hxxps://schedulechanges[.]swiss[.]com/LinkTracking?q=bvtzZnMeiA0wh58DnFdzBEIvvqFAHltGvpw0y9oquESErYMPsdpl4MFXxV1pXA1VBkEZdmt0Z1Hk7j8ojdeKnCx1WqpKpu38BOAPljRi99JgbPMpdM86sei4JPn90_ZWalV23n-dGHwL1_ImT-zApLU-zoCkQjACKqJZwnLqxbAs1IjDlWnLGsbQkEEehiWz5zudvWHS8jTk2m8oXpmDJaBPUUrS6FOiRDv1Z0DZB8sXkUOgJc4AMZ_aYru5gvgutytIBamAAxOH7TAcoLJJCcOXsZ-0I7rORcdwtwzD5XFWJHexJXXv1zDHrqd9kD0Aqn8TvWKi-3qXzX69sLlEDNPR3ynepW_c2qNdHGg-Lug7dF7D5gcU04zM4QNGeRMUHW-LdyTqlP-izm3Ys_fYOeN0OqV8JSo9QcWY0xndMRCXwWPOao6wPAdGIq12hTPg_zgR6Ht5otkqHEnzDzFlycqhd9wgOoB4-Q5sxmc2CldExZ86V_htdEwF78W_WItUWTXPS7hIdf3ROo_qkFr6K823WdRZK-16wXIl878-54hPxyq9TGuUHwP6_erFPoM1TV04V5BdKxAyZk1GVSRGzQZeR1YQg02_58w-jT3E4EJS1csgreNsXamai6wAjvgl2N2u4Bu_eVbzeZ8BqNh5CbuywbYCG9ZpqV6pYuzhm_WcA-tVwNyjB9hj9ohl4_2XoG53sW0bNc7D93XUs7AJddDnWOaDy4PUxDz5bGfrUq-bGqreobuQTAr3sVxQLcHA&r=642458156

Resubmissions

22/02/2024, 14:11

240222-rhc5ksbb76 1

22/02/2024, 14:08

20/02/2024, 13:04

20/02/2024, 12:18

20/02/2024, 12:13

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://schedulechanges.swiss.com/LinkTracking?q=bvtzZnMeiA0wh58DnFdzBEIvvqFAHltGvpw0y9oquESErYMPsdpl4MFXxV1pXA1VBkEZdmt0Z1Hk7j8ojdeKnCx1WqpKpu38BOAPljRi99JgbPMpdM86sei4JPn90_ZWalV23n-dGHwL1_ImT-zApLU-zoCkQjACKqJZwnLqxbAs1IjDlWnLGsbQkEEehiWz5zudvWHS8jTk2m8oXpmDJaBPUUrS6FOiRDv1Z0DZB8sXkUOgJc4AMZ_aYru5gvgutytIBamAAxOH7TAcoLJJCcOXsZ-0I7rORcdwtwzD5XFWJHexJXXv1zDHrqd9kD0Aqn8TvWKi-3qXzX69sLlEDNPR3ynepW_c2qNdHGg-Lug7dF7D5gcU04zM4QNGeRMUHW-LdyTqlP-izm3Ys_fYOeN0OqV8JSo9QcWY0xndMRCXwWPOao6wPAdGIq12hTPg_zgR6Ht5otkqHEnzDzFlycqhd9wgOoB4-Q5sxmc2CldExZ86V_htdEwF78W_WItUWTXPS7hIdf3ROo_qkFr6K823WdRZK-16wXIl878-54hPxyq9TGuUHwP6_erFPoM1TV04V5BdKxAyZk1GVSRGzQZeR1YQg02_58w-jT3E4EJS1csgreNsXamai6wAjvgl2N2u4Bu_eVbzeZ8BqNh5CbuywbYCG9ZpqV6pYuzhm_WcA-tVwNyjB9hj9ohl4_2XoG53sW0bNc7D93XUs7AJddDnWOaDy4PUxDz5bGfrUq-bGqreobuQTAr3sVxQLcHA&r=642458156

