hxxp://noescape[.]exe

max time kernel
900s
max time network
442s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11-01-2025 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://noescape.exe

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
5000	msedge.exe
5000	msedge.exe
4400	identity_helper.exe
4400	identity_helper.exe
4488	msedge.exe
4488	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 4392	5000	msedge.exe	77
PID 5000 wrote to memory of 4392	5000	msedge.exe	77
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 3804	5000	msedge.exe	78
PID 5000 wrote to memory of 2992	5000	msedge.exe	79
PID 5000 wrote to memory of 2992	5000	msedge.exe	79
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80
PID 5000 wrote to memory of 3180	5000	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://noescape.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf9993cb8,0x7ffaf9993cc8,0x7ffaf9993cd8
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1224 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1200 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17802247310218510133,17967134743508862793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:2592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
5KB

MD5
a0bd19d14167e62f838e0360461b3193

SHA1
ad495e6078e2d95e9cedae5003a9a97281a5427c

SHA256
3996a5129602c2337fd30f560d52a52f66fbe46796b5bc060a6873bf9fa5e2f4

SHA512
6d8c40ce8eeae410745103d9c9fce04a05d8376a24e54cb1411f0ae5bf422f51858763768122a950b24acd6e50d4a3d5835ff2acce3ed113494430ec2ac321f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0

Filesize
9KB

MD5
6aa6fa346fd3261581b0b8222bf4935b

SHA1
b2363d3726bb9e0794a505ac5923cee3d1257abc

SHA256
039b9ea1cea86e3d4699b018e77de3c4452387fbee1aaade7bce979b6a7250a2

SHA512
1732b55313eeedcac57268e7d39b882fa07823708558c51bbb248eacb0998874ede2f3d59ac8663ac0bbff4250cb9c584edef9c3f9eac09ef23c5ef71f396c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
ed2fc781fb9ca46b0bfc012d1ea87941

SHA1
68f0f14238de061c8570047028d14894973c8dbb

SHA256
a33ec68f7446e71a52e21b6547d8554f3da28c2884bab2b60783bf2304a45a6f

SHA512
832b6b51f9d8a6130f548923cc52a20a8b2d530db9ecea1a616b5a81493dd49897362f05a2e895629224913d77d013021b62790345dae182c700a4f235465ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0

Filesize
10KB

MD5
b43309d08548d99edbf03b0695140617

SHA1
5b310a539b0b2a1e44a77b1aa608ca6b62e58291

SHA256
4e2d59aa0c9f46378ac2750cce9c6927e1ed3608c7b592b1d61f13c84430c508

SHA512
4dbde334bc036ab1db4004500191abc164c9779c924eec6637f48cea6e85536e4fa07cd1e651a26daeda281c32ca1e7d2fa5c6d8404861f16fb5db40e31f135d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
38KB

MD5
4064d62b1182670d20ef99cb1baccf39

SHA1
548e4bf7f1cef9f10773947b8b6310e7d9bb4c35

SHA256
7339ba2363b1502232360b8ff8890911429d0c2599bd146f577357888c105117

SHA512
6791c4efeb1e0590e7888039f3398223f34aec2024e89074942660adbd414fb9fd49755d5224c3294d82c3faeb6507c83d259239014496276713e32cf9bd5796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
23KB

MD5
12a6bdc497cf85e74f0bfd5553edfe5f

SHA1
edd087acdb758ffea4d578b217570537b60c65df

SHA256
78a32884de72a420be4e71e9f6a5a5128f6c5c1b8a87f7dd54507647e22296e9

SHA512
da7f5098d6929a86289e082e9d697d5e0608bf87b61bd5364ac3bf8019d4371ec4eb7fd39e8a074f846c72a9252c82083c1264e3c4cc0076a79f1a8e270c09c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4357cafc075f4bcc_0

Filesize
291KB

MD5
a92e322d34c956a8663bb4d3c2055ba9

SHA1
cdbd39c87be107ec67f5aa70744d0757a7490b7d

SHA256
f1bdf30eb6d3d1fd65709671f2c2aa9405dda520d36d5f1b3d848387fb12c65c

SHA512
b52353184e896591af0cad9ba2df06af782fe102d7e43a2ff48755f5560cc3274712beff7373aeffc4061b05524203f9e958062ee5a84a491e9669c30abbf02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
9507051bdcb0a587568680e0b1b189b0

