hxxp://NoEscape[.]exe

max time kernel
960s
max time network
965s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-12-2024 04:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://NoEscape.exe

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
1	camo.githubusercontent.com
37	camo.githubusercontent.com
38	camo.githubusercontent.com
39	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	luajit.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Incognito.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
928	msedge.exe
928	msedge.exe
3292	identity_helper.exe
3292	identity_helper.exe
2556	msedge.exe
2556	msedge.exe
3376	msedge.exe
3376	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 2680	928	msedge.exe	77
PID 928 wrote to memory of 2680	928	msedge.exe	77
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 1356	928	msedge.exe	78
PID 928 wrote to memory of 4560	928	msedge.exe	79
PID 928 wrote to memory of 4560	928	msedge.exe	79
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80
PID 928 wrote to memory of 3408	928	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://NoEscape.exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb9773cb8,0x7ffcb9773cc8,0x7ffcb9773cd8
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,297723334175926930,10560334252723050795,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2984

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1504

C:\Users\Admin\Downloads\Incognito\luajit.exe
"C:\Users\Admin\Downloads\Incognito\luajit.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c31ea9ba07dd9a02bf0bd92245238796

SHA1
d158360e0440a30b88af41a97d92cf3f61cd4580

SHA256
76729c808224ba3e3f697913208f01356c377b52169942434f6f41cdbb7a6e94

SHA512
7c55a582d7749243cd0864aea0302beaba55c4ab6cca956f34fa1a722b1135e39b3a6fa5083893a34cd9335b8ee04f0749e40722962a6c3c5b531cec49bb514b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
872B

MD5
aed8204813ce0ab85bf224718962729d

SHA1
0061ecd85875caba01147b522715ed8aaec46a03

SHA256
22fa107be1947000ae1a3aee8b3df955f24a455fa09155f3be336f2582ad2508

SHA512
208729472ec080aef3e52c888f8ccbcde32e5d9a0dc82f6ca8344947f9eb6da0362cf3159466288bd84dd361a6a3fa175bd059d67fe367849ba372a246b07014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b272dd81b2cbabb94899b23658067b6

SHA1
176f60e67a091147e1895a2c845e55ed8d1d0966

SHA256
6766b40f2ab02cf77c6788be9ce98bd4cfb1486dc35237a7f289444114575522

SHA512
58b48bfaaf394ba37b9d808c05a140611048630665681a67e2204f0df078856ea5e4c5d05ab53893345fa51ac84a2b4f4423bf90561d2b7e4963bbf1b6969f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bfe5ec94f148a4312ae2b1afe97a9e0a

SHA1
f2785b1dba7010bd92d6ff1c37a44093addefe70

SHA256
f0670131851d822e480664c98c94dcc9636ea7c3361d7590491fc2f938c304e0

SHA512
4c6ddabddd3477a8b4ac59c94311528c407dbaae846ff7c7360d293924645e4d20d75e52754c620ce4bcedc3b68944e5ca9c7a2b2e7f9d85129c36009373f243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5975b11939820ce325ac30bb5d0eca92

SHA1
02a6656f4cf8ed8df85603f1ef021e0ae0bb306f

SHA256
66113b539b324e3d1646fce5e02761edc43b29c34779e23e146e1a19bd7df1c7

SHA512
daf15258d21284fcae48a11841e02c900dfd2367e7933437aacc984a5d358f9620c0a74fb19d51a665f7ac204ee0d54649d2ed5685b919c3795faadde029c145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da0f6617b80c0a3f0ed2b019aed8aa8b

SHA1
e5e3683288c5d244eda05aa75dc1e7e608cffac1

SHA256
25b215f622e60b52f9901e6e11e678f7fdde5404922ca32649ed116af7b5ce3f

SHA512
ba0b132340c41698d24fe61f413db573c51d3048a32092df942199050661cb1661d80eb1fc98721cacf562269facd80c9eff4dc5079aa65bbafaa298b18e1335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40ef79a394affa39d235a8a464b1e2e4

SHA1
2c44664f341f10527477333427d7faee95ee281d

SHA256
ac223add23dcfcb2330607fac6c4c282d6390130db279a1f5e78d4610d20933d

SHA512
892de3887110abaa64a1e4306e9f26febf16b55808b8fa04c1091deb84f93a831a857117d7da2927b51b283df943a58933c6cadc40aa8242680043ce0d54fd9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3b0010a257d5e0652cae04c820dafbd

SHA1
60898f8e00f9c6409fc60bc3923daa9995a94026

SHA256
795b7ea1e227dcee9dbf150e279bb9696430c1f99aa9996fd466cff16306b798

SHA512
5b2bd199aba5fddf29ee8db51369496e075cf3dc9c11c56b78ec8d11d6f135660aafcdbed3d6466e0a2e5c141753264d1a8d26cea1c6652a5614c1ad91f52e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580eff.TMP

Filesize
538B

MD5
f6b28c28ece07953130be8ed0a7ee5a5

SHA1
6eb232d2e1cd2f96ec4b5ddee09071701c157bf8

SHA256
40b3755a7896beae93b650a597b26b90ab726847e88c8f298d6a677f1d2d977f

SHA512
4aca2d918dd6985cec6f71a47f7181440976da421c4a7ea7b5708488a52c6eb158b0ad68ac8f8a696e42dc509af56008ff18d670a638ecdfb632eb5ef0abe525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RFe576f92.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
036a33b9eeb624fb7a7a50ca8968f91b

SHA1
08a8b92e1b248471e484066448246404d99b4c16

SHA256
85eaca80d8d0219a629bc17ade2bd37af0f561e32a282749692c3a685719f8c9

SHA512
43aff12f3367bcb9c1b4da13db127bc03620e3f6d3eea9beb44bfcbbd9adf69e9ed0136d2736a0f7249e42d4e4a4066ede08ed073624d2a1afda7861b39d0418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
80fa6e6b2550ac554de37c9a38c3636a

SHA1
e7895989470267f29604d525ad740ee1bdee1052

SHA256
5f195ec5402dc3c12e078229a16a7bfbfc64aaa75f86f93aa3f4048790d3ee4c

SHA512
0c599b9b2cfc7e71770134161455de9a2bdf7deb44705f89efb3361a8221af60397f584f91d3904694948800135c8dfef02d0d4d592bad58cb4952d13bf5e95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
98037a8121468cec4f72515469687dca

SHA1
688748c24360666344ae2333566214d047b7f639

SHA256
2ce8f1363ffcc5fd7a8529a33c84b9f2f0b594f7640f7b5852cf20b8cb009619

SHA512
00dbe10c3c9186cb2a3604cf34e2bf4a4fa50acbd9e680b57be5951edbb49740422c338f692b3a6cd58c8e649b08bd9df78e85d48693c0b682ad5a333be6f4a0

Download Submit
C:\Users\Admin\Downloads\Incognito.zip

Filesize
460KB

MD5
0a6757a13623c4d9840b0aca6c243b52

SHA1
35804c36e9bccc5cac2d406d837fcc9e14060ac7

SHA256
11202449315d0f2edb567c5f5e3e4bd403ae0985574344ea8ddf474c1b1fb440

SHA512
0110dfb0886dcb22b0cc9243f36a1ce60929d00712e31e3eb0e268f9c89d42549ad974377fae8ca0c1919c8b33c1277bdbfe7fb34154f26a5ee0cb7dd9b21e3a

Download Submit
C:\Users\Admin\Downloads\Incognito.zip:Zone.Identifier

Filesize
602B

MD5
69b04783154a8ab063d541654d19ddbb

SHA1
3f795f38580fced322deaf0ad26fc78f82867d93

SHA256
aa04650aad663701a047ee8399386c4ad55e54c8bb8f0b80972ff080fd905cad

SHA512
4490f5af9c611245d26b926fe552a3147425f38383ca443dc114d495a308c5b8afe596fa8581ad5d32cc56aa2eaef1d51f272bb186caa5113eb80fc00328f7d2

Download Submit