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
2348	msedge.exe
2348	msedge.exe
836	identity_helper.exe
836	identity_helper.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 4464	2348	msedge.exe	34
PID 2348 wrote to memory of 4464	2348	msedge.exe	34
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 5040	2348	msedge.exe	91
PID 2348 wrote to memory of 4856	2348	msedge.exe	90
PID 2348 wrote to memory of 4856	2348	msedge.exe	90
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92
PID 2348 wrote to memory of 1624	2348	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://schedulechanges.swiss.com/LinkTracking?q=bvtzZnMeiA0wh58DnFdzBEIvvqFAHltGvpw0y9oquESErYMPsdpl4MFXxV1pXA1VBkEZdmt0Z1Hk7j8ojdeKnCx1WqpKpu38BOAPljRi99JgbPMpdM86sei4JPn90_ZWalV23n-dGHwL1_ImT-zApLU-zoCkQjACKqJZwnLqxbAs1IjDlWnLGsbQkEEehiWz5zudvWHS8jTk2m8oXpmDJaBPUUrS6FOiRDv1Z0DZB8sXkUOgJc4AMZ_aYru5gvgutytIBamAAxOH7TAcoLJJCcOXsZ-0I7rORcdwtwzD5XFWJHexJXXv1zDHrqd9kD0Aqn8TvWKi-3qXzX69sLlEDNPR3ynepW_c2qNdHGg-Lug7dF7D5gcU04zM4QNGeRMUHW-LdyTqlP-izm3Ys_fYOeN0OqV8JSo9QcWY0xndMRCXwWPOao6wPAdGIq12hTPg_zgR6Ht5otkqHEnzDzFlycqhd9wgOoB4-Q5sxmc2CldExZ86V_htdEwF78W_WItUWTXPS7hIdf3ROo_qkFr6K823WdRZK-16wXIl878-54hPxyq9TGuUHwP6_erFPoM1TV04V5BdKxAyZk1GVSRGzQZeR1YQg02_58w-jT3E4EJS1csgreNsXamai6wAjvgl2N2u4Bu_eVbzeZ8BqNh5CbuywbYCG9ZpqV6pYuzhm_WcA-tVwNyjB9hj9ohl4_2XoG53sW0bNc7D93XUs7AJddDnWOaDy4PUxDz5bGfrUq-bGqreobuQTAr3sVxQLcHA&r=642458156
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa607d46f8,0x7ffa607d4708,0x7ffa607d4718
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9371589105575215695,14165076875184109348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
c7d3a1e99b553f9fcb87087d26f4eda9

SHA1
9aaaaf3612b5bdec8697c43e33db6c0a0fbb239a

SHA256
329bac00c3b06eeef0ea8bac2c475e64851f830460bd408fe8e61770321f7bcc

SHA512
e6a4b71a983061bd2b056c07df08b9503955764d212b4cc7ceb5eefbba2679e4621c5dde103324d73671b7f3957c2b274f5b69d8479dfd64d9d8fbf2576c9244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
756B

MD5
f5cde94239ecfb481e4edd404ccbcda0

SHA1
a26b76e6af5fd0f44071f3fc1df7b3a355a2a87d

SHA256
b09f7c12ca7382cd72b7e76d83710bb00e0464f9b7059f4c265c9a70a8a497f5

SHA512
1e6d38e03335712f9ef5ccbabb1b021fa789f64540d7f34d0ea3d835437898d5b8d9c0cb96c5fac0182338416ac849b6cf8f3cecba46b590a98937121da06ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6466a0c71b8eba29d7d607e75e5a9610

SHA1
9616f6310cf24449e1080d690720669c3a385f1e

SHA256
cde363bfdffa4a7c3684f309354df4b8bd8765f3ff2cc262c4de113a0afaacdc

SHA512
9be246e9da8f246523c664e7d3c54c346f7fa2a1816a720a21f88cb9ef2119aa5a4ae170b632ef954b61a28a40f2cc2df66fb4f8ccc864736394a8bea4a62c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51be907939f6694818b2756996ddfafb

SHA1
53ea8f487379fc03a3b92d98a85c4c5f8662fe5b

SHA256
831da90988045ad1d9f5e2bcd23f352019f7a7dc773597cd03cb5a81ec241db4

SHA512
0b96840fcb895675af85f1b2c4fd2a6a1b48a32c6b71f5cc2f18cc1c90cb9411e3099c74e9a545d3132d10885056cbb9086baf11214cb200b0c9255d3945aa18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
49fffebdd8ba272e6aaf2a12cdcbef80

SHA1
05717fee425953a5b89a643440e9a0a57986c50c

SHA256
18e1653e6b28d526d952d1913ad78a12fcc661b49966ccc16f9ad1e7a8d71a1e

SHA512
ebb0d9f56f8909cc375799f6d13a8f8a8f29a837afcef33ee272f55b85cbde8366928eb310874f4ee08cd54264799e045787e687de596447f71903cda0c290da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8433f89efcabe2e0d47f7e5072a55c99

SHA1
e4cade96e6257c9611644df1d2031360652a5190

SHA256
da1b53621e294c42ae7d70ef5bf3b9b6a844635f3a245fd5fe958ada7c9d19f7

SHA512
e85ca9537d12aed8f644c39fcc9a3d3e3f8ba173231e33cf3eb80ec679afb0dda7fe465588e1fbfd226237c2afc0318476cc53e7f3c5121cd7ba7bd222a2b82b

Download Submit