47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

Analysis

max time kernel
1754s
max time network
1712s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-03-2024 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NoEscape.zip
Size

616KB
MD5

ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1

9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256

47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512

6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9
SSDEEP

12288:1PQuO1JLx2auoA82iqOxdOc7XPkmpOw6mqc5m937hnTMktj1H:1PVqJx2auYqw7dOw6mql3nNBd

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
196	raw.githubusercontent.com
197	raw.githubusercontent.com

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-609813121-2907144057-1731107329-1000\{B1A7FD2B-14BA-4D31-8F6F-EEAB568F8834}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
2352	msedge.exe
2352	msedge.exe
4792	identity_helper.exe
4792	identity_helper.exe
1648	msedge.exe
1648	msedge.exe
5292	msedge.exe
5292	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4700	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4700	AUDIODG.EXE

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\NoEscape.zip
1⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6113744474153763910,1806456859458624350,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
1⤵
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6113744474153763910,1806456859458624350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
1⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
1⤵
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
1⤵
PID:1140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
1⤵
PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
1⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
1⤵
PID:2684

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
1⤵
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
1⤵
PID:1840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
1⤵
PID:1264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
1⤵
PID:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
1⤵
PID:2540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
1⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 /prefetch:8
1⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5704 /prefetch:8
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
1⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
1⤵
PID:992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
1⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
1⤵
PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
1⤵
PID:4712

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
1⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
1⤵
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6636 /prefetch:8
1⤵
PID:2628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
1⤵
PID:1368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
1⤵
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
1⤵
PID:1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
1⤵
PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3528139546610958244,16053761607207299940,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7352 /prefetch:2
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
213KB

MD5
d8ba4543852ca103a6488900c2712220

SHA1
22d6a6d04e5da9d635a9e0f2f252ab3dd028b8f5

SHA256
3b0bc808c501de138c752c9eb98ddf7a9b41efdde1cd7c9a8e177b990aeceb84

SHA512
75634c80551ae1bccd1ca7252b7fb3fc6a6278e89d002d7fa4b5558c23b7ad24244af57710d4c7ea39a6d3c232d21eb2baf8b0d730af28327159e092597d3a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
31KB

MD5
86868688a93a9e7d2a7440cfa89d6a75

SHA1
1cd50c0e1202ff6356df6155da9db6cd2b20bf62

SHA256
ac0abc6fe28eef9843d51869defae12a8b057a89b208ad7487f326b38fa0ba28

SHA512
7626c4bd23793dcdce94e1d09b3e75990dc47de6a73656b5e8407045d38bdbb3915b0e7f5da619281120408b32ea1a061ac503662001dccbede26872a5ce39c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
33KB

MD5
d4f14f1832674570f4c1a0dcba5effb8

SHA1
c88d0645322a284dab4a59454c0c334a37c5282b

SHA256
0a000ed15411a6bd5abb9db882c89aff6c6a4962150f5c48272233ddc26fbc38

SHA512
fdc9f3bc917789e2ffd708429dea73d061c064f0b8622415fb7af3ac857fb5666faf4573bd77e4fcd80d819d07780423c6d08e4d15c9ae188983e2e4d6c946c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
23KB

MD5
a1b595bb56b9135ab9ead042e46c8cbb

SHA1
77806028b6fd8d7e02df1aff783c0e36b8382e8f

SHA256
d1ff16b08bc2b3414f826114a773c32ee6eb320a7ffc6d02ae01432501343fd6

SHA512
0488a475abcd5c1edf32b250e658eaaf6867eff7c2b9ceb0eec0ebe6e7f578a41adffc0efeca5c858a2087775daa4319fe1367a20d2794f96367a9ee1ac2f8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
18KB

MD5
340740943de1f6d843195799973dc8ac

SHA1
66d9daefe54ec43d9416c9d83317a2565498fb27

SHA256
da64d324634817b31ce787b26e96ab128021c3b6026877fd71142d44a9c63b45

SHA512
5fcff0c8b3bbd18d783f3f77058945ec687f1a2caa723459d22e9b4da5fd630d1c21505b949308bac1c93a7f5b1228358ad6a34c442eb65bcfb167b72bcbc206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
37KB

MD5
818d841c3b5717ab6e694f90e0683f58

SHA1
f965da7352832458853838a76e26a862e23ab45b

SHA256
72561334c2f8af0bca56af5d2e9f2c1523122ba89fb63a5b43a722e9c3f89b1b

SHA512
846465103151d6d086d9bebabddb778e443292d4ff892bfb5a22227c6cf12199b7d2a036cc41d0127df69a14b31c82060c431ca3dcb32595cc988f884812c15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
109KB

