hxxps://tracking[.]pmprenewalcourse[.]click/cp/campaigns/le343nj5w8a9b/track-url/zf542sy7w337b/9284546e326ca6a3d46e9a39f5cd60322a412e31

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 17:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://tracking.pmprenewalcourse.click/cp/campaigns/le343nj5w8a9b/track-url/zf542sy7w337b/9284546e326ca6a3d46e9a39f5cd60322a412e31

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
96	extreme-ip-lookup.com
98	extreme-ip-lookup.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
3468	msedge.exe
3468	msedge.exe
884	identity_helper.exe
884	identity_helper.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 1904	3468	msedge.exe	85
PID 3468 wrote to memory of 1904	3468	msedge.exe	85
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 2664	3468	msedge.exe	86
PID 3468 wrote to memory of 4952	3468	msedge.exe	87
PID 3468 wrote to memory of 4952	3468	msedge.exe	87
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88
PID 3468 wrote to memory of 4964	3468	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tracking.pmprenewalcourse.click/cp/campaigns/le343nj5w8a9b/track-url/zf542sy7w337b/9284546e326ca6a3d46e9a39f5cd60322a412e31
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd421f46f8,0x7ffd421f4708,0x7ffd421f4718
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2176096174031648043,16030712376460444850,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
31KB

MD5
5d9e09db1c6f10f4dfd1b390f9658572

SHA1
cf6301503cbe93dde3f8ede03b6ff20fcd5d6ad3

SHA256
61e61f7778df91a4b6d7f679371661ffe99a4ee64a9d8858066b679f456cde7f

SHA512
54ca79483dbb13485f6c892a848df8ec700aaf3a82abee312d8323c744ed3988afc264bbc8a2c3895ddef6391bc876d870bd55d9f4753e4789a2e28d098deaed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2fecdbb93c21a4fb068bd180d610ab82

SHA1
9be26e4c20a07902c28ab5fe1f7a201ff651c5f0

SHA256
8adc52cd44739a5cd3c76d8531badaccdbc5abf80a91f259cd565c3a3f9983a3

SHA512
2bb85b3c7478befac4ccd3d9a1f425fae0b8ee87fb3f50d115996b1b6341844c01ca263036908a829732c2e2eb5fd999980977489b31a38751db271022043663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ccrs.pmi.org_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
413965144e0d7a0e0a87de2428d9f6b1

SHA1
79908775a4e90ae9f6f938783711ba55e0555b50

SHA256
e0ffb478d6c77767f8e6363dff61ce73ed4a18c5bc0e07b72d32543ed7c82bcd

SHA512
25276d3df862da25125ff484d99d30d58fce6b335ee8d3c7c874c736f168f343afd5aae909f67ae8ea96a8aed528fe197f370802a349c11718a057816ee33ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
d6c611cb468ad2816caeffeafe0774ec

SHA1
71fb2b244fd72b1132018fc3b4e1b47965b3ca1a

SHA256
1816e36afb4a67dc532a84755c969f545422864bc9e7225a178bea8d671093aa

SHA512
1f2e20bf58d1232fc18fb66e49356790117a35bdfad4c82f05a5bf5714d6b5f4208b50c1b5b516b9624f535a70342555d1fc3d1da0f07586664f73ee600fbc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
604bd10bfd354623bdb0de4a5505e82a

SHA1
0e47c76486a1248d7a1b0b436721db35a6bda69e

SHA256
e9b7a49921da688547d61b08bb98c6e5b8940507b1d506903edf8dd4200e7382

SHA512
d19fa158a587de6ee550c9073ccae423dc6be9701936f0ae04721d0d44c2e1dc9f3b4c85acd101058b6f2efcdd9db729038618194d6a44b642199c0e0d795d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34250a94e4191f45af75b9a44d66e450

