f93c3a4931c1d065d6d2d7c5233e6d6415926f240b512bb41e12a2610dc898a9

Resubmissions

06-10-2024 12:47

241006-p1hfxayfqa 10

06-10-2024 12:45

241006-pzch9syfmc 8

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-10-2024 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit.exe
Size

10.5MB
MD5

53c26fb6d15d5706267608f952c1a4b2
SHA1

52d32c17782ab23546c30e0c31d51e6af30e4a65
SHA256

16d0aa5fecc8ed4ece2c21f3002d5bab11ad9a9c954b7de33d602f0416b2750f
SHA512

f40c9562b81984bd7bd7b2e540698b916d1fe427b2d1034206eb662bad85d90f726eaca30b80ada0e46c663bb8a11c922cc16897e129a033b37ef0b5567bd8f1
SSDEEP

98304:V0NDrUCXL4ZDjEsXLq+EeR3mGs0ITIECqa99bUHp/9JWu3nKv+Sn:ktEE23GK9bU3Jr3K

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3240	msedge.exe
3240	msedge.exe
1444	msedge.exe
1444	msedge.exe
3708	msedge.exe
3708	msedge.exe
3752	identity_helper.exe
3752	identity_helper.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4432	JJSploit.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 1700	4432	JJSploit.exe	82
PID 4432 wrote to memory of 1700	4432	JJSploit.exe	82
PID 4432 wrote to memory of 3756	4432	JJSploit.exe	83
PID 4432 wrote to memory of 3756	4432	JJSploit.exe	83
PID 1700 wrote to memory of 4332	1700	cmd.exe	84
PID 1700 wrote to memory of 4332	1700	cmd.exe	84
PID 3756 wrote to memory of 3708	3756	cmd.exe	86
PID 3756 wrote to memory of 3708	3756	cmd.exe	86
PID 3708 wrote to memory of 4288	3708	msedge.exe	88
PID 3708 wrote to memory of 4288	3708	msedge.exe	88
PID 4332 wrote to memory of 4776	4332	msedge.exe	87
PID 4332 wrote to memory of 4776	4332	msedge.exe	87
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3704	3708	msedge.exe	89
PID 3708 wrote to memory of 3240	3708	msedge.exe	91
PID 3708 wrote to memory of 3240	3708	msedge.exe	91
PID 4332 wrote to memory of 3432	4332	msedge.exe	90
PID 4332 wrote to memory of 3432	4332	msedge.exe	90
PID 4332 wrote to memory of 3432	4332	msedge.exe	90
PID 4332 wrote to memory of 3432	4332	msedge.exe	90
PID 4332 wrote to memory of 3432	4332	msedge.exe	90
PID 4332 wrote to memory of 3432	4332	msedge.exe	90
PID 4332 wrote to memory of 3432	4332	msedge.exe	90
PID 4332 wrote to memory of 3432	4332	msedge.exe	90
PID 4332 wrote to memory of 3432	4332	msedge.exe	90
PID 4332 wrote to memory of 3432	4332	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\JJSploit.exe
"C:\Users\Admin\AppData\Local\Temp\JJSploit.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\system32\cmd.exe
  "cmd" /C start https://www.youtube.com/@Omnidev_
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbd20d46f8,0x7ffbd20d4708,0x7ffbd20d4718
      4⤵
      PID:4776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,14901412209296109419,4222001239106022638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
      4⤵
      PID:3432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,14901412209296109419,4222001239106022638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1444
- C:\Windows\system32\cmd.exe
  "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbd20d46f8,0x7ffbd20d4708,0x7ffbd20d4718
      4⤵
      PID:4288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
      4⤵
      PID:3704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
      4⤵
      PID:944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
      4⤵
      PID:4844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
      4⤵
      PID:1064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
      4⤵
      PID:644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
      4⤵
      PID:5076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
      4⤵
      PID:2300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3080 /prefetch:8
      4⤵
      PID:1992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3080 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
      4⤵
      PID:3004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
      4⤵
      PID:4828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
      4⤵
      PID:4508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
      4⤵
      PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17022528300808158532,17947982443430116574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2688 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4e71fe0052f09d1ba0958d3dd9f157ef

SHA1
04c962a8c32a82c30135398944279436091f6813

SHA256
4160c7de57d5eaba8ca1c10105588b7bb0f0127c0047433320bffe624768ba5f

SHA512
640a4fbb862ec39d0605d14c4326e59d6631fcd41618b931f2529a62fd5b4b2ca2f8315c53de0b40f13adb7697dc526031bae091902266d88cd31df2a1244ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4efc428ccb27e120882c77774c2bbd00

SHA1
a37f9e9b7090f4974f4dab39de0d48518b32ff46

SHA256
d1e449dea78f47a26cdcae0d696bbc17530002fbd6e2ee899046faf310613942

SHA512
1412d5e1ea70dda9a919510373e16cbda2d10b9c4f98872510fbabc500e2b2740ae290edbef246cd355ca09af1994a3f06072d7b2693e83ed8e77ba209657dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ea2ed77d359bbe3fcd95ccb60a6f19e6

SHA1
17dd2b1c4fe9a6ea4fa36753b563ba561bc6cb03

SHA256
21aed39869ec6879f1eed267635c7d6528869206586edf2e4c6fed0f763cf949

SHA512
6ca94f770083a6e69aaa2543c995e2d2ed1d97ea779bc7382f87f98f80e28f894e07396786f5fc6b1ee0c94f30710681769680ea49f724cedf653b5d180d1997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f37901a2dcfcc1133f1279038948109d

SHA1
8764c21ad722f3b44d7f6997f4e0f446e14bf558

SHA256
a46c8652ea6637d4451b50aa485c1e15f4775b10e85334e07435d25b5d74756b

SHA512
f8c981dc96f4854765a41c649651b6993c80fbcbc5318024980c6b00d4313b696195ec2eae66280f1dbdf936e6ed736e516b2dbdfc3d35bc307812ed8e19f75f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9716a1759f513bdc51d55ed0f876f9d

SHA1
a96b3d398e432168e6fd24fa7c601445ea3b78f3

SHA256
b5b8047f144ebdaca6c7613165998e31e6bab309a1019cf67b94d07d3c22cdd4

SHA512
318ee24f6edbadc34785c344f1ba5d4d311c1595a26e13370e4917edac990958e4283e5a1f3040c93b9d0dfee5bf636b71759d334acb88abb528e201448b4c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
343abde57d036a5a925f5031b8133b15

SHA1
17408f98fae9b47eca3d1165b48f7cff711eade7

SHA256
e63b3a495daa4254b9d1ed9fc943a9424614ab231dae7b54a1c2f23c5c94ad60

SHA512
5f7a7ecedfe41c752cbf2ba928f7ea996511c09ce814564d8538b22dac042789b627f2b4362e5853e5849b61fda5ea5b02a4deb018c42f06a980478c5b2bb77e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ed0bc9bce6e6bec79fa727e7e3b15e59

SHA1
d92fddb9052d3b58761bf7c2c539477c10bed723

SHA256
9a59deded9e2276eccb0979333ef76036124ec5ae915d2e4a6a2f3af5495d3be

SHA512
5151cf6d2e41185df8d9c59ce67d5893c75c3e9caa006f79ad76318aae509f1e1c34bce5b53e7fb6bfff18d230943d00dfd85859c801a6cc9e3d6313cb2a1f92

Download Submit