hxxps://app[.]joinswoop[.]com/resources

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2023, 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.joinswoop.com/resources

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4388	msedge.exe
4388	msedge.exe
4784	identity_helper.exe
4784	identity_helper.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2584	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2584	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 4872	4388	msedge.exe	42
PID 4388 wrote to memory of 4872	4388	msedge.exe	42
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4568	4388	msedge.exe	87
PID 4388 wrote to memory of 4452	4388	msedge.exe	86
PID 4388 wrote to memory of 4452	4388	msedge.exe	86
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88
PID 4388 wrote to memory of 1500	4388	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.joinswoop.com/resources
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd15b46f8,0x7fffd15b4708,0x7fffd15b4718
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3759907614395242416,5294094610988834083,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:640

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x518
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5b5fa6bb-3447-414a-875e-74902407308a.tmp

Filesize
5KB

MD5
b9c37f9ea94c9d81bea79d61f46c3b4d

SHA1
b14fe45ac568a539920ad81fc73f61bdbd857667

SHA256
1d7f8f1fb8d3c5c907e01625109149d5f9f8e9f325e227c7aef8be87d9eff44f

SHA512
b1e808912adbdd145558ae7f5da0761891613062d74affb41feebe278490d514055a2324c7396185d67ed81b1005336b234332e9a835fedb323eeb7b56c47824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
19869571fb6405e42598795fa4622633

SHA1
ffba9a0a08bbe1a8c61f04bd94ed48f3351dfa00

SHA256
fbbd41ccfcbddf43c21ee6e22aca095afd3f5fb6424f67c4807759759f51bf77

SHA512
b6de94adc0e8846ad181d506db02201f47e4432d3ed058743536940c236d0b697a39e5b6dec559a09db43afc5e71aef5f1345a66fe3a2b4af95265c8b89a8b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
19a35b57624354f0c2cf2999ba7f1bf8

SHA1
6b33b06f1b248dc67fcb535a4f7b07c7d5bede82

SHA256
bc2b8f8ee75ecbe26eb3205ccdcdc1ba93ffaa0ffde00297e462945c7162f043

SHA512
3a0a9cc094eb26715ca402fd25024e2e6050795462593ce66cc397eb1628a85946ad082182772bc5d269abe98e5cd3864287a0c536a9e7552e760ce0d945507c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5540140195b865f294365d523ea794af

SHA1
ad683170434f7fa1f537b805fdeeb29ec3c1cc38

SHA256
f505ffbef7063eb87545c79369d447a05965506fdad368d7477feee8f18ac397

SHA512
71db3f774589f001de0904f9c4b2a19f9944a9de52074d7a386bae9818cf3c01cc436a21e3a5aa4135c96dda8576547501a54a78b42fa3e68edade99ac99398b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2712eddd6f9724b131c9f77224147e3

SHA1
2ad6eace9214d6dc828802eed6ce1fb5417507f1

SHA256
d58e36e10db7e3074af14dd9176bfd4a3c81fa842c637100eb8fb7abf722b9e4

SHA512
8e278d90ad4219283dc8c0a162359aec62f3248e20f68c7e75d54fcdac9cf834cff840b3ebe4e2c2b33bc2a178d33a39a76a1f346170602abb962a990058a5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6aaefb6cecb3fabd7d5e8dedf5e11685

SHA1
e502da48be2ce191993d394d7d1a8e34344e7cc6

SHA256
acec80c574482efcc4d06a1d5b5b02bf0fe90ef11ac0bae03102f1b1c9b66864

SHA512
4097ab6ca086bc408a6d534b3dd5206361b4d4ef9e4b22c979861c64268d2224b55cc34132aa057fefad883793e2cc55a91dae3c904372617fa45e06d1a38c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9eae8c168286d390b711fa6a85aee73d

SHA1
c26f9cdf462c3f97b31ded02560c315046a93447

SHA256
5f45129b8cf3d124ae5e62e8162b7d32fb55bf6e82fb9eb5fe1801ae5626d32e

SHA512
2746c4c0a61041cf5e0329d0e59eb76c98f8bf364622cb390833831c3e91bce55ef00f5d1423150bee880442b1bede4f7857958cfab9563a3b9aa805585480f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9c0190e2f74d52a13ffc7b8e10ad8b16

SHA1
118c39bce464bbe9433699d0743ab33223f42ac4

SHA256
d0cdf9d908fa295fb330d1bd9cc63232de31fb98cdda211725ac338595fe3059

SHA512
85fb7c7af07ea994971720e2ccc9e758e9418010958d9143cdcac75d20cb77437ded2f8fa61ae893bd163bd62c92ae57447d0cbb3f4eba7eb75759ba62da850e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d736.TMP

Filesize
3KB

MD5
2993f5ca7237f5e89ae5af3cdf6979d0

SHA1
2878c1084403e616670475ebea949e5c56651802

SHA256
4c68f55b6d5c8d278c1540aefe649206f18c22163d4cfaf449794b5786d0f394

SHA512
639e12e9e23e7662843ee2c9b360bca091228bdac1c81fd1e8ad501f5eac149e2b6b5fb4dc81f4e041b44976be56d0ac2f04cb8455b63495a6618f8d5c5211ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eb5605d2d7ae3e5eccf05379c5b8f380

SHA1
b7e7b3050b2ad7d7925b200893c3562ac2a7323c

SHA256
b2ba0f699b0ab64872a697c6cd1ed285af65dd3b6156541e9fa17a08d6bb04b2

SHA512
3091115cd1a33d3f002f8dad8c439dcb10978113a47638fdb1566b7613075b7afed6d2e036fc03d1ecd3c8d63682eccd8816fc6f1761a0f4843d9de28bb964f3

Download Submit