hxxp://noescape[.]exe

max time kernel
900s
max time network
442s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
24-12-2024 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://noescape.exe

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4352	msedge.exe
4352	msedge.exe
3096	msedge.exe
3096	msedge.exe
4580	identity_helper.exe
4580	identity_helper.exe
4220	msedge.exe
4220	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1968	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1968	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 5012	3096	msedge.exe	77
PID 3096 wrote to memory of 5012	3096	msedge.exe	77
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 3964	3096	msedge.exe	78
PID 3096 wrote to memory of 4352	3096	msedge.exe	79
PID 3096 wrote to memory of 4352	3096	msedge.exe	79
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80
PID 3096 wrote to memory of 3380	3096	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://noescape.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff84baa3cb8,0x7ff84baa3cc8,0x7ff84baa3cd8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1648 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,16954538540963764859,2486359048351578863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1968

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0fac918d-4b37-403f-af6c-d37fbded13b4.tmp

Filesize
5KB

MD5
777b28d2e637c56014e057ca6d5f27b9

SHA1
15eb8daab5d9e576e480e0cafc5bbcf153fb2971

SHA256
bd8f97deda7779d405d712f3d711ea24512e0c4fecbf573c57dba71ca76ab63f

SHA512
06f6d51b34659c5e5d9dced588825265b285337964419004adc4d89d08d7471d4197d790c0f305a1588ab65f40bfbd8c007f2b4aa76f9705ed4549c7ae3c0871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
27KB

MD5
0dd3e79cbf1483610fa1ac438d0fb607

SHA1
772a1c6a1b4c50a727990cc53a46ec3ac3755ad5

SHA256
2752a0e9312cabae43b766907c81739f1b7b357d4b4410e8bc85734985473df5

SHA512
dc6c0278286c01db86dfe581c968e8c71737ddf1f6dfa4dae01e4f9dca68f330e13ce5abb988176ba42513c6cc3f7b6b003a670778881d69d41bf744b2067b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
65KB

MD5
4e035d4419924345da63c874ba6f534b

SHA1
3d163ded0e3ad03ad25dbc00eab646e66850645a

SHA256
f7e0f5593818363eb354bd153649a8c5e364b55d94596c5493b367271988b132

SHA512
6ca7db61c39c7a7a1b061170f024c5b8adadf402df7c3d722db9b7a1fa4109cb4401944d8661aa9436917d5513390bd4ea4d69124fdd44d770f914b45e056cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
86KB

MD5
60f3c021b7af2d8810d89890abb2a781

SHA1
ba42bf4652c508a7131e100ac310c5c9aeb53804

SHA256
89999999cf0a8f5cea9331f26c67b3786cc62aeddc56c7ffa26e5dd59253a12d

SHA512
4e511e5440a5a24dedde49e7fa31d4f8d1d1f6e55bce93500bf808af3d66ad2223a4d83e6e265e56558ebbc60fa3197b0a6b953596b997a5ea1658732c241fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
105KB

MD5
b8091057d2ebd916f9f920d7b78cebfe

SHA1
5d69814c583863d2bbc9c2cc0ba74983fefa5dfb

SHA256
8955be15c93c02189a3c3e6b28a3df142fa54e8733eaed52f4a984619fae48fb

SHA512
8c532af477ab68d229ab13b34e562e97e1b893fa4a46b51f500f8ea15a4af40375d17a17d4bff10150fbdc6e10494d74cc71894a556bebc50cb423a6340c6c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
20KB

MD5
29be3f4c1685374185295c0577a0fbc4

SHA1
c720338b90479756d89c4c0bd6e1b2c126e741e2

SHA256
84234bc202cd90772c3dad4cca1b2e1330d811546ed6574be8a6dd8706356d80

SHA512
6c8e59a0453b5ea2dfb99dae65a114d5b05e28428fc0b8d0012ed155115137f5f54abb232f7efae0e5c7c9775e7c5e3373c2f582b59c62625206445f1f5d9894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
296KB