MD5
4546d5909bc4478e579e6142ce04a710

SHA1
d2fa21518d3600595895578572fda83400d0f0b5

SHA256
efdcbe7266b971e9d74b64f4a1d09bb44fa8faa8f4883bc1143127e29eed4a77

SHA512
a63e8e26d4b1ba605dfd9535b909ebe751b506381d0283cc31207e0288f7f71521550ad4552d75e8bfba65c551f82b6c2fbe5858ad7302cb5af1460e9ffe1725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
27KB

MD5
c39c1edc068dde484098bc90d17c049c

SHA1
ac1b35751f5c07e92bdcabd963397e30f786a7bb

SHA256
17bc62d19d9e2b028919bb8f95a2a0dd13d73042467ced5fb53c15c65906b991

SHA512
78a02504c7c6181decad66ffcc3af907542c86d5ee3cd399dad04cdcb5c965b676c8b444147e643e4b980ad46550faebba4b446f67e49cee2605451eedae854a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
34KB

MD5
367d6749aabc56bcfd8fe6f68e8ec07f

SHA1
94603bfd837a6cc48b0b413d97e6c21294139f01

SHA256
aba7125a597cbea4846b275de47b9e35fb42202d217c321ad861b09d3b831b5b

SHA512
737b43474c49d945fcc767a082ae79734333de55374c35825993539376577af76175a966e633b8224b4ede6a42738f3298e5c42d7a307f37897857c7c65842c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
16KB

MD5
c559d89c8e622abdab13514130b6e99a

SHA1
7c6747e351bf1b9ad0ac1781674bb95938db5ef8

SHA256
146572fb2f457e99ceb67a6460d02e4c8c3e80909a5c85e612d597f06876d6a1

SHA512
f3a9a8bc88cc59c7f22e04002dffa9aec8b5c5622d465ca00e66f09186f22f5aaa6d0fcddb11ec404609451a1397611fa36b20faa24c91e700ababe54bbf72f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
19KB

MD5
b1aa82ce4057dd6769fbe39e29e2c9a5

SHA1
1faa84c0920212d1d5a679ddbfb75dc171a2a08d

SHA256
f073221e35ca29808812bd218d2cad606e5a72ceee9343cd1265f1f7c343b7b3

SHA512
d746ad123e6f804d463ab4690d7b8f39faa7fc62a64e5cc1eb9a4050c62599c014b817c99d359c47064ecedb429638bbb822675f773568c251ece6f5c05e0831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
55KB

MD5
f1949291908ed72cda92676e03144dad

SHA1
84070cd4fe0cd1d4233a75f0825faa6a3ef97583

SHA256
4ee3db15e1d1e4757ae1de60c2b7b58b3f60d71f34e61326218f0cbeea2c36bf

SHA512
27b4983c375db132ec2d37ada23f4781f939a7bc6007b65c190b4d1ae8a4d3da1fd18af977c4a4e0b6322cda38892d4e83c9e1eb2fd0a5924d341ff8ddabbbff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
34KB

MD5
d35e21f0f732388b2fed3bb182693e4a

SHA1
7c3121d00597972fd2617667eb7a30c12b113fd9

SHA256
6cd315cf8e7ec9601fe5d287f2a4392e41cd4fb91a98c1f2ec11c64045361abe

SHA512
335addb1a70631fe0ce9c74cd55938f9a1e0aeaf2b1123197a94a3edca98cbb70b9d4c0765b76eea4ba90aa12030577cd704c4a8b78a24c69b7aace7e89b92af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
138KB

MD5
02b89aefea7029c9db111f5b093a7210

SHA1
45e7d54a3445afd5b5264843216707665c6b1d0c

SHA256
e71f436535e573627a642a4c3a4d5456bf99161eb155462d386f510a4fcd5603

SHA512
d3ea8065a1df553faa55af69e9f8d94c5d00623263e023c358d0768ec4ad20797a6f65faed857dcad3b89ffa9d4ba9027eaf9671e3089ccefb12667b9a18999b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
138KB

MD5
530b2a1e272229385d8ef8198fd5b383

SHA1
63025e70bf61bdee3aa1515f0fbcd4326da49c78

SHA256
3c7ba62b736e79bb7325a2216ba699a3ff1dd5f4a201b8d45410d3503c60e5d6

SHA512
2a196a1792c865dc982994db000c9584e5d44345a240f5b9d2874e924a95e068e0f425add5da479775d60e7640f189fdb4a99d9d681e05f229977414961c4040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
20351f1175e9a8173ec76331a75f7b3e

SHA1
84dd410e6669771cf56f79919337cbfd53fbbd1e

SHA256
d274fbdb9280b1edf7c986d9c3514f43a6a151a0eb393c0599860ba05de3fea0

SHA512
7d86d3d531083a6f3fe02c1fec8d6a9d6fc4d7f35bef9dad3fd54c525b05d11d4794883f95a87d835fb4e359594950e30896b278fd0e6436065ca4b41c06680b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
13bb89e5476d609f60c8f20b6cfdb907

