7e4aef9dc91d69451135baecd1fcc0037b376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
168495f6714499146353009be3eef5aa

SHA1
6812784c3e0f6f46cfcca893b2b74438d55e1e3c

SHA256
4355b07c59877efefd135f8183aa5c4a3bb73130bf66248edd7d7a2eb832c7f9

SHA512
f012c1492caa9b96cd2c20a58043ce334e59bea879c29663d023bbb54d95b0b917f094992ab011979467297eaef5976866ce173b7c0c950fee53c92aa97a7d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5819bd.TMP

Filesize
48B

MD5
ae0b19070076d4ea9539cc55ba548fee

SHA1
307f4eea7be8f72d9af2936a6219a4eddff3ed9d

SHA256
24b60d6ed631526bd9d9967411fb103d6955b37d3556160ffbcca5939e43354a

SHA512
8397ea4db81fb8d17c10dbcec62317b02497ef226e3a210ed8a9771f57ada8f312297d5479602d7461bf93413cd1971b55f7b7420fbe702ea7b0b8793671ec77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
f021b204d133b5728eebc916c5b85d6d

SHA1
6f76c0d57b92a1617c239ceaea36baf86cd5b8d7

SHA256
ab94eb2a3666439a7fe784b766f918c38974aa2a169b8179426ad3a6d512bd7c

SHA512
b5c88d7dec4d1eb3a84732da74626384d3f7e9c0daaa6843dd3303fee2df21bba10d936502f761dbbab02d843c574f1775edd2ed2e4567f99e458be16113b76b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580961.TMP

Filesize
372B

MD5
09e860bf5662af9cd703c8130f6ac731

SHA1
bbdbf3f9b8955bbbb4b42bca7fd9af59bc24c288

SHA256
6cc7020c9b2f563b645f453c06b2be7eedfeaed201733a71ccbede2cecf686ca

SHA512
49f370da095ef87b6387cb9ecafbd61f7e1424492f31852c6a481a84456d924c050321f3b90d5618c66c554441c198a281f0befcf51352b03bf18b3c4a472080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
599072b1cdc615f6438a66011fbf0db6

SHA1
50d3255a1cec24e68d71b6087002592038bad312

SHA256
8633558764f9dd71b3f62054f737bab74e70bd6e946764cd5de0c9f68d3da505

SHA512
815876080c1977ea56cdddbc1506a8b3b75257cbd5e38de208dda52232aaf1db968f7267d9e9d4887a24617b480495cbc4b3be6cc54766ce0c667a2f19c578c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
044bd0da3a2023463e51c9f86eff2269

SHA1
e1dc5779dbf88d26c686656c2cbc9021a656c23c

SHA256
e3147805cefac99c703d5f1edc8c47699b0faba3f91080f0f9f26cbd2baac83f

SHA512
9a1c1a857b8a769756ef8a64447df813056714736b0a2b4685ae0861ff742f07bb4ce41683bbf4ff0bf3af61d2b915a797f6ec2ebe076bc1d218e2e8c7ccbf62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
da732e03e15991a9f1facfe76830b5d9

SHA1
06fda4330a56bb3c97d4376a4b61a1da0d9dc8bb

SHA256
c2e87fadc02ed00d97b8373d05cca0fa90e1fd1c66192bb35771e5148e9b69b2

SHA512
2c785e7695bdb8da0975988618f7b73bcd14c28bfae1335767341c45948a2cb3257910509324eccc57607e98d03553a6c1b5bcf8aa9219ebcb39c9a49bb57b6a

Download Submit