hxxps://pijatra[.]kian[.]my[.]id/logo-banrural-sin-fondo[.]html

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2023 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pijatra.kian.my.id/logo-banrural-sin-fondo.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
1720	msedge.exe
1720	msedge.exe
544	identity_helper.exe
544	identity_helper.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2680	1720	msedge.exe	50
PID 1720 wrote to memory of 2680	1720	msedge.exe	50
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 3520	1720	msedge.exe	90
PID 1720 wrote to memory of 552	1720	msedge.exe	89
PID 1720 wrote to memory of 552	1720	msedge.exe	89
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91
PID 1720 wrote to memory of 4296	1720	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pijatra.kian.my.id/logo-banrural-sin-fondo.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9a2846f8,0x7ffa9a284708,0x7ffa9a284718
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10121967726674802475,7006461698454943775,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5556 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
9bc7d82ed3d9e357df511887f0975ab4

SHA1
ce68155ef0d8cf7f434b8fc7d323590a4a7fe358

SHA256
1517ae6beca9cf6b499c24b780adeed457c07c58a0982c552199ef5d2490ef69

SHA512
e67f5a0af7e857d211cc292602db8bf07e236358536f19b0ec793a50ffc98637cbfe1acd43e33c4eb2a102ddbc5e1df316af8449be309754b788ffc98a269bb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
6c5c3f52364b2f1ba83dc97b87f357f9

SHA1
36fe666b1a48d8dffe9a3f493b46869cf05e31aa

SHA256
56afc4cf0413614078e16a6d3328895bf09298164a25b51b9a977aeaf080b7d5

SHA512
0a448bc06bf13ff751076fcd21130bd7060cb2cf7bdbf477c106b1d222b1697313da37b6f666078555ff9bcb5bac89bc95101eefeacbfcd03d112a9d057a8995

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
5a4c46db4902046ee7c6a8a3cfea6cb4

SHA1
0224a3ab0dc628e9b83ebbd75082e11cc8b0cea8

SHA256
b997d287c6f726992e2565cc8be59d46f0972e20d65c5ef1039ad4ded3ac49e2

SHA512
fe6252560a30de4574d2d9ef3e99d1d01376dab87c92cb007f3809dc73e811284892de7b30b31de6855321cc7d0a81ea83e93dc532d99a8e95c925d298a48790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
5a4c46db4902046ee7c6a8a3cfea6cb4

SHA1
0224a3ab0dc628e9b83ebbd75082e11cc8b0cea8

SHA256
b997d287c6f726992e2565cc8be59d46f0972e20d65c5ef1039ad4ded3ac49e2

SHA512
fe6252560a30de4574d2d9ef3e99d1d01376dab87c92cb007f3809dc73e811284892de7b30b31de6855321cc7d0a81ea83e93dc532d99a8e95c925d298a48790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
4e904b463aec02541d60214b4c998811

SHA1
4f64533d446ca6411469c5eb68eb774946519249

SHA256
e6c7331ee858f07e00063a48b7d6d2197ca2697fcaed2a3326f9720afbfb2ff5

SHA512
de34952443318751d49536946f9d66b703d948fb6f68ffaf9a9b214fb8b254f6aa1d52a5428ef994261549f1c8bf6c5994c0214cfcd0b81a2f0107c3a4656539

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
72f5a7fb86be51d54e5e5629d6fb592b

SHA1
ed0a90d2778e2631bc6efe790c9b80c3e05dd866

SHA256
bdb76cf92d4b4c010aef1b7dcaeaa9658fb239ec6d0c1913c5edc9a5e84df949

SHA512
38ebc0d95992d0014480cd615a9b5213488aa92336aba59d7dcf0fba298a9ff5f94b703db00fdbe1718e2cd8bc805905dd1b3e15231a0d34d86cbec97a157cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1087df98-7a70-42d2-a99c-aa493b2e2575.tmp