SHA1
e8b02049a2d67e9b3d4ca679b2b4e2eb3a966a3f

SHA256
e4d23f8a26c12d18090122dd11a7657447c5319049ecc6346225818eb760b9dd

SHA512
79fd848b5ff4dbff39362e1eb8136765f3cafe1de09071bc688a848f1e5e6765b585d9005830429e3f058f08d3ae1130c3a0d056a9f33c4a8b97a6760fb8b7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
7501247dfed651367811447b4046a7fc

SHA1
2ac5af7416af784a07566ab76ec53a75c819278d

SHA256
ec02c6f536f610bf17a8d714e33f0e5c1c816df61ab32070c8a2cf2e25a5f2b1

SHA512
dc544208f3ade27425d3f2fcfa9266a9ee0b62bc9d509509d058d4e6539f8ab133bd5d383010481927e1c9843b13a9e7ff404ccd9b9c668c6beda0d1ff917163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
6d8e3d1c13029ef5b7f68590b367eeba

SHA1
c6ef1236a323d4378bf92b41bbaf9623c604d7d9

SHA256
2cfe99501b696e21de2cfccc4d6392223a1811baf6afa3a5648ddd8a03991697

SHA512
9207a2cd71d226774cbaae48dd33981ddc755dcc0520d32a6e22d15b56ca6522b9a04a7661af44e9020f0c9db1ecf37a24d2791d1ea172a2036f1bc4bdd61195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a535a8301ced435451108d16b4ddfc61

SHA1
be3369f9c88a72053862e16c5506db78900b4a7a

SHA256
1081b7abafdea6a321f49475275b8d3aea63958b8ab19bad9001a145ff522253

SHA512
ec73c81c58cffa43f947fcfe5a2f5c785bd3c5d154459fea6f0176d21af61af0fc12ffb7f01839a048994fe1525f42da1154d85a455dc2c22e2fa06bfa9c6930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
232f8c5b0bbb3199ae8c7f450a695b58

SHA1
881d8975bc721e868159b48b5237d5c43c69351c

SHA256
f4ed3c410ea15d3f8eb9e46e04cfaef5cfdc02f3c28a323a8f2c995995befbd2

SHA512
fe4879a3d7e5800535566be5be48ad201f0457a071261f2392ac844bcb68726482bf5e6bac22d4b290dff12c4f064c0684bd8834e26468c0bea3e2f7d17ca3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f898b0a27581a9fd7931a0f806327eb1

SHA1
5473701482fac132f40f1ff3743a95665ac6d482

SHA256
3934357f84be1dd2a4d5e4973a17d5b319be29093b72b496ca27e3b8b6b8b01d

SHA512
0560a0099773c557ebe4477d0020275c81bea9d87f86cebdfde59cb38ee49bef8f55cc5322b38a9414fae799b92a65f7edee9f571a459006859d208de550dc8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b9883c535254b4bbe81c68457d4fb9a

SHA1
571658fbec030b805e3cdaf91800b275ce324111

SHA256
0b09284d0d3ae58dfed3417fc7f216c697e5786defefc40d87320284639b3504

SHA512
e8093ca3d0eded77f775a4cff9092da300ed65aadfe93c482efa63fe015e8bfd2757920419380e3d9e3b016e9e2cbd0ba67f9bcbd6f9bcf5a033dc813851b14e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0c1857e04b682e9d1dbe615536afc118

SHA1
4c31471d6bceaf5545cde44eb83afc143bf03391

SHA256
97daa281f9e9e9da34556cd32f3d6dd62956a6a40e09ae3b762bbf17f4c01fee

SHA512
d0cc25931ae1fbc495a1633dd2e119802ed5267e0b88f6fca297fcd61a77bd038bc43996db62e8d595e538e967b64dcdaf2e425d3a4c1f6cbe3a73a90ec218d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3a64c449a2965a1efce76fd3a48220d7

SHA1
c78827440be7d005065e0aa3df23d9859d7da905

SHA256
e8110e20338aede267fc3e720d6f42898b4cc0a477cca58a4c52a6ddd94ceeda

SHA512
8af4d08fc01d68c9f2cab02630ea3c7312c1c618565ebe96a7b72e96c61162aa4364c767e9cdde56df2b113f63fcbef1290647d72a281338f68646873fe4cb62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589824.TMP

Filesize
203B

MD5
8f1ad53b4b6561cad368fb5c5f4ebaf2

SHA1
3ec2c92db85d02ad044544a1742d30a904d2bcb0

SHA256
39783499ce432b86483588bdbfd5c0d9e1ec68b881c14109c4b740984ad08e20

SHA512
10fef3fd723fa35449b6f28cbc9bc326707eb094c13e787623eddce90d7cd57880c2be4bfb71e81e222e26f07d22652796fffd4c98e27be26ff1cc03e8162811

Download Submit