MD5
5ec4a79890203ddc7f9e6a31047b9841

SHA1
c3ffa7eb1ebf2de06aa6d0b01d28f0f32302a7f0

SHA256
a9dee2da1fe0c1708a42846e70820267704d3fe9165a5dbe80500bd5add2e169

SHA512
e429575b924f03318d9df3b393ab7da95bb37b9019a597e40e3574fe2760b544e9b48b46e92d7c1aedb3c4fbfa9650b9e15871f4dd2be2f66880035c11029b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c

Filesize
16KB

MD5
58f71c674137e8bf3a6bb235543f9a25

SHA1
25bb35856195547563a346dc786a5ab8778d451c

SHA256
860b9234e2b53eec4228be7c877bff6086be3f2cdf69b950b77a249f13139afa

SHA512
773865307ab4c93fd55b12f064fea7ac29524dcbd5a2401946e19800bedea2dd4a88c2c982f799f770b910e336491252df7ab582e383d2f5c5862d71901e40ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e28a7f7d7c9e4237f43e5d2496161388

SHA1
4149849c040b1e70e8b5977bf5dac90f08a094e1

SHA256
e31c19f54f62c2d3b01a3c5361221c475ef530e82c824849c954c045aeab5e72

SHA512
bb00e190bc4ece6a3fdeb16b992eec6831bf6bfd89d4a273dc89dfc7b4df8a44a7c7195ee7ee97b72e078377d449be062e1065e60f27622294d8670558ac697d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
442ff368d1d174a943433f60eb96c239

SHA1
e87491feec2cbc6caa8a606dba9213447c92afab

SHA256
3503fdee71283d6ced0b893311ebb769b0ce8d8b8240d15dacd52154869241de

SHA512
07585dc8648bc4e503c46de7451ba1eaa993d746a0914700e2546e7bcb8ce6468120d862c496f7ebdaecd7fabf147213f28103f4ff93b478880b58ebfa453fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
6792990bac5777a5b253a1fcf45393ae

SHA1
b75f0522282cdd0423a276ac15fee0b5d8302903

SHA256
bfa50516f7df4f303430e4cf29f2ff0979bdb0b907010bd9b3b1095cf83ffabd

SHA512
bb4ad07efbb28d0f72d6f3d3c4ecbe87532b39cccae67f6bb4dfc96dc1587ae2fe5c9e740ad4baea412228ef92306d2fe641574094c7c75dbdff97102bcf5b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f05be2a9bea283188f18a91c3bd908a6

SHA1
e4adc8875f4478f96a0d9ad7c0b5408153096e29

SHA256
63fa3818d8066614406d79f8b63251726a13fe796eb7e47eb6d97d01d93f6a0d

SHA512
959b3e1792cf8c29265d7201a6e4f8082b8cfe4823073be873aa9332d17c36ed2e4ca414622e453aba50b6c6ccd5444a29690443a14cdfc95428840620e0bec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3480782292079132b07252adba77a050

SHA1
8d264a834c08a97afb31cd038411b9f38d874231

SHA256
6be06ace74ff21234978c02a84091eb40873f051995cf8f2a5b8b2fb5ab4cddf

SHA512
62e4d951121aecf634405d8504d77812d67468274bc1092f5b2865f65c39ed6c2bf26e8d95bb06ad557728eddef74c49e1e37b58c9f5bd9781ec71bcb0e24198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
39accb4542e1f997ba881ffd01314053

SHA1
1d08619538caf1fd969cf198e693be5e8e1437ed

SHA256
c6fc75ed96f651e7c8eb8d0d66aef8b85759f3dba91f878539abefd6ab8da6d4

SHA512
0777d06ccad8e664143a0b1669798d2203e9b415e01b32c8d71dd207ca8596178f18da4f18691b6ee0d204b4b93fef8d5fa6c8001a1db52f5aa94889c016c895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0db1861005f73c41a94ead87abc898bd