SHA1
9004487ee069a343a23a19537696b7220025b95c

SHA256
c34d1f27bce0517011d0ae4871ed5c9d53d09e0d304efac86a42d67b7221bcee

SHA512
266c9218c598cbca179d30c1b75985565105d32172184a4493d7145a329c63f2b25a69d87e33da627a5eb2d1c944231ce3f4bc43fd470b0450d83ee015ec0e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
3KB

MD5
b02f9d4dc10b857fb293137b3b31f7d3

SHA1
3954dfb98f8239f474b79db2d650a255b499f483

SHA256
e764c39155742b89492ff5e3aed0b9049de70e0a4cec82c8c6fa1cef1b1c9b1e

SHA512
dc429255507904787cc200c1071f30b4d053bbd9b8960ff20c80b53b7552be220c30b51ea27aef10477ad2d3779312db2cabe97fa5654eccb909b4c0b6d8a08e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
a8a821643f4c236e263f64248710a7b1

SHA1
9309f9c1c7af092f8b78842565b28a6f3401076c

SHA256
487dd567bd8c3dc340e0e3f7510329000ed62b6e26efb99bc5f6558e18316ceb

SHA512
b62bd92fac8a04af456d9200b3552ebc2f591da57497523529bf21977799266da11d1b4b96b9760e9a73581418ab70245a080ceafd5f3bf50f2a1cd944be17a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
15KB

MD5
3a9051e994f5ad28dcd93471a1de3501

SHA1
823797e3379f72e96c87047de02928b15d0279e5

SHA256
bbf983b77b65f24d8a695296307e7ef75b202c972dd74bfced85c17aa89c56fe

SHA512
2fab897bd37f0193f533576313f21db24715ed46934810d08b2eae63b500117b000b0444c470744b1c603f5b37a570fa401c4cdada311679d3f1ea3323989723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
3eb74bbfcc51a9986c04c3b55a2507d9

SHA1
706a2a34a4370d51b5c927c98b8cdf49d7776dc7

SHA256
c8b0f6a04816c5ca4fcd738007536d50065cdd1ce1daa7ef9678fc0175acc1f9

SHA512
b0e1006ff16a3db0bcae5e600dd06f64d2ca56ba7619e0fa52d8d2792f91715f2c0851a2bfce51f108bc842e02c9596bf82e7afafe5a792caf126a09c2bfcc43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f44a8109abbda68_0

Filesize
208KB

MD5
f04d6d352afb04764355277862c830cc

SHA1
a6e51d8f8614e92aa5576353a0693c2ef89b1421

SHA256
ac097889ab369c8909d9efb94b385774e43bbb9e258253cfa43980a3b0259d83

SHA512
2051ef83f0cb6b2dc7c487e4223541d39413e26ca125459cb2a278752112348aadce83e0d0dc41d62e619a90ef40ea241fa53f8e494e975e99ad91a725551130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
0c2643c74b9869585177a0203912b02c

SHA1
efb2d26bb0bf0ca9a0007468d5312a4734a21d55

SHA256
e019c2ffef0e17adc8bc17d0769a33a0a9af105a3893f25eb798010c92cad1d0

SHA512
8b762a9a71b7931e7a61a4ca961ac79eedcfe5a4d5218218694430ea5271e0985b702efe38a99c6f2cb3eec1358c57210d128b621ef88f422ee5678213096aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
2KB

MD5
ee4f87f58ce9fd227973eb21f079c1a4

SHA1
e19ce58a7839af88d85becf95f0f9abe0096f50f

SHA256
39d7c07be2f535215ac6fadc3abe0826b251ca11e8e7501c853f5746722bc66d

SHA512
02a96e058415c73f9b816a1b36aaa2edfdf36cb132b6c463451e65d3caf62cd9fc0ceacf7322bc4f237baa08a2becdac526ef962a8ae7db924211d858648db18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
43KB

