06c2dff99c92ad35dc3b83ac8608002a5b0fe080fcd9d321c223ed1a31267d61

Analysis

max time kernel
146s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit.exe
Size

10.4MB
MD5

bcbe97957824bc7ff26b65a98d930677
SHA1

2ccee678ff718dd61ba6e4afe7f95527fc6b9dd0
SHA256

277183d7af817b1a3e276031823a93206868c9a5994705d49124a5d2929c1e87
SHA512

d064d024f0eec0265b8b4627c6d859a694b6a99710562fd0542f4f104bb4225f5f0105a029c00f44c2e43a3febb62e3cbbd8247b6b86ee7ca3c599b4fc5a5112
SSDEEP

98304:Fpsvxbz3sysFBdHiy79mGs0ITIECwa99bUHpOVJdVZ7SrD+ahQkd:0vJ/sT9GY9bU4Vj72C

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
3156	msedge.exe
3156	msedge.exe
2988	msedge.exe
2988	msedge.exe
3404	identity_helper.exe
3404	identity_helper.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3900	JJSploit.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 452	3900	JJSploit.exe	82
PID 3900 wrote to memory of 452	3900	JJSploit.exe	82
PID 3900 wrote to memory of 1968	3900	JJSploit.exe	83
PID 3900 wrote to memory of 1968	3900	JJSploit.exe	83
PID 452 wrote to memory of 3388	452	cmd.exe	84
PID 452 wrote to memory of 3388	452	cmd.exe	84
PID 1968 wrote to memory of 2988	1968	cmd.exe	85
PID 1968 wrote to memory of 2988	1968	cmd.exe	85
PID 3388 wrote to memory of 3120	3388	msedge.exe	87
PID 3388 wrote to memory of 3120	3388	msedge.exe	87
PID 2988 wrote to memory of 4228	2988	msedge.exe	88
PID 2988 wrote to memory of 4228	2988	msedge.exe	88
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3096	3388	msedge.exe	89
PID 3388 wrote to memory of 3156	3388	msedge.exe	90
PID 3388 wrote to memory of 3156	3388	msedge.exe	90
PID 2988 wrote to memory of 5020	2988	msedge.exe	91
PID 2988 wrote to memory of 5020	2988	msedge.exe	91
PID 2988 wrote to memory of 5020	2988	msedge.exe	91
PID 2988 wrote to memory of 5020	2988	msedge.exe	91
PID 2988 wrote to memory of 5020	2988	msedge.exe	91
PID 2988 wrote to memory of 5020	2988	msedge.exe	91
PID 2988 wrote to memory of 5020	2988	msedge.exe	91
PID 2988 wrote to memory of 5020	2988	msedge.exe	91
PID 2988 wrote to memory of 5020	2988	msedge.exe	91
PID 2988 wrote to memory of 5020	2988	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\JJSploit.exe
"C:\Users\Admin\AppData\Local\Temp\JJSploit.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Windows\system32\cmd.exe
  "cmd" /C start https://www.youtube.com/@Omnidev_
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd7d046f8,0x7ffcd7d04708,0x7ffcd7d04718
      4⤵
      PID:3120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,3157167238561826629,4907161272151237767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
      4⤵
      PID:3096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,3157167238561826629,4907161272151237767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3156
- C:\Windows\system32\cmd.exe
  "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd7d046f8,0x7ffcd7d04708,0x7ffcd7d04718
      4⤵
      PID:4228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
      4⤵
      PID:5020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
      4⤵
      PID:1188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
      4⤵
      PID:1164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
      4⤵
      PID:1856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
      4⤵
      PID:2716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
      4⤵
      PID:4776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
      4⤵
      PID:4372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
      4⤵
      PID:3848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
      4⤵
      PID:2656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
      4⤵
      PID:4788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
      4⤵
      PID:2728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
      4⤵
      PID:8
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16904301866733026873,12203476778632751242,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
1cf5978d2452b536f71d594a5b2a1f2f

SHA1
4b0ed556037cf34b3d102636254e25aed0487cb2

SHA256
f49a9ed525afe0769f106c7e1ea4c140152c82e885e90506d1f2e3fcbe906cff

SHA512
bc21dc8c8d643c5101f19dfcf98066172f61903ee0767b991e4086e4707233d312529261420aaad806c232878f73890afb6bdb7e764a57795b624686d651a2f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5c8ac82c64bf1d56526be6b3bebc1ff4

SHA1
173b6f89119cf3f4c62d25b64f310442f84199e9

SHA256
53403fa846f103a6039034c645400a92776d4aac124f5bac96111995f0259db7

SHA512
afb9ea05cdbe43b0354ba314c656e135da87433443024567a76e493e5f7851dd28fcb7958c1e190e3142ce25df8940b4a6354debf4dfd7e1d4625736e2120c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ba7c00bebe8c206124d7ec71bcffa1d8

SHA1
67e3d5dc067a5a7ffc30d84d6a013e42efedf2c0

SHA256
66cb0436f7cb04a2987af0cb65df149c876ea43bb0b4b59e7a06c556268cda4e

SHA512
870e111cffaec28479bd16b67655198fca23188fe27d38f74e4b708fb566c0da5e1731b17cac908999a9415907d76e0a76a6f080b708a3f6a3dfe32ed2e815a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6e52bf84125f639eca656f9ca4b0bfd

SHA1
dffd152edff9c8dd21191850f4e19e762f53a54c

SHA256
cf7dac10587a9331ba07770bfab045c8529b266980a631df41e431bc0a74d27a

SHA512
80c4ae30bb3968838de2adbb2c06d5597310e500c04bd966cd1d7b3a238d09355b78461f8bbab37376346efee41a70fc64e3fb879824262cad268e963d1a7c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d4d6eb2ccedb7730776fc2a3af986bc5

SHA1
f40190fa9292b95a721549da468cd1225a3566b3

SHA256
6b2c1e9362e846003b99c973814b187987a3a353c17b56acc6c64567c0c30cb9

SHA512
5e8871a1421f9bb172cc99acc8919896bbefe7cbbc9cf39d485bb79f9935553c05951750de19e4b7a06042e9a4a6f215d63ad7294e9cf8648b9848d9af6f3c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4f3b9611a9078cce6dc29c9ea5a21512

SHA1
5826f5f1dca949cbcfbfa46a71578f30a54d3f87

SHA256
069be5326d3a969fa3db925f512ff5bf3f9f5027eb5ed8689229f0f9196c7a47

SHA512
bbafde0d6db279f0a747da267ffafb968d5ca8864159ad33b6c35bba452398ced38e5c8a51409642ca178eb555dd77cb9e088036146f294b660bbfe1ad1d2333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
627f2b0c076b6b0c1c1b6940df0078ba

SHA1
ede2b3bc3b3ed8c66fda004431e27e8ce71eff78

SHA256
517d355c6c30ae62692c6a815b6fab6b6e79e1e5d2b85a03df518bd1805b8a1d

SHA512
655a76d3be23b7465db5b0d376913815d63c970ade891f6d6b97060babb8874aafd05985918df898d187ac0e85e145e87d1519ad917d7545480b0d6bf24df479

Download Submit