SHA1
cdf6ee8eb3042e08ebcec7c1a064ac33084101dd

SHA256
b7591e6757c3e8de24dea345304c36d54500bb73cd1995f7900a83c517d0eafe

SHA512
6a703d5c6da0bf14c069168bb0e7a494f0feaf727cc123daf80665e262e0e360d2d3d30562d2123fd868b7ec5af6e1f3e6b268976197ddfd00e90057eea363f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e3be156585d1ae8d168dd14137a072d4

SHA1
ec74521e3bc214506389f4706da4223f5810c446

SHA256
3b1cdf971c0de37b379e123f9266ddb440063f8051c42cedd87625d76a6d315d

SHA512
8dec03acd53c7360af584071bea18a9ae1b8af545ed79c959fa8b463f4c2c17301f93d84d459e1a3d7bcc5e0549d256086faf6d7cd17c43e473e99014f6c8795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65694876aae3a77f42e3bf2fd86a36c5

SHA1
3ccd97b9b2059219023ca4f5fbfc7c05a9638118

SHA256
143b44f4e4881785dfd9dd869f912cacf1447cf9080456366c414265cdf9adfe

SHA512
68c04365fba0684590b5dfe7aaa4699c698cab4fc830af5410dbf68b06e079ebfc177fa9f30d9ac5d7e57373812d9750c7a985f65be0db6154040598ba2a2886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6837228924e532f1d3fd521ec0d370c2

SHA1
e2a999ee96358c377a50511eaad49dd1819ed61e

SHA256
94f2b58c74adab2de0cc4d02521c6140128924e9192513d1bbfb9f44614aadc3

SHA512
a845b0cf395ffd3f113da7d77f09c5af90d1f1076a2a3363b1d153ac67a33c14574576db86df0085d9c6f5da44e22c801b034651cba24743bd8b527488b019f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9109932d7b9b8fb54249fff7ccc8267a

SHA1
08b0735faae603bba33989c89fafee299e993d3f

SHA256
b017dcebbb276052b8b51c003faa7df157b1a55f5ea8f3aa12d9b18351f050f6

SHA512
76ddf1e811475f22fdeac1c1a7dc1df45401cf91e5f8633b210a8beadda8a4766e95006cc5cfc9c044d1f6b79f81b870986b5e969e4a3f15deca149e120412fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ffd6ffdaabf7a5c1e74dcdbdb41e580

SHA1
7061b1ddd31b4c20c28eb28637ba8155804d834e

SHA256
79c99057e102baff135b8544e6b2080ee2fa63d4bb7d196d5a3126507fcab047

SHA512
d563747d246ffce053cf44b0ab42c53edbc555c0d7b10f2ebe321362ee2c39ed2dab16e48dc3d1516cfbf641835c7285e5a9ad483d697d796803a8c16fc4e088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16d8260796142d1caa60f34f9d33fb44

SHA1
4f5a40f610932cbfa492fe001bcdb988383a6308

SHA256
918276507c0ca419585c5d8ea8681f9c0d94dc89ab717c6801034449939001b9

SHA512
2b5ee5cf65ea7c980f6d266bb6bde599f01b9f1b287d3429487161f50edd591b53e96988aefba0f20577d0916b360d6904f4cd98f838ab977aecab64cc0d82e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
82502ce9ff4013a596ba7c59fb425f5a

SHA1
4169a7be32f2126f57e7780676ade73c2e0cd0fa

SHA256
7a7d0ac69ea220e3703fcb8005a045106ec4a360daa0019f95f794b2c971b9e3

SHA512
f05913b220940a4863b1a745a754bb81271493f32659cc7fb2114fa60e6298e14be04989e072630d102fcfa82333bbc0a70bb2e9568e6ee9b8727d8524e64b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d57de77a80636d23bdd9fc9f6523fff