MD5
5ddb0775a8a39b4e90abb61d296a3676

SHA1
64f2c1953f612ac76b86fdc4364b2976d3ffe4c8

SHA256
e69cce957b084ed3d3e69677faad9087466b063409146ae2158d4fa7aae88e03

SHA512
9643b75a6f6e04ca2a746217e182be020d606316342c632b8092e073439420d62bb9fbc86a999de91f70163f39b90a05b90e70a3c0545b9fefe00603c77b69cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
8KB

MD5
3540c14854f924ac2bba4d256eb59a76

SHA1
f9780e2f524b4406fca85bf14313aca3de92426e

SHA256
6be7c4b5a2214b53b2cc283e598a1ef6f7b1f897ed30120cbbe91bd6699e61da

SHA512
f209c42d132091e894d2828991ed94118d1a910e22f2ebd8d98003f9f2fb65365beaf491bdbe3b01718cd2ccabccab9cc0bab134f6f552e3cadb699ce236f2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec8c52c5567ee5bc_0

Filesize
294B

MD5
6afcc48998a7b06983b633706dfd5c7b

SHA1
3083f79d6b828c32ec776ea8b3c66f6fcaedd9b7

SHA256
8410676b3f3d2bf4dc720233469c95191eee46f83ab095df935ea8b31c516bca

SHA512
b2590e7d6477bc067a389b91e0a8471837c1ede472b52661536dc50a902bfaaa3d3994b9cde9a123988a6e4bf84dcd192013d64a008d5360c2e962a02d18ac00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
db97ed3f816e72870014927ae3709692

SHA1
161f750865e7a1401ee87f79929c04233a47281b

SHA256
e4aadbcf293c3d05291d3afaac3d5a096dd28262bd7cecf9f631823a81b3c6c9

SHA512
793b1bafdbf7ecd244a7150e41adbcb898b3632f1e0e467bcbef01397ddfc0210877c903d659b03a40e1228393dba49a4eb2786de02df7ec792bcccae1041921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3d81d27a7033779dbdccb014bdef111b

SHA1
cac407621670f5aef36585dbc77c967b50d9f7e4

SHA256
f248fef0654a489cb22f25736998f84149de7ec127b826f54058da083572a6cf

SHA512
07d7fb9cd2ec1bfecba49f3d1f2a1d3e0035c6284f6c31f371d0c2f2df34d0407ba5fd2002b58bfa73740ef1d8b8d9331b9597b1b60914b68f46de645cd734d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
992B

MD5
3c4455e5aa633219711c1f31427ee58b

SHA1
e510e844ebd3a7a151542d38eafbe055f2374ad3

SHA256
71c181c7ce3d9a17495aba67a3b02f6f90290e7813cc6335ecb50dc7792f699f

SHA512
a873921f2fef6cdada3764469e7db37d10eb9a734d2898b748fdc320a48a63a274663c926c11badb4b47a99d30ffe18d64dca3de2a4009845a3935d241b42b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
992B

MD5
a6dc1cf98992c1c70c8e0465e4803aeb

SHA1
6e301c0fbd84b9fa3cf8ef1a780ff69780ae64ec

SHA256
257b52631e13cf811b713ec2ee1cf7186e23c2fe2ef3c5145cd96dff4462f400

SHA512
859b7f0219b03b4abc450f2038b2841a6ea0853e4fc76dd8d2daa1f92df68ea10134d397062dc1a0659064988bcdd3f720b0b9a6563b69873cc7d9fae2711c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
559B

MD5
bc8489148c0b9e2b867050d7e1180b99

SHA1
4a1fafa37325d803e87f082e48903e91e4da7028

SHA256
6214ecb2229d4cf9c15b32e6c0b39694291df6ce7384add8ba927947b87d3972

SHA512
2b17172ea626e07ea0b8e6454eb9669d252668eb47b1e8fb003a21171aff2bd703fe90f67dc82ce0bcf3baf02ab9597b7fcded703fe91ae60dc5e389fc70a416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5beb50c9deef7ab5fc9ec7a85711ef54