SHA1
6bc1c3f811b5dad6c278b6026de6a0527a9d7a31

SHA256
d0c0fbacde284ff290d71ec653f558242de19d34e3911f44fa803fd253d38929

SHA512
6757a9ee91cdd1eef42642003b4c9294d5af539494cad7166b23ee97e8cafbaf84fadb485574dfbf24c48b8ff19820fa04e6710e893f4c2262caf8c62a352139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fd318316596640a88d5316e996ca3bea

SHA1
eed05f741157887ff2474d2d3d5c016d985ae904

SHA256
e81c6e87f182b83841a72ef59e7ddfdb2c54d0f0d07cb920ccc21f95699dcc87

SHA512
5a38e135c996fffba223bc51cfd2bb39f1187f33df83670a08c0b6a69fb70195cc8cfa8aba17bfc4eb0fea5fea57eb888426e24b3115456841182c9ea313f743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a0bb090f33da25144f9384b2cd067338

SHA1
f97500b65735139c286e951a7061b54f4415f160

SHA256
fed584bae47a787e975878732c9359bfb8493215eac6406e5ea5d85ae4220cb5

SHA512
b85939e780d23f1f513ddb1e540065bd7f85ee8a5a877d72f1b3459577e7fe3912a93a14d83a3c4ead94a5c5a6be1e69eee7c7d8b2251855f527640aadf8a3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
65d85af4db6c04716789b38271a891d5

SHA1
608e22a0e7fe0b2125a2edae48d10252c4b4dfdd

SHA256
07ea43b78d6f2d18e08eb67a7fc4543024f60c6931c5f0d2d46a46a7c7096e76

SHA512
b6f78ad56d1f910131a6b54d6962d926997bbe99c3df211769d003807313248044330491dfb785cff8c70c6bac5f17631c3241c6184b8d841099bb9dea86b80c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3e597ac1a54f0b74f888c8d626977cdf

SHA1
523a6fad717e082ac519798d4a903373e7931a7a

SHA256
5fa41d92052d661f8071f8456eaf641f33dd429f3690675bf350c0b255f66cb2

SHA512
12163707cd94056726dc98f5c4c70558185da6025e8e0682da3012829ca22171ce806b157ff0505aadfd7582b375470cc42ab5d2436442ff6b9b4ca82f390e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0350219ac741caaa8994d3557123a9dd

SHA1
6e4d3d44687bc2434ec8eff95322b20196d1fd27

SHA256
2b158a01aec705451773385189b7fa5655c27f79b6222be044ad44c8fbfbd120

SHA512
174e87bf13c7a7d710a90dcc781bcdc756dedeed7e886e2c8d7b57ebbaaa55a0692a75cf9fbc23b9540d8ac133d6a5dea82ebb56780bfdd8d4895a54ba5151c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a0ec02747c44a8b5268880afd6ff0f70

SHA1
57cedf97460eceb11119496fc5f13cabfcd80700

SHA256
02fe14f421d4461a00729167434ba76cd7987658a196d0209a9c8afbed2c3081

SHA512
00e4e0ff9ebbdb6354ba8ca2b31c641bd7c7adb5c9adc31dbd4b77490607096c405f7e5b3a24c8ea3277786c3538bf5486f2556690a427f2eff86ef823857bbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
11c03a1a5c88e238c846483dba1799f2

SHA1
6d36c52f152ff4a1a6023dfcc4784a37887b0c77

SHA256
bc30dc3e81d7cddaa9762992ecb72cec615dbbde4673d27b54fafac054aa8740

SHA512
bf2d0935ca6cdf311a19910e0666a6fd387d9e843f0e802c9bdfb41e8d53c720ec49b5f026b9eba7da8d5cf17b64634ab4fd4a2514bd106cdbe4e02d2c9b45da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7aa4f935a3df4bf7e54169a1048322f9

SHA1
b0d7b561828820773aa1d9ec5d95911411a691ba

SHA256
215c42c0a68af72fe55ab2743d1cf56422f4eedd0f0a1f37e41ff17f63654efa

SHA512
b67169f585528c3fbe31d40d6669cf01ac1dddba0b226aeb6cb1efae4674966459b48ca5b844ac9d292def740da5791e1ac4c888416551fb5580ef14e09af1de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ff87baa9a168d848eaed0e2a54b85a68

