hxxp://noescape[.]exe

max time kernel
900s
max time network
443s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
12-01-2025 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://noescape.exe

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
29	discord.com
32	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4248760313-3670024077-2384670640-1000\{3F726817-04BE-468B-9578-9F0BE80BE97F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4780	msedge.exe
4780	msedge.exe
1212	identity_helper.exe
1212	identity_helper.exe
2884	msedge.exe
2884	msedge.exe
1348	msedge.exe
1348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4880	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4880	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 3432	4780	msedge.exe	77
PID 4780 wrote to memory of 3432	4780	msedge.exe	77
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 2000	4780	msedge.exe	78
PID 4780 wrote to memory of 4744	4780	msedge.exe	79
PID 4780 wrote to memory of 4744	4780	msedge.exe	79
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80
PID 4780 wrote to memory of 1352	4780	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://noescape.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff846df3cb8,0x7ff846df3cc8,0x7ff846df3cd8
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7383262948243200092,816228596126920348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1668 /prefetch:1
  2⤵
  PID:3476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004BC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
136bb552c92fa543f0ca3d173789e23c

SHA1
2551ba098e644cea57d6e5cc0d7cf047b88cd422

SHA256
44dcdafbf677859ba5a73f4d910048a489a9bc5bf05f53c938535cc27e8ad4c5

SHA512
b1dc4590e3257cfa9625d42aab7e971f2de30ed31d6b9515789123a762fac7a37a63a49c1b675e05536529bcb7a8172dbb577e75ba493840e8a36ece5d38a1c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
396cdea004466f67af82616065804840

SHA1
2d4df16679ef28f4ff55cd3c5dc6bbd02e6ac525

SHA256
cc685dc480a41a1fde10c620aebc751e9059cc2f82a76c3c1ba708ce10d4bbd6

SHA512
14ae77110c7b71df96e38cfce29fd1f9051903de9722a529b513a1218d23ccc5a371d377451d205ec91585ff98063cecbc54658416002dcf9217a255dc1e545d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
905B

MD5
0b97ccfa01e447014ebdc07dbf957de3

SHA1
701ff0d168dea8d2f24f6132318aa7f2128947b8

SHA256
17fa54f0e8de6af5bc468893b82623a00b1f953b7c0e58d6118fb0f2021d7591

SHA512
530fbe28e53e591cd76f1c4bce1683e9378277bad920aaf58d8d500fde6d1dc23f1e229f9da3ccc01f1689ea0e52cf19da66f86b7171586624afb00ad3900399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
829B

MD5
9a0fdc7e9590dfbaae8e52523afd3974

SHA1
892775b7d34a8e9bcff23f9abf2c075f87e603b1

SHA256
704f0973d359bf992bfbe5daa34d4cc2d22086e7704a38ecf7daca42ac1d2024

SHA512
77b95a0601c287bf7005d304054b9134ec856e7f9080409fd46e3aba4e7f48444eeddb59456d03b49d2ea45d68b9fe5f7e99f4d1bb33642b268bdff5cdbc2a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbd656df3ec294462c7c6c45fb5cb13c

SHA1
a2f0525da2217f1c743ea8c0dcef8059d9c6c4fd

SHA256
8d3be21965f48b7949f3ff70fbb9605d781200be42dbc9508decea7cc42f6e9e

SHA512
a32b887793b301d8bb0268ee0879f0126de72b29f9bfb76cd93e4db0715e289d08575c87b4237f76a912643de48b555499a79dee207144f55aa64eb9f7fae33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2708d13ce21cbb507efe044b89db8fad

SHA1
5fa311569a4515ae519c3c5f7b882c33302cd802

SHA256
93f5f32ae648751cb3b19f7392da79777ea804a94914d3c9df8b09a102bd3e89

SHA512
5e8c983e265bf2ecbfa969ea65867f4cebbefb656383864980a7d3c6e9c81619807f346482d9a59532e4629cf30868c838cda84fb2d833d6017d08d4c11b4e49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94deff6009169bf3fcbb34516cfbcc09

SHA1
13f85c57e0504259655c30e4cb86dcdb5f4bda15

SHA256
87eea5622a060fdf24bb7c26cddd7afc26eb79d0da417548dc26c12325edcbe4

SHA512
0e95f50ab69e1d873492c0d9aa8cbd2b1fa67638ea20079b6c3e18f998ecf68e6f4d8dc8684f786bab0913d05f7c4212f5d276f4ed2d3b3e268d39a4276e9232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8413d7530f1e4fbe1383e14916611e51

