hxxp://noescape[.]exe

max time kernel
1007s
max time network
1044s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
24-12-2024 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://noescape.exe

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
4456	msedge.exe
4456	msedge.exe
932	msedge.exe
932	msedge.exe
3084	identity_helper.exe
3084	identity_helper.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4280	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4280	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 4220	4456	msedge.exe	77
PID 4456 wrote to memory of 4220	4456	msedge.exe	77
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 4236	4456	msedge.exe	78
PID 4456 wrote to memory of 3164	4456	msedge.exe	79
PID 4456 wrote to memory of 3164	4456	msedge.exe	79
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80
PID 4456 wrote to memory of 3832	4456	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://noescape.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8fd703cb8,0x7ff8fd703cc8,0x7ff8fd703cd8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15188039909853264193,7982044035623402525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:2556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3adba913-0e17-4cfa-bbf8-6016263616ce.tmp

Filesize
5KB

MD5
25e24b76ecd6b7fe7e2840280eb6db4e

SHA1
c4fa8a9453e3e9f02ed9cd4cffac42a327f2fdd5

SHA256
798e60edbedea222d69135b94047863f3aa6ace05aab46cf33aa85ff16ca708c

SHA512
3ac985fb84c7f5febacff9b272812268b382f614e3319e01f1d534841546bed6db1a882dbbfd9c192dd77ef8dd4d57c5bc3e90dec28cbd1f99578623f79b0b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
16KB

MD5
6c0949d2cafb4b0136e62e83f69aab34

SHA1
e15091c89e7c0e364993d8da0db159f5c143830f

SHA256
201ff0cba3dda97312a40f4c175129cc078beb4a51bf56684713f93cea14485a

SHA512
2d47fdcc9c091b1de9b040d51b4eb0e9ee01b904eafae3d6f284cbe437b955a5a69e5f1705d02efff2ed77c29e876a8a25115bbef26a12fedc3e64a20083ecbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
792KB

MD5
6915d995a699f0ffce93a6c6d6b5ebfe

SHA1
8decc085bc2a520014dad87f6d1b62228ca70bb0

SHA256
83f89dd1fcaa96b69b91b4cfe58df02509b4cd9eb0fc16ca733550dae186138b

SHA512
ed86418298bef0c05c9aac102bc5a781d001ae95e0dfb908873c6f630517a434f91874f39d11f76cfe29104658dad13a7065a2598c71317c921fc5a233cc539b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2a7dfbdf6edc52a5c11ce53d7b74e57a

SHA1
a24f8960ecab457a21470382bfca32754b630883

SHA256
177dfa54a291de10c707f396b13213d6cb19aa04474bfa9f8c817be5cf2e674b

SHA512
6d4669b0ad7c71eefc8099cfa6dbf5a77a3766324bc4b136501f7695f888f2f1ee7cc921a56b30318d294a51b2de1c1f5269bf36e55f43ebf47f4e2e131d2d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
907d75af67813237c86be7ba829f54c7

SHA1
21e6cb8fc548c16ca3f69feb831ba13b20f8ccc3

SHA256
1dcbee782d13c1995a86aeef1506bffbfdceecf554e8d31b9d7d57b8a6b0fb92

SHA512
3f816675a121a173d726d256689b7ab893d37b57cc1480e9dbaeb1a34e80d8832b02e1a3edd500f7c1b1ec657289c286c734e002a7da8a10ffc50b2b6c13fab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1ee03cdfed08e544bf9aa841f7227792

SHA1
97568a5c24f0ddb6402dfe1fb6ed860a0205f818

SHA256
d71a13eb2f9da8b3dc586c101e0380d95c8445afbb204e9c85ac24803ef63260

SHA512
e6ff3eaebf018ea8796e429c8dc8fb3e046c1ae3df8423f75556895ddf45131708286631355c84bced584fc251d6ba7b6ce5f37fc775763371d877676f275610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
83fc81e5371981667faba6e0a56ff091

SHA1
957d5e882b78d142448fc30fc72e817667c43996

SHA256
4df32c5370ff8ed25605db43411ebd92aaf6410b72c56cfd3ee9cee7fa7ad02f

SHA512
af1655ad08eceefbfec255cda61da7ea69b9cf7ccdbf2f6d9a34eef46f19d3e36004a18ad593a58725d67249280ed46fe3a48f78e906061dfa22792510f03929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
41b1001d5b4a338e3b85421bf777614b

SHA1
27de5b48df63f6e82bf9e1bd3976043fca6f7dd4

SHA256
eef003f204ca82578ede917b7b863eafebc10d942a298f3dacaeeae4a4561182

SHA512
71c79d398d6970cacd0c7f0fd8b3896e504889e6e8d41848239d9f9a1924e79f3fb4747327d92f85586b88f799c6d0c83a0d62c9563aef5011acc81b16543eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4f0f1471fe1ba65295eb53f915eb12d6

SHA1
cf2d7457367871d0b46f7bc42019efa1039b92b6

SHA256
efe7840b86e894787de29c1234fe0258b8ec3dd10129f22bdfcf255c04d2d214

SHA512
3ad147cc6d23dbc6c255892796fb6d9f28f3c54d47e0973d51f9ab54251a85e833bf87f167090b858c02eec62187e86820d2ecb13a09d2db99c68ee013a2e8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b0e3ba611b1e5f710484a00afebf7369

SHA1
68d245334ab5fccdd3f09a90d18447710eec7cb1

SHA256
91acade47ed865bce2ae4d56ed87548dc516aaea1e480be8a14dcbcad8dade25

SHA512
aef2fd7f9d1be088b9890f992a665e7113d4fb86e0f6cadab75dc4e267381019a62c5f4756520b98868e30ab0fffec8d643ec01fd9ec64a11ddca54fb690110b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fd56125a74e5a04606cce86e456eb27e

SHA1
a919547fc2dacc65cad2163ab6987a8d8719eddd

SHA256
afbb031486baa8474715b946847179234e39b75ac0b1c4b52b018815e194f63a

SHA512
cbb3b50ec0ca5d4b261d030427fd40c369c430da11a4ba135f2412d52bdc31c2ba47444272749949db9af188d7c91681dbb605d8317a84931b3e54766fb1e97b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
26927efb7a683e6d716f0386f128a08b

SHA1
ad2283153ba4a9517f20e70fea129f2b6ae02497

SHA256
4c11c6ff7f9bdce35d781388b7d5801be2b0b776bf48b3105d896f09265b73d4

SHA512
b1af6b6277b851b7c33a6a69014f08a631ae16da7d73b0b3e5a647257cc7726f9978a21f958c8acef2f1d1feea8ceb29b66a6129432794070848d6ef599ea430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ad4c620367e83d32005b0dc86b4a001

SHA1
8425760e29f7eea2a38390cd7fb58b737e8b8a10

SHA256
b256346ec440641388c8006c870e131f508fcc53e3efa7ce1688c04516ab2926

SHA512
b2dc4d1a685fb3973290b418c9f0dd4933204f90ab3ce927d41b71639bca8a1a7c12cf8bce7033a01dd61c8065fb6412318c5e8fb680410ac4cc603a1ad77cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5c329c2ce428b06063b12a60746ddf1f

SHA1
8f57b1d228ab3809701bd732ee077c970a3084b5

SHA256
e6af49a6b3e817ca0ad966199e1c01b81bdc7128ddeede4ad42cd8384ea408ee

SHA512
a811d4d29abe0dcade6db987324fbc6bed2da8da199786e95e8d71f4c09c5fc43b5101e1bcd39dffc66f8f6afee92ac65e3407fa2ba747e553229972013b9ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
50795fec29eeea6e05783da18148ae45

SHA1
aa4114451c9c9f521fa9163e1cb4bf85aaff144c

SHA256
5b8e29453a43afbbd061f5b4994d944bc7e213cce066dbca67b73b9c8db1293d

SHA512
22d5af32f76293cb7c26b40baa15d6b7f1a35f01739eccfd0b0c72865f69fb54f04718a438907ffe8395a2b45aa1b93a242daa62028daaf5f8c1051833d4064c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fee42320320e93590478c1af506f7b0f

SHA1
3ad67221c004b3b494d22c86136838abf5066ed7

SHA256
4d30b3a9a5b6b21acc02c4a19b0f5f531e3cf122fe4363022a12ff76eb983650

SHA512
1084e952834c14ec9ee5eb373d2bb128692df553d470d01dc114116ba235b8ea0fc3fdf1d274dca3f3b8bb8b8db9c937dfa6d6c2a07d6fa9a4e2c117d4931951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
de4b31b03a99a11971204583e22ad03e

SHA1
bf56d5361fdf6669433190e64ebd90a778b1f9df

SHA256
fd66c1100cdf756b629acdd1b85d701a477622c2d3974f2efed6b33dfe903274

SHA512
fb6ca246f0ef48a5b09ad33ee20a1e63bf1f314f773c2e33126c0c468b0577b3ccc06de5b6dc0c53cf2f1d96ae61f3af7970fb36094e06d8c0a896fcf02b0ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc01447e391d7a8b6962cd9c15ac864b

SHA1
e1f66e6d4c704b7af0426f43c81ef64809443bdf

SHA256
02e3633fff4688910b9a4ee7e38104e89b1c2ec76ec5b75c153ff7f2c392376e

SHA512
631887521356dc39ceb3c33f3ad67634670d07bc2e8823122f1eab52445a9d1d5b0c103173a901dcbdbb55624fb00eba1824286f7d4a7fefd14ced15e0c59edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fb151f46a60509bf3845ad06d0db4341

SHA1
61c959b1ee1f88916482e4f0e51acc141245a7c9

SHA256
9b4ab8f7495aee8545b7be418afbf9e8e68b5874fd16d8f7c2f2cd606d83b46e

SHA512
cded609db59f60124076a6ab4241e2e0721338630c70cbee467b97e45437e3986eacad19c51e2ec05401dc20b59f78b13e9fab30829f238e3696c648d8650047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5876a2.TMP

