hxxps://matjarapk[.]com/es/app/bi-en-lnea/gt[.]com[.]bi[.]bienlinea

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2023, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://matjarapk.com/es/app/bi-en-lnea/gt.com.bi.bienlinea

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
4572	msedge.exe
4572	msedge.exe
2284	identity_helper.exe
2284	identity_helper.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 5040	4572	msedge.exe	83
PID 4572 wrote to memory of 5040	4572	msedge.exe	83
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 1156	4572	msedge.exe	84
PID 4572 wrote to memory of 3184	4572	msedge.exe	86
PID 4572 wrote to memory of 3184	4572	msedge.exe	86
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85
PID 4572 wrote to memory of 4648	4572	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://matjarapk.com/es/app/bi-en-lnea/gt.com.bi.bienlinea
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad58146f8,0x7ffad5814708,0x7ffad5814718
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2416 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8557864981739636208,8607503891279681596,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4608 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
e10dc399fd79e030ce918f21520177b4

SHA1
4871f74588ef362fc970ad0f1b139005f002f90c

SHA256
e5c8ac61731054c972604e095935d6653e77c91dddfd96b25a9185d3c44f0560

SHA512
aa7e75fe32cf57f144f55d558302a5bb5545ec1dc86eda20b6cd81f4fd67e2c86b86dff15ed71a546ee48e2b37115f07d8fd4680beb8fb7c466956fec59f7cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
db0d19b2f6b081a15f4381877ba7d9b9

SHA1
18ed6735957e1a038a89905beac295b3e7081535

SHA256
e9dd021ebb2ab1568b5c0ffc4263676ee6e5d628916779bb22ecced6742ff045

SHA512
bd3f962335b7b6872c78a27610dd96c00160071fcbc097054db1875665fa62d317dc14c3f37bd69efe2b01ef6e2f99e082cd5a57a6c31867bf99d73b95e969a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eac2ce99183de9b1544006fa77697eb5

SHA1
e0c14824e219d8e68f0eed5cfa5872c0fe708920

SHA256
28f57d8fbb8dfb7a7f71d04a83776c84e9f9094fa1f20d1b1b9c22408b8b1355

SHA512
7996ff1113e76781abb7b983986648def1c3d42b91143cd2e926400ff8f8d78c85766faf2c8d6a6b82080a1633777778713bf82dc491363252f067b4324d7995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38b9b4260fd6e15cdbfc2609f1742c4a

SHA1
731f7e77dace80e1df52bbbe00982db05ae8923b

SHA256
0c23a46e63560927e897ff73b0ff544e5a73a71b51a945b6ff3d76252500f62f

SHA512
9a51ae4c7c3b2625fb365c563a00c992c3d0d35124d2319627fcde54c62ef2773a96da97359b8c26afc0d02a94a33462278962b723ad4c7965e43d97c23652f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
83c387f6abb0b20d6ecd38edc8d2ad0b

SHA1
232ee5dfa854943131cbe8bf31c2b55b0d692871

SHA256
29d23106cb7939f0dc0a8759c1cf703f277657181ee09ade2fef1d7722dd3270

SHA512
6e6c5c2f66d0fedefd0b8d169483293deed262fe00d96b253e1454dc7ade20ebb1f32f052ec5609847935d6dfc0ab8b2b5762bbdb6b4bf9aa411404a4ff43ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\90bfd53eda7f6f12f572fbe6744889f95aa3260f\fc77d38f-27c6-4bc6-b54d-1274cda8a38f\index-dir\the-real-index

Filesize
72B

MD5
61579fd0f9ba96cd84dcf40dcbe44e67

SHA1
57a687e15eed6950dd0d40c1536790b574837fcb

SHA256
80863e9198e5ccae0b37bef4abd430b1031b9f151c3df8de9e18984fc11c1417

SHA512
36e0ed6e4b6852255fb7d566c9d248f90db39bb47ca392ed5fba217c196eb69a970e1b57cbd73cbc3756ef3568432a93d3420c996108a72509232f91efb3c86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\90bfd53eda7f6f12f572fbe6744889f95aa3260f\fc77d38f-27c6-4bc6-b54d-1274cda8a38f\index-dir\the-real-index~RFe580105.TMP

Filesize
48B

MD5
3c68ec7d8fa9c66d5f99edda9ba662ab

SHA1
b198dbf3798ccb1becb15b49cfc588103ca51426

SHA256
49f35bde5ba96a10e82ab32bdeb2e163b99a0655e5954eccbc5546ec7e3b5739

SHA512
ce5715961e94d9490b501d66e8024d36823dd8c4268a149ab6a6ef26d0027a4e40eadd10400ad2d5a9c26dc6e9b6f270a7329ab56f2e6b1b611e11c2d8068769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\90bfd53eda7f6f12f572fbe6744889f95aa3260f\ff7104d8-81b9-4ffc-b4fd-bb7b04d80fd1\index-dir\the-real-index