SHA1
5d251be5a2be6789637c4e9f179ded5adcb15a0b

SHA256
15b122d9a9b5ffa9b45e6805011330139e4b8b8ddb26bbf67df801fadd439022

SHA512
d37b9e448719f7afc9dabe55b28ec9320379fa40c06b5bbbf694b339709802a6b3f857f82237a6d3687ed127f90f23d1529ef60ed85ee661a1ee49f0bcf6b388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
361eb3995c24a75adf04429bbfa8110d

SHA1
806c73a605f682790c3cd157e7a94ceb9475c884

SHA256
8f1197916e169e5dc9dedf324572371f7c16c2b8ced6caa992d3f9a1dc0746c5

SHA512
20f6fd911292e492ffd9c3e8a35172755e260b251591118fde83c34366f27bd925073db281256645a7cfda02970207b79f23a9ecd484b945794f039bbaed9d38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d81e436e83d7b9d5533a1d165c9165d3

SHA1
4d52796f241e36429d0de3829824b01d134b8178

SHA256
df8a5f96afd421cd7c1eb6481caaa005d9e678e7c89855ecb6a5154ff76cb3f5

SHA512
fa31869f85cbddefbd1b020fe2579f929ca9ac6aa04b6e75379633f7ebe5620de693aa6b76571473fc9c6ce79bb8b07f19da6a063c01d15fe1bff832df18cbe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2eee5e6a48d2560fa8f353f6a91d749

SHA1
afc15a16f62e5c3116f6345a3de54a198dec2fd4

SHA256
1d6de82e107ddae198510ec61a9e4d3e6ca261261685e2302069cb33262ba181

SHA512
93886026b031fb437ce38df821c372fd9ef22c62ffcfc01dc41e84ecdec895543dee2843ffd43642970f79944c2592eddc01980ee003a8254854e4949116f36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74e93c5f42a9265ba23ff58ab32baa2e

SHA1
4cbdb8670cec39fc393455ff6f9bfb3bc76afd5b

SHA256
b15724de85cc64b64a35296b34656be9bb530222feaa1d14d3008d1b3bd15107

SHA512
d3bf45f49af833aa47727dc43eab11d87a9ba180bcad7bc68948146fc66c705fb1e3de12b021007bad21be62efc32b16894e59139fb6cfa58d5388895ce62ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abde5a7a6b8b122a20e9987ce16ac25b

SHA1
4b6b17f6de79e5cefa3bd4fbdfe07f0724802af5

SHA256
a6d333d3c5f4b4ce9cb5266b3c8e2e51ff811f989fea4275fd5e1fad896002c4

SHA512
da7d25a98387a0f36827cefdb376631f730c67abe8350a711b6f5a1b71e06e86a6f37cc9685adc164d28e7841dc8f85dc00870955185a2cea04b4b02d1b4bc4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6505fd16f6246f3848a00b7af600c349

SHA1
579330706e2d404bbb2dcdcb5db70ede36ec0d99

SHA256
0475203e407bad6ffdd3d498d46b91e9d24a24a9a80ee5cf5ab1eb9f021e21fb

SHA512
64750e589eea5c3f819d4b234e68e16730430730a0d21c92cdcbca1bc5ff47f35402eb6cdfa818505c90fd4b4b0d61fc6c86b45feb0ce150a4e950fe339f6c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc202d85ecd1a404404fdb35544bb71d

SHA1
afa8e259bf66e51afaba74df65a6974a419e9f25

SHA256
327d85e690675d18b07331c5cced0a7e3b0aece2da71e233756366d646e0bd7c

SHA512
e91aecaf63472431c86a361055b0f55e7f34e59d7bc6fc81da0c527f42b233b33c8d4c4fc9bc1fcae70412f5753e8c344c58b0c93e8312e6429a37b0ddf1e7a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
8e8464de9b887b0d55f6ebade4e0f674

SHA1
f6170af1a32eb6e99263713fed34962d21202859

SHA256
4ac86d05ba4afae9a88d44ce6c17db4e11774d324911d007fc84a71858123e9e

SHA512
dba2fd097df543ae677e7ce7e7bdd3d275fc597d560afa740afb9e7ed7695a68cbde3f59149f4b5b743cb76ea81db998b577d87163ae71f41dc9028a7f1a0cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
d0e19ea201a8907da584d2f4c8f8df00