SHA1
49408084c4de80c6de82c9f6f565d6fe279c0f45

SHA256
4d3cb68a773666394f2a2681e0e8fd4609027d168a0de57c70ee682d0233db4f

SHA512
f5a55a5f85f948118f2caa359cda3966c84a680528528eae5895f4079e7e5819ece2cc39597144f77081c2893ea95d139bcb63610e45c4ed114d5f72c3c6a16b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
f4b8b5a56068ee4d92d72c4d8e262b15

SHA1
6309e847c8075558c28bada994d5def339db9ea0

SHA256
dfa7d9492cd2d7cb396af9d7af7b7ab3d3b183d172b4e37a31fabacf9cc091e9

SHA512
fdda6cb9b3e27fb8734aee4d82eed590503f750169ca704fa80e60f239a087141f63be51604b155bc2b59641dadc1c05a12d5aa5af8268694c93e59a93565825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd8ffecefffe01590af3f24fc78a7c3c

SHA1
74ebc4a48b0f4db5539cf097b12f61be653c4c9c

SHA256
8ebbfbba62f4cdcb1a3eebfe1963759b305ce9da48827cdf5db9f4490c0905b8

SHA512
49a5c214eae520b0c850ab299224c6ea91630f3354124c21014990944430bbaf1ed7161aedddee805b739ebc8d69f4ae5ad201496eea09563c506a5585103718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
669297e82767412d21d49c699e563f39

SHA1
7aebb3b065621e55cac6f0dea171c277a0ce9c6f

SHA256
2005a5903fcc1c69eabdeecd5eac9e69e12381f90d52b0e20800c29f1feb1db2

SHA512
65b727147461cabc34e29cba4403e1bfcc83e042310efd3ac8fe4724b8b2dd9a7ee3a9faf80278f569c382aea64c292ed1889c711b1be88af16ac9407613b3e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe28eb630d23d9affb92a6861d7f284f

SHA1
df616810b710f8e90005bc2062e3cb79844bc5e7

SHA256
d15df61090248e62418b68c3b04fdb504c6a2861648b810f71bfd2de79eb7c5c

SHA512
d3f3cf8f346fefcaa8cc44e11bb7ec914b3a4fd44eb01b90a3080420f33b76f2b0712713b0f1c3a6ad92f9fa86d0dd3f1bac67f23b98fd29627c236120428ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c85acc76733f8ff74a858ca71a6652b

SHA1
4847d159ef51821f42f25292607bed4c2657d6c6

SHA256
dd3b4b58fcd9431c25a0bf40dd8d42a93ff0d2016f8d5e183503128bb7316d34

SHA512
7174876dbb64546981a4cf71a230fd6927cda9c30034d7049081f2abc9197239c32a2cc295d051cc9494fd9c7024fbbb56dade1b7013ee852123f431a66bd705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58220a.TMP

Filesize
370B

MD5
60a52636e9fe3a90c588131228d97abc

SHA1
5f5cdba2848efdb89073cde8656241d0771178f1

SHA256
c74be6d74f8171311e08d3cfad8ca8b60552a49941bb312cd2127efda248d171

SHA512
03f841f7a92f313b5eae58ceda60744468beca416fd592bb7620339e4bc811e273f651cdb798ac49b3025953c854760eb95da46c43db2ce77fec1898f7b05459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
25e1b3f44c2e25ee471a4a742ac53461

SHA1
ac438e90f4534e1f636a3b763d5b9ac11c60fe6d

SHA256
cec1c87d0197569b45f4580e088659eb8bc12381e3b4aaaa98840bd39ff5eafa

SHA512
6dd40991ac10ed3eb6aaf2188d42ce7931bf14fc2c2d7f01721448fd47e2c803fdd1a9baeb7cfd32a136026b73f5178fd3749288a0556451c8a6d5b7764e6f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
68aa5bf7c8fdde4a7999469420a10382

SHA1
9b770b11fd7e031000d0845de3b18858f38c4f3b

SHA256
a35896b522091de5c75386821e3f0bfb8ac3b429f1770d567c51ca75f7496170

SHA512
355935fbedba5f0f6798dc883217fa1c2709de41744898bab15c2b99bf4f58651439a5c2871fc7f4b3c2fa3a9b36b9debcca42a3a3ac50b4b41f3bb9bbc95b6c

Download Submit