Filesize
1KB

MD5
ef25a8b29936a7f97e851e3ace5af672

SHA1
24fcdcea93fcd537aae463a92e4be64927afd053

SHA256
daddf219b6de02c530c97f9d345c75a44e0a6756f87d2ce316d9e1cec5fad2db

SHA512
6d8477a3fe60a2f50dad1d58e0f63d521b2d251619e9dd009ef6673a68062d872825e1bfbb4ef3d0e1630f8e6b211b34921db86d45005805c564fedd54fbbbfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
ace3522f83beef7b0327223e65e236a1

SHA1
66048b812ee65cfdbb3fc13df02de339ba6b5d66

SHA256
26066e686281f609d2e92d08ff7f2683ed23764564c2cc66a38047732ebc2984

SHA512
912b844923e502794389993f437fab7580f52fa141333e285eb4b088e164071a7a82756c26b6afd902620810e09065f7919d6cc4a93153c0f0d4b7a04e706242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eb5909c0f6c09ecb2fa02a54fbb1c65e

SHA1
ae9c8782f214dc1fc83fde155c7be1fe1ebe7354

SHA256
3eba95b3a454fa4f7774eb1ed13a1d01eeb7ee1575e19c2e0899c97af29e93b3

SHA512
af6c9e2c019ac593b416a4aef665e0d813682d8faee44702378767eb1b3ecb38fa14cd76024c41ce6706246afbb12e40e8e0eadd2e069e63c44b7dfa8fd8cc40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
513e78dcd022aa9cd2cd37a48c2e0219

SHA1
44a002ac339c99b9a3c427417f9859d367e2afc2

SHA256
2eb763c2f7f824ac6d6e502c388a70a5497936169142706c75e508fad1d0ae16

SHA512
226408c142d6878dc09568ed088fafd97a469dece1afaf1ca5d0929bddfa78fad9d52ab7b66d57b78a7fa69fb5ac0740009a1389787928ae31419a77a56d20c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
85f209432427778cbda50117d5d384d2

SHA1
b74db69ac9765a19c4dad2d3d0d6e0c6f39c4618

SHA256
90b2e556003d61a4eea981601a1db9babc91e27b293e81a1f3caf7235fb0ed0f

SHA512
8aa1160f9ad02ccea743f593559280258aceeb9c8aed2fb0f025408ce430e26f0d195f3565a8697e8f81bdab50fac0b689333c223a641d460454a7fe4784ab82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b6a32b3a6272b7a6145c08c7706c06c

SHA1
c33fbb6dcadcbc15fca874ad26f24726b5e9438b

SHA256
4b58f3c438a94ad0b8b26c895ba3746eb6f3c57b89c14adbe59a4ac6ceb12197

SHA512
109549551f65fdfd543ecd4883203700e7e1c33b550508a4a135959d8de7c2cea6d1ad023f65d8b97d37808cfb76f9f87363d4a1733b571b9b6f168591c67724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d677b2286f17eaa1340b4c640ffff976

SHA1
feb89581956f629d2bbd19586163ba083554709e

SHA256
aae10e72562b7adb832b29be06831194926307e3dbf1ceed19cf88394753c13b

SHA512
53f350f403fdf5c60b5a39b00b808142ca7d789d67c55cae1a4b08bdb6ceddf63f198c1705a88f489b8c31b9af7c994f4d43cce1b09b744d59a16a9408481dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
90a6eafd1464a4c75f20d32c31bc2094

SHA1
318de44f8a2bd8e4b7dc8da373c4242b80bdd94b

SHA256
84b2677bd89038082f929cd36597a014237e919659f5f0e7f89ad84700f9e6d3

SHA512
30b84967f332490938fa7ddc2dc9de86e16346c61abe03d70c7477ec3dcb53382738f991cd21f33830cf52453aba92b4699ce90eb83caaa4a7f9f30c81c73238

Download Submit