SHA1
884b3e18e8514e998a155a95e3edbba6fe09321d

SHA256
116f797542ca6c31d55232059883d0f9ce0ab78a58cf4b8d8e5c6e1d124ec4f7

SHA512
3f44a9cdc814dc615bea63f719eb0ae7faef4ca326eb52540f7e73f345bfd6844a4abd88110180a8980a186e9f0d8e00786b4de61a3d2682cd93271825735e4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
413731c3b8a476c9981fcc80533fe6bf

SHA1
32dc029ff7fe3d96f5d3f86ef096a10a81aedf61

SHA256
2b6b45a8ffba95d808cd63a71450e3cdb7a05dfa3e5104d6594652c4b4934292

SHA512
f37ff9783500fa45063330eebe7a96c6ed752e2531ff2356bd32ade7938d071a6138c62010373350a16666bbcceede7872bc7fd2a933c0feba9e4b59a6cae575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
982b7383b10bcb59fabd204cddeed5ef

SHA1
76190cbb0347d4304a6245246cf3837aa385a58c

SHA256
d6b089ac89a513764d15de86b80c2415a6eb0850a0a683ebe730efdf68fbf73e

SHA512
9b8bf2d84c5b1b8db86ab3695f8fff80515691a147aaa2e9178684da0f8438deecf681a138c3526a9aaedf02b1d2ca35b292f6118feb0ec5211f45f6e6d24a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59621b.TMP

Filesize
538B

MD5
a7a9401fda3ba2cfdcad2acfa81445df

SHA1
e6b242d5a1840566937ec4a9b9d2a2ff4c268541

SHA256
607f41291e8ae1b81ce1433c8dbda94903a994a97d8d115dffffbd5656c6c94b

SHA512
50fc335dc5ffaeb77e1c2c437c4961c5970afb71a62a02b9f12b3b6d6e311f3bf420bf38c1726d1b1bf0ac23c43a55f2e1a83a63c6f7099d2e428edc125a6caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a6f33b1cb58d1acb6bc7dcfae214703

SHA1
5fd4e2219ec33fbaea6feb46e74079fc115bb8f5

SHA256
21f6082d7022c2cf61a2b80fcab05687846c5e9f1b4e1a285d8fc2c2fdbc3508

SHA512
26fb42a55c56721b61de21092a16e4bfa0f2f7c69297c8a1f29476451df3c4c0fdd432acd636341ef87640062472b89fbe27d42e13089c4ebd9b14edbf6eb658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c95a66c91308cb4dc1e440ea180b2242

SHA1
692a014f45a775e9a29de9e2ce0a8d6cb0dc5bd8

SHA256
271c7a76ec65bacc23c41e237d60a67977dd9cf35aa06b714dc263631f712117

SHA512
c1febc266f2c68e972b80b91d1d5f8dc416bc546a61963cc1c076035e84fb659c03a108547d2255e512dcdb79755042fad9434c42584f9b12e172c3c7b151ab4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a3f3ad9f0a756e239a15c481be5dd49c

SHA1
392f25e5f2ac386edb8a488ba864ff3255ebec22

SHA256
9883665b9975d645b7aec2b5f2665bfe975be20e63ef6f84e27a224d44561c26

SHA512
b05f178b9b56982cce53926caec03d23827ac1c2a96bcc8f1158ebdfce00eea4223a9d45ccba1f070a415996bae806349d892219070529ebc99b5964b9bf02f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b0a9c6ef5fcdfd209bcae3efdb8bfc21

SHA1
900bf32fde3b49fe9a5e6078ed6c3a899f3227a4

SHA256
51ca11a42da9844a442776d03f4c4f61d9af3b8064d3c15764bb09994c7291f5

SHA512
a352ad9aeb6b075ed921fe70415d03e6ac2814f590391c47c5234035332553d2897ec03b7fc7c28ed1357c4542cbc07f9eb75df1819f46cac2837df25013136c

Download Submit