hxxp://noescape[.]exe

max time kernel
960s
max time network
965s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04/02/2025, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://noescape.exe

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
4284	msedge.exe
4284	msedge.exe
2556	msedge.exe
2556	msedge.exe
640	identity_helper.exe
640	identity_helper.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 3988	4284	msedge.exe	77
PID 4284 wrote to memory of 3988	4284	msedge.exe	77
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1700	4284	msedge.exe	78
PID 4284 wrote to memory of 1404	4284	msedge.exe	79
PID 4284 wrote to memory of 1404	4284	msedge.exe	79
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80
PID 4284 wrote to memory of 2900	4284	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://noescape.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fc6a3cb8,0x7ff9fc6a3cc8,0x7ff9fc6a3cd8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2544 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10940293491937017058,5605698998084071674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
26440793d8a21119faf2a2eb91280f5f

SHA1
e7d6b1b045c07f1373ca67ec838c2b59deae4999

SHA256
65ef6675c2ff98d15ccaf1c248981e63893bc6ef8541358115828194854fee91

SHA512
d125b4ad58ca33f04f4a738faf035ad4bbb8856e817345e6c0e421e19692bd56bc55946a6f25acf57072da8a3f762eec41d61506ae3f5535328f60f08a01a810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
95a670f12299512123a64fbcdbb410ba

SHA1
b0f41bc9a1fc97c565dd48ca5a21f5ab539188ff

SHA256
c7f585a717b67213ccbe7e82d3d446be64bb9cb052be92324e5782a7bdd3bba9

SHA512
0a3b8eac93d137db43497617b35ce61ba79767ed84a11f1a0361d9ef94f52085979f75b90643df19906d0f2b0dcac05f7176af17e7496e09bc613b30082af30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4f312827d47b8520db34df1b9507162d

SHA1
7739465b02470af1af4dbb885d5d21403a2d30eb

SHA256
97ce4d2f0778639217df64fc2dbe677cd61637af8efe22e3df206de36c98784b

SHA512
527006b9d64d6c2b5d0c72ea769cccebdaac8fcaa91131cfa729caa6f655766d43d3c193cfed2d7f937c8fb51bab386df6c6c7af444c4ec7ce8b0522b8c622e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
559B

MD5
1e0bd3bf9e41fc22e45204d753c3312b

SHA1
9a734ad3dfb0ebbb444d34dba5893eb171cc950b

SHA256
0830823c0ed6887de0e5d29cc1e0b68b4c696b6fe5584e7a86cffc71ea9337c3

SHA512
2859de94d2e91afdf8cc52e664cbd8c03ca12b0c80f5b62e1802f1b2e6c87615872168e4ac175745bb5dd230f57348118e005061b2bfc194de97a99ea567b8e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f7950cf08ee29e34ac9f8297d12970a

SHA1
b9ef10a0c447c33de6345260b761806b40a07496

SHA256
3912e81eeb8ebf83080d0375bf0dcfd9bb070c35495204facccdbac9201d6ba1

SHA512
ba1e5ceb750fe16a74756c2dcfe8ebc77a2e99a70be2d343c92d60461a09e95608e865d05f0be1a51a646b1e45a34dc1e1576b10f71667c4e4cbad8ade42f2f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5ec59b0a2466237a0895e097482346d8

SHA1
3a3957d37b9dee38c9220cd1d08b6e4dee87e552

SHA256
7c7d6ef94c99c7b5b014c276af5915110d967ebfccc540e410c1a455e3402c56

SHA512
e976aa31b1d4caafa71e5702e4ba683f7848b90199c65ffd799ea3e2c443bb7430aeb057c1bd6da44a866f2f3b18ce215301d443aecc9c9f7597093e759ada26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
273119aeb516870d78ded58e60301bd9

SHA1
f56d5a56c64353456157084679c455882af64398

SHA256
ce3e9ab5a4f01b1fe04d9034f0978ebede70afae73a27fc3c638160a467c4e01

SHA512
c2dd3ca86f289602923fdc10518a17435d17a789a0e9a2d37ffd42cc6716c1846f32ba4ec119d855d15fb00e5539aff6b26d259dc735e9f3c752b199b5200c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d13599df0b8f6c8a6e00feae1652351

SHA1
81467c86f7847016beeac9495e84ef472d71ed3b

SHA256
427313ff411527ff2d98c356785f2b7222fb02f5ebba71bcb06022124645e3dc

SHA512
4273eb67b4198435e27857218e9cd83322a3d09e8826a19fa497d80fcad55239ad79af1eac8ff20e5d946e0c3eb13bc2cfb660ad65acf8d55e3e06a6fa0c78b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
30568a3473b56e20f072c3c0cafa5428

SHA1
880f324fa55f0d79f07b7048482f659e4266d600

SHA256
f6414344c6db064bed832f659500fd3fe2cc7d528a7ef798ba077ff25a00830d

SHA512
b99027b7bfaa71d16b7761a3ad8e1a6c2ea9d2c92f7c82250f86f2e73c3cea92c062f4b7af74ac0ebfb30af593f3172712626f18b94565f4cdefbf7d7b13fcd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b9834281a9a474dad2900e3952351e5e

SHA1
0aa455c3d94412918b06c0522fcb206322ea3644

SHA256
4d1d648303976045986756876530a28ceff3d8963a342f3dba6449bee94e28c5

SHA512
32e6cbb60951be00e55a3cf49cc8e5f8fb9fbd406588cdf2e30469a888005f8f43702f99aef7168ea743d42a147028a3f1f4aada50bb7fd6fc183a5a7fe50356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a6330.TMP

Filesize
536B

MD5
6decc4602de16e7177b2f55f02b11622

SHA1
43a9ee62641ac56a94c53779c561df16ca7f1139

SHA256
90fd97cad3eef3d451881ae2887ad323c8d876e9a5a3d41e0efbadb421f7e335

SHA512
c958969d6155e3c57e3cd8624903a4fe43bec305a29d437e50cfb68df1414126e5461bb69500df11e692d6f714988093f3195caa55d21ab6e9bfb74e89fac7bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b359e0b7989b88df74d35d18226b345

SHA1
09ea568c515ba537624569027ef9d03b2a3f0ecb

SHA256
4dfdaacef708776b9c8817c1ba67aabc2474b1e7d4135ad11c07f16ae0c2be90

SHA512
7aec0c131d51b7343c6e3891add1bb8c997fde6f85d7fbeacaca587cdd6d3a1fc2ed090cf00b39613e340d62f8e30f0668652564af888a5be07ebbe690d5f6be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d66ec0160bdd932368dbc9510604a666

SHA1
10cde75b03dee8371c38c90bc83d218dff94c373

SHA256
82fd5e25fec320bf3e468e76c963a7799fc7b734d6d86a3222f50cfd57ccbe3f

SHA512
024706a558f84208f10a2f8c356c147628d12d0d7c73349e1e8b71339dacc54d4d6a700b2f7dc7ad3ca45e4eb16eadabd40627fb428ae3dfe13996254d4049c1

Download Submit