hxxps://us2[.]concursolutions[.]com/twPopup/popup_OnLineCheckIn[.]asp?carrierRecLoc=IPUYIC&carrierCode=AA&firstName=Homer+Ray&lastName=Locklear&deptDate=1%2f23%2f2024+1%3a32%3a00+PM&deptAirp=RDU&carrierName=American&lanCode=en&contCheckinId=

Resubmissions

23/01/2024, 22:02

240123-1x1nvsbbh5 1

23/01/2024, 21:54

240123-1r76raagaq 1

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://us2.concursolutions.com/twPopup/popup_OnLineCheckIn.asp?carrierRecLoc=IPUYIC&carrierCode=AA&firstName=Homer+Ray&lastName=Locklear&deptDate=1%2f23%2f2024+1%3a32%3a00+PM&deptAirp=RDU&carrierName=American&lanCode=en&contCheckinId=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2040	msedge.exe
2040	msedge.exe
4452	identity_helper.exe
4452	identity_helper.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 4976	2040	msedge.exe	78
PID 2040 wrote to memory of 4976	2040	msedge.exe	78
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 3576	2040	msedge.exe	86
PID 2040 wrote to memory of 2092	2040	msedge.exe	87
PID 2040 wrote to memory of 2092	2040	msedge.exe	87
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88
PID 2040 wrote to memory of 4840	2040	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://us2.concursolutions.com/twPopup/popup_OnLineCheckIn.asp?carrierRecLoc=IPUYIC&carrierCode=AA&firstName=Homer+Ray&lastName=Locklear&deptDate=1%2f23%2f2024+1%3a32%3a00+PM&deptAirp=RDU&carrierName=American&lanCode=en&contCheckinId=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc236446f8,0x7ffc23644708,0x7ffc23644718
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11369563204678895234,6015497417339153604,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
778ed5f9957dd2c316b3e6c51ee09e42

SHA1
caa55435fb548264588b2213476966d60a986995

SHA256
78bde6e248341640e3a456b51c99f7e9c3ebe41686f2208d7205a34d67fd5b9f

SHA512
aadfa3cbf4955d0e0cf8531c07c2d78b7f84b77568db0dd42135c8a5e65761891f5cbc847b5e039e3394691c7e44359e76612fd23f2e570df70d15496af615fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8814356824fdbdb3f04b5b787149aebd

SHA1
3b6d81055f986e72588f7bb3840ddbe688548c5c

SHA256
6bd20da88748306d94a3ec8a7dd05739c2052fb3619fca56c6b154ea2a960bb5

SHA512
22f8c7c5f35844d97c69a99d91fe2c01f0cb2d41bbabe77b4ede3ce6c983f8fe2cd86c14b3bbc6c36db110d5bd11283888314dd1bf60ad61e9dcce776158f239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52a7acb2baedfd2b9da7932868a8c96c

SHA1
f29663c5de1513760a8c1f241ae4993c05cd91de

SHA256
d6d8904bc91bee491a6f1ff18dfe808ac061365e7a93df48647ec89a991ab48e

SHA512
02241a4b2f1624ec0b00ac77c956174873f007209b798005d616d3ad29eefc2632d2ec53f17f4e0f2b30e812d1f3bd6385df3ef438e2a975b075b39c0ab0a4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8012b10ac8a1dceedf1a25e98583e24e

SHA1
bf56bb804665b18102f0a3a1abb6aa1d96e3582d

SHA256
3b834595ec895da01974503aaf04db965aca0d57eb5f30e6b500327ab677ccbc

SHA512
5d2e00a84e2dce65a2a9c19d905a8e45873ad2488578fcb4ad5f03b8257e75adc9066102005b1d10821ebed65795a2d5d4e54b15da6a2a045441dffe4e9e6fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ef8f7c839ecb225a21fd8755b8253fa

SHA1
d1d817bcd00c5da1c8dc739ae972410eb24a71d8

SHA256
c2ae5d3371b933d7f024007d7f1911683dea3371e34c78d8fec307183eab549b

SHA512
546b34e56cd94af4c65f2475c0abf65b44cd722c51de1ca44b6b5b8dea4fe7db7404bd60b408012dcd3765121e20941424cbb1bb30dc58f3bbaeb4f9042cc347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00a64d7efacf51840cf2ff0caa2cc163

SHA1
86184dbb47635db4091a41705b2bf64006e0ffdc

SHA256
7ec24038f6f3683d6b37038ba3eb95b8f14b665f9281915de746c6c65bea4614

SHA512
df125af9199fdddbc3f069a6123d502dad379bbbd2d3e126fac1494aaa20e1d3fe9bf894020e20b5e9f5d01296ed6058ef3a8d7ec6323e4e57d88cc635dd2c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b82a955c83bd06c523ea65a1c9cb1811

SHA1
a9097659775f858634f99918c53441b03850e7b8

SHA256
1307990c7d91a32d60acf0d975019a1b94fe73f8fa7dac03afc1dcf9150535b6

SHA512
8577418ba3dd92d85c548970e24ec8a7a75a1b2350d7ba53d5a88bfb2aaf966670bae027861c22163bf7bc8da85d999fe94ca4711598ee4d39255b10e4c66895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6680354d33e794b0d5d5063a9545e6c5

SHA1
17908e14880792f1312609fa9b3b968b17c40429

SHA256
6edbcd117634c91fe57a993f904992987c7be3bdbea9de8e1ed4707dcef862f8

SHA512
47e06c4b886e840f413aa6e06f0815dcd2d19541db038a12409edf4535c3620a62c6fffb3354c19b222ac081ca8ea3b1e2b0d704ff0bf78060a9e852e3d51058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44b60c288363832bab6462c34637f361

SHA1
65710de26ae7122407d82f3be3aec14e06b5faa9

SHA256
dde52ffca66a55200f3214c64a7010f7cc8f2786f93d2d5828016814203cba60

SHA512
433448460a20857ebd2900db77e21e64e00c324f1ba8c9cd5c4c5f493c9e77574c8cf2cf5b4d960114592c1dd4f2d9b8d1870aa0b24b0e88a81da4e728837a81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d5ed.TMP

Filesize
1KB

MD5
a65b661bb91740f623cbd7c01f4b31d6

SHA1
94af6e87beb87c3f1fad707c5f05c09b548ea4ba

SHA256
3af4779ec4e95a6c246998711b1e9c7d1117e1e43e0ce1df4c16439624366a4a

SHA512
a0ebcd4144a3281395e43717d41b33bacc9526b199f69f2d0a370856168233d89144745d2d3042dbf3dc18f563de5a7ae323af2425174fa0e740b5b5dc0d0124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f0fe638eacb9b150ef6428c187565244

SHA1
45cafdca25450689fe2fbce458a57f4686980803

SHA256
2bce5b321f887ba3d96fc995d8797998bc5eb4dce0fc921dd26a725268b63aed

SHA512
6f2b6c7e278c4cf788a7272fdd92d0c16fb04306043595325d061f6fce9491be1837184f71f8e227a6b24d9bde4e7c615930c4dcf0beea315337fdf4989ec9da

Download Submit