SHA1
bd3ffdaa9905b0fbee7b8620f68a17a64ec08e25

SHA256
541131eb609c4806541c91f74f80f9f77eea4d33e805610866114c9f279d07a2

SHA512
1be18ca035b1eea09ffde16c7e6aca363165ce6938531321119c193deba603e60709a9f10ce2093d2a90b01b445d3627d10264523e26627aba7326eb43165f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
ccd3c09498e0a9dc1c8fbde101ccc2f5

SHA1
57c87ecbe6fa0e6b63bdf4224faaadb6f9477ba8

SHA256
2768bf32be4c50a4b4f8b8936fe0a22f992ae2d5636a8837f1d5f4214032a321

SHA512
401a439c9bd83b488a3083e29813054013ca70f54fe5bdd58bdad8cb00db716460d9a778e3ac55f62196f53bd27228586b32dae855a89fb12258ecbdf1fe947a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b63e9f3e64f57727f5069552969d4958

SHA1
7ccaef7324a484eeb468b925dedb65b05c998d2f

SHA256
d4b826ff83e08006be68cbb8bbe2efb407626b6fcc250c80e101ddc112405746

SHA512
0c3b5b899b26cf536c4facb2dc19ed62ec0be0dcf1038973d07546dcf82b72c3e19994ff2fd930f75660e1fdd7e1b163ea1dae7683a12169415e4d54e904fe9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
48719cee1e5654a2c3963ec65d289521

SHA1
0bf51d17ecb3fc3641c86f2e1bfe153697974a31

SHA256
3a85f3691c0a70a27cc11b7bd77403da315ba80259862259ada8f7971a7df4e9

SHA512
19e2b26014ca8bf128373d982c2b6db8fa814e23330afaac88f5acbcba5eedda7b2a398c9699538db09a9252fa564ce72ca2acf38611f1f83f2dd6336423eae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9272f0b4b2354859eacb59a36f96d2e7

SHA1
95cc8f2382ba814326abe667c2637fbcfca7812a

SHA256
686e5c5a5f15a9b16c7def2d7069c205efc35a62231336b86ed3b68ede2ecb9b

SHA512
2138f46d1137783a71128c32ddde3c87b99d4b5313fa8df432f6fde2677d44658c9b385e98505bd17d99df6a2d1b2e05230fa9bb2cee31a5bea13e5556f93824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9832ed3ef21a185b621c3e33f341e8e5

SHA1
25fd6f7da661b21eeddbe1c7817df0f2ac8724c4

SHA256
eeabeddc216e5c8115929e8bdc9ea750c14330bf2f1db4ef68cbc2e338ada21d

SHA512
46ce0016e15eb345db72a09c0e2e689e39360b57989569376a1b9f1a507e4ad23dc8fcaf9da9657ee11c2cd4649be2f16a99278ec3f6565e06692a45868c89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a856.TMP

Filesize
203B

MD5
c1a51ffd709e386eb99b6bd59922f9c2

SHA1
ea0ed7771aef56853c25b426135f7371a5c14d6c

SHA256
fb4335c976793437ea4cfcfd53a57f6be3503d7b1d1c56c96502d10013d54cc3

SHA512
ed02259c41ca1d5e4718c8d5c3be7822a6a11cf1e0651087dd61b085b2a121c0512f66f4379206ff7eaac507cd0826f9eb28f63cbd2384f268fdda384a54c7da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58ee7d4492345d1120a608c2002b574b

SHA1
ab7d7ba7e514d728e4fe8863b3f6651e69354b92

SHA256
bd3208365a1d69c13170aac2b5258666add43369f70c529e8ef2ff3e092716db

SHA512
f9fd17a96f542e300befb11c9ca9afcfc569bb7d43b67e73b73b632e7c5b18ef93155f3498fd10d246525db032532c91eedd02f46bed11720d25a56ca9a757af

Download Submit