SHA1
3a087581c0177f2994096ea42d9024c6f3458be0

SHA256
6a0b7b70d8b85eb7e6ad5ec148b5143256ba3c78a34d647e2ce0765c4f70ac9d

SHA512
09de095543092ff39e03a6b4ed333a461835792517d960df0eb85b433d492f498dbd303b456425f00ac8f2c3535a033e0691825fc0d00023d7a10dafe117d14a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1705bcede9b0538c1e2902a0b7b4c07

SHA1
3bfcbfbc8043068f56a4114d8b2017bbc147cbfd

SHA256
c9ff920d6022743d05eba0637259661da33f8fd32205505b84271df8defe9a4d

SHA512
77ae9bc6fcb8e68cef161127fe570c5c7142c7aa78d469dd68f97f2a61e66c77fc978c3c9e1571c4fbde26f9828c80b451479744d44f6e6211845493daeed3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
ee0b5a299b85bd63103bb272409c84e3

SHA1
df43e45118ba48c5a6a2a00aaa8cc6e6905fa6ef

SHA256
07d97f29d46f4c40a4951790b46430b878587006b3e448b8d8dd1057f0e99a7d

SHA512
2899ee69315ff3d01361197a7e3920fa498939d9ab9a2fd1f65b52c208b78814bc982c0006ee4131679b0662fe714288173de88253229f7765e8312c1fa29c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
dd3ec03c54e1478b3afd810cc16fce1a

SHA1
24acaad64f026efbb35ce9739ac599a5d2d28294

SHA256
d303206638da8b67a5b173996cb88d659d03f0c31cd21963fff75744b3eeaeba

SHA512
599eefbf2718b87701c76af34ec838b22bb6621da79862ed845ab6e9b7eb930080d54d3225875f03318eeb2ddf631489a21cb73ff1e5a7fafe75ccfbe7a5eed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
202086c5344aab76e16802e212008634

SHA1
87fcc14c3a05e1632ba0605bb6bda4ceb115a0a4

SHA256
5424f43d066e28e732689d9c9e1840e8fea8b5fc2588d65625b2ecf860b1e7bd

SHA512
4ebe310af7c41f150ead75cce21ee7b6341a2efe1019ca83bada8179da6912d5c5a641a9c7f54684499558ec88b1ce3b733aff302e072848482e204495755e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c5cf1635edd39e621fafb96ee565f716

SHA1
21b8ebda9ce52299e5fb1406d7ef0e62dd857ba8

SHA256
46599a19da9ad041f4d2f75c0c50db5fb428e8c9178af75e141826d55a4dcbd7

SHA512
c094dab5b690bc197645f5f26bc9453c7c273fc5b306fe225745a74516aae154069165325b29d06041c65672ae122711fd09eb9631e94ee0d4fe25de9ad4475a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ec63.TMP

Filesize
48B

MD5
15f4882a4be6d9ab1c47f47ad6457037

SHA1
2476f75449689fc8ec446b76481a52e8bebf323c

SHA256
768662cfa0c8a6a611df6bf1b108680f45826479a2d7780a10065fccea2bfc12

SHA512
06c6fc926ade306475e791c4050f8a75f58680de4b2b811c82f9a06981c9a81971ae91836f4a4d793fb65f290a46414bf017a7c213294eecf95a1d320b3db4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
05fbf0b9ea7947236d505077eecea7b7

SHA1
d7e51345518037f51d2df168b096cd834d32c780

SHA256
bd1a4722f7713bdefbdb99364cfde5adc8b7876cbd0026dce6029ddafa2a1c09

SHA512
3761801a46854d73993a4a02d24309e337ffd41791adc1f22bdb9666aba0ad4900da56df4d14547698b873f2db03a8227bc8447f043f7e28875edaa270c866c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b6fbfab3384aebcfd777d15d5b8b8f6

SHA1
fca3d015e697999ca03bb39a113c81f46e98a85e

SHA256
ab125edcbe6978a95b9234fd15018bdf16398566d3e80aeb9af72ffa654e4d62

SHA512
de6ea0c6379ef6716d3b035273d37cbc12c29c4ae374923cb7e92422359a6fdad5b6be772d199bd59c9b88a00965ea810e5c994a8badd6bac2c575db6b33a7eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2b5958ce2d58100160683406dd700a4