Filesize
72B

MD5
a1bf359b87ba9b23dc8e800e72d4da73

SHA1
38d566f173120aa428e5e3ab5bf547a5b03ef724

SHA256
32cfe8a4cb176b96dd89cd1f841314519fe52ede5a573324d934b6ac26d438ef

SHA512
ded331c97e470e46ec8432424582a74f24b56425d65e2c2ee11b42f7bcfaf64ef9c3cb58f69bfb8d2836c0568dbe19d0899bf69b97235b01017a9c7f935aac1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\90bfd53eda7f6f12f572fbe6744889f95aa3260f\ff7104d8-81b9-4ffc-b4fd-bb7b04d80fd1\index-dir\the-real-index~RFe580124.TMP

Filesize
48B

MD5
ffe5e7ea143e63282f657ab491b252cc

SHA1
76b6099b0a86d670240ab311feb2939f9ad901a1

SHA256
767e7d7f2c131f10800bcd1ac72479b10c9cd61d1326279e04f7af1c2c679ae2

SHA512
c451600062530d0e19bf8c86664f04cbf51e5009451159f25facfce41f27e1a49a0500ec572ff91ea864fa8eb8d36995f6d413bfe3abe9384e43768a65b40eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\90bfd53eda7f6f12f572fbe6744889f95aa3260f\index.txt

Filesize
85B

MD5
301cb3d9cb1ab4898f12cbe2f0d0f348

SHA1
5bcb01314ad59e73e4cf20f3e3b44d1cea1b560d

SHA256
50e60981e6678325f9de1ba08a114a53e35acb12e22869e84dd8e07e82bfee1d

SHA512
1ef0bfdcc390c8bae190ece3a3b7049186720aae752683aae765992204592448cc24df9c52da71596f339775137596246ac9031db22fe3bd78b6753bfcca9976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\90bfd53eda7f6f12f572fbe6744889f95aa3260f\index.txt

Filesize
141B

MD5
91b141cd4bf4861239bb5986584a69cd

SHA1
e87de3104ff59e59690d5e334fdde0a8ce0a4eda

SHA256
5c3ef582d50972aadd23bdbe76963fedfeb379e98e7a50c04028d8682c24cee4

SHA512
087d8ebe81a4e616bb03709dc691deb6bc3243f557d53c938de40f6083f6758c60edc202c3e47e3168e84a78e32ec0910aae5125a0caf4bbd3d65988be96eaf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\90bfd53eda7f6f12f572fbe6744889f95aa3260f\index.txt

Filesize
135B

MD5
c142f57d0f47342aad157ff398724dd0

SHA1
08c3c6d960e445312510e32ca28c591e24c9c902

SHA256
cfff8cd94e9025d29fda7b001bc364449ec1d53c7691ba61e0cfb2e485e4b07e

SHA512
60629f060da2526aebedec8c93e365baa4401f268374aacb062cc39c1ef2a0e9122123b79829ad793d2f34f8c3ab8424ae992c293a8276537f8ad7d78a92f109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fe7303897cc3ff412ffb241a8b7669a2

SHA1
6fb53e89ef61881caf1bb878a8d3cb440074a061

SHA256
7443385761e2ebeaec9f725fe74793ade6bd47da6518dc99521ec891b2f027e5

SHA512
416e58cdd0cfe071c3c7b2c04423a9f64cd034ea7eb5aff768209b23b6524894990ba314e8984fe0c6c69f605299949404ea3cc2e75df0da08bedfef593f9a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58001a.TMP

Filesize
48B

MD5
950dc4133f4ca37627cf3cbea206b111

SHA1
5d01ded89168463809a3f5999bc416357c01bd00

SHA256
a9b263bd2acc2a55a99b20e88471d0026b760e9cfcb4bd4b2550c6a133a1bd00

SHA512
09dcfb927e693d801d81e77c1866f65d6cf8cfabb55b8c2b03a8c0802fddb80a6976d685a1be7f0e3ba5e8a3fd86b1d1985e1c6c1daa9723e6c2f0cc7d027dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a9612c8623fcc5b860c750d61f29e0a7

SHA1
afbc4a730baaa509663ad09066841ae04351d0d0

SHA256
a6f81e58929743cf4427e9b6658663ed5c718ea42a7b44debda5d2ffd3fb9401

SHA512
3ad257fe3b429d3931e3a57781b0461dbc0377098328ae98a32c841fed51eb8f39ba7dfdd0e72c0a0d566b156346701283b40c85a51cc1836e26aeb6f70029f6

Download Submit