Filesize
48B

MD5
ebedc613ebed0d8ef707447195f65a00

SHA1
2dcefb92b048f6e2b356bf18e267bac5ea9b5672

SHA256
a97268ec7e718370a2df52c2dfcbf4dbf2e27882afb5ad223cf809a797abe093

SHA512
ea912484efc841ad9c18c62f800e4fd8e5755dc4a3f067fd92b2f3ed857a47879eca39af354f06e8f11d67811131c0ec3fab1469c5f65795cf808a42927273ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
499f0565007148116ee7ab9b848b9f29

SHA1
e48e2c3711e551fc5b8adc856c5ef44303c5fee3

SHA256
75c80d66e92d99050301d878534bcd3c8c5dbd1e68b4110505cb021a56f56783

SHA512
297f8300b9d631b7c04394c8dfbb276caf71ca9b95666b786bd88bd6b2ab219e1d04b082d51c9a6b8595da8f47d116f0652447471469a400fbdc6db83cb43a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6835749484f46a669330472123abaf2d

SHA1
6a6a9d45d87643db85740dd68dd620f5ea0fdead

SHA256
cbb8870c1afde280cac93b7da81c48f734934a0d5de2f82049c1ae48caafc2bb

SHA512
6673ad409733b241027ca0562577c21721cc16359b904ecc10a98ff0c4eb36a9a152e03035fa16dc2d3d8408311b1e6deafaad972b268df89fede1c6dbc8f61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0923975abf724e559430850af10c17ca

SHA1
3b438011793c8a2513e25e3ce06656b0bfcc0831

SHA256
13e265fcee24d9d5733a7dd4a015d6c731016499ff582e76ec646bb1c3a5d09c

SHA512
2a7f7c8640b1be611efd8df6e817da6a456ff025cb92805b50734e12f95d91bcf5f1b99b3b4037b7e95bf65a68c951cd23f0c5aeacef22689b2d48454d5079de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
32d271f55bfea3c89d1c953bfbebed7f

SHA1
6d8c3a84417bbb67364f57c58ce3c429984299c4

SHA256
51973e403442d96d17d09421b1bcda4c94459205923f25ee15ff4827da5af8f5

SHA512
63b8cb9e495e28bf7fdbf8925534cf6a9be0f7a161ba856d34c196c195eb0b45acb7d90abe72db2f09ece4bd16e311c04290a7661f232ca2c867e724c9351689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90972f95e344c6499ce72798278b32bd

SHA1
b06ac0681b4e02d728059798ea766885a0323fc3

SHA256
eba8281efd2b62c218f88fac80e632f408beaafcaef183f78924ad0c8dda3b25

SHA512
71fd707318be6c864ae7e281c42de1ad91bcae44980cea2e6764e86818e39e4b3ebab6de4e0205b2a897781b406f07373d9e952f39ca5e343cf2e742c49e870f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3239b312b55f9a9e2943e6daa4850692

SHA1
9fe46d55ff2433c8a7b2c805a2e5e2b0c6a6c509

SHA256
2963fd12ac25a3647872523c0e1de50d46444bfb0ac6594cd75c0a8c4158f080

SHA512
5b9088223c92925ca1abf8709258f2106095a9c3d2c907c864b79ade474f178959447fb2a86038f49838b497b78c4d69be9262eda889c631c4b27f51ee4e2ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa8e81bd3353cbaee60e2e2f29fe3fac

SHA1
da5cbbfafb869299ffbfac31a5d13869b4605040

SHA256
8153c47e8e7f0e0aeafdb1c3db8674b10428153fbed03eb07b1d5282dc4f24b3

SHA512
1f5cc95ee70808009cda6d5dbc36b5cf6836a8e4457f36b6291594bb5f728041622d047342f9672f0330ba6ac386c2342cb515b26bb425333ffdcca43da28dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a8ce.TMP

Filesize
537B

MD5
94706e2703c2db2426c6490fe4061f01

SHA1
776a534daff28d1c16ed027fb3669d5e38ff0a55

SHA256
5e8a49db80a73465e7245acebd10f1cf3cfb86acd04feada50bda949b09e8732

SHA512
a4cf3055f09ecf6de6d9ced9a596832cb1bc68c273199e60cbf8712bd1a110097724c16de2c495ed8a7a315e18889aad542cfad41a5da3ec5ad916e4255dd64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2b0fdbf37405cc02869e0b0b5e488092

SHA1
1630eae68ee9a0f913d9d98c494f8c9ba8ecf731

SHA256
0b6a93765c9b1de6de57d95b6849bb39f48800a0996fc4104c31a548c817ad90

SHA512
83be6740d9dfa63f2e6af489cbca5affbc13751799651c87c536df06957b8095cde3e1f295bf8da1b6bce1cd4128c73688660e275a73360dccf3f60b24ecb651

Download Submit