SHA1
b5f6ec5049f32274ffc4d47fc3e04e2527f29124

SHA256
3211ede807771b8338271cec0513024c34cad3b411d78f7f2d0a062391a9f9bc

SHA512
3d09c38d774ffac455dc690a5ad1b527b407998ff234e6a9963ba6b8c4fff1e6e798f29ed52c04a63c6906c90e2fec2b255ce28bfd9fc94ee6123d9ec5190a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f757b5a428a9be345f519f60c0830a16

SHA1
b0a0872e21fe14b6244f5ba2322a3f5e36649955

SHA256
37df2934623ddfa2f7da878a23583008206bba8f83df0d2a6866695923dbcd29

SHA512
a41cbaa975c3d15a9fa06dca31aff92f8359bc785bb1ae43d528463a4d91adf9294ee11c860f7cc14b12b0473b236f7042680017146ccccbc8cd4261b5032047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eeec5a161715a66850a33aa9d9bbbc61

SHA1
5abd9d24bb3515861923f2b2139459c90cf4b58c

SHA256
f30d4082fe8aa149f4c3dbce4d0a837cdfab17ff31496f117c551ff1368f5a08

SHA512
8fbde4123194201f1bba6f9df9f21251c0b3f196f87925ffa493589f2c6c153b6d351046d30022ea04e7156879d8452bd25ec2eb9c13a412e91048302efdc2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
b032d8b1381bf667be990e37f26ff21b

SHA1
c9de4bd9618ca2cfed24874210f938fadde568a1

SHA256
9955c47ed117ede03d7ff1770d3c16bdb4e9180ea43fe4254cce8af2e13c4df4

SHA512
0a44391e2dd1f10f7ede88d65ab052d74f24bba42a74335923f5d322f55b6228b8a62543a771e6cf03c7c16b32d80239cd82553b39ba96bfb2b8ded4a9e706b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d32c075556e7d234b0a073bb917c40d

SHA1
5a3c5bb991544264ebcfeb5d70f50ba755c8bc19

SHA256
c39451b9b5b1e388ef18c56f53e71d80547451473208e29b48d926feb7731bf0

SHA512
6e9379fcbd8018d2232b2d6d17bb6001782671a9a7af8cf2fd0b0518658c5488f4fbd920e9fcf4b629bf5f1ef9af2db402cf0923034872da4ee1b465c50172e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ee19.TMP

Filesize
537B

MD5
fb35fdc89ecbcc4f07fdbd6881be1619

SHA1
9011e21f8d3959eff669aed55fbdd38d594f5301

SHA256
54400aef694dd96aa34ab2b525233e0a05bb2da2f41e54cf1d50c351f15651c4

SHA512
bd0975ed13a0c92952339c032db87d002448012eec19e6d921154c1f10e27274dcf33c4881d3cf49ae653143439838245e556adb83f8b733d4c3992f08967119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ca29b283818294b0b9176f9ca25403ff

SHA1
3665b57fb63e50cac39c1f4d69e67d8f6e386640

SHA256
30e05e5388115ce2735f948845c76eacd749520497fee5cce33e50c46503b37e

SHA512
5789efcfdad6cd27ca90db2168866dd0bf9248cf7b1c735bb5cfe257cf3fba1d2a753d78f79b60d1eff0ff9c1a4fedb8758bd9d634dcf9a854e380d53fbe1840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a149e4233398c6e033a24815887df6de

SHA1
ee7801c303bb473ebab1e16a860de1fc719fcaa1

SHA256
33a85060c31c78a6042dbbb6964b3555a80d5e6d583869a3c1e1f605419658af

SHA512
34ce814f0d24a4672a89cc0e9c03fc6063881e56918671a1c822b35eac6642830c25bebf2bc5e19b1643bcee7a830521071577b74a3f87105e5a2caeb1e4fb2d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit