hxxp://noescape[.]exe

max time kernel
1033s
max time network
1039s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-02-2025 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://noescape.exe

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
3452	msedge.exe
3452	msedge.exe
2008	identity_helper.exe
2008	identity_helper.exe
3020	msedge.exe
3020	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3680	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3680	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 4960	3452	msedge.exe	77
PID 3452 wrote to memory of 4960	3452	msedge.exe	77
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 3264	3452	msedge.exe	78
PID 3452 wrote to memory of 1180	3452	msedge.exe	79
PID 3452 wrote to memory of 1180	3452	msedge.exe	79
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80
PID 3452 wrote to memory of 708	3452	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://noescape.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff82c083cb8,0x7ff82c083cc8,0x7ff82c083cd8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8368964783849915344,12395828579270480319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:4888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000494 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
06e32a5d1e2d387ce562ee7aede8192d

SHA1
67f9d64c29663f6865d0d134db189938a92503cb

SHA256
46ec4156584d2cfcd0ea2dd2eed85a0545ddf4e30a8c20c26b2ff3fc7c065317

SHA512
0d1de74efa671be757ac49d1b864ed89cca90bd56114d79432ab91407ef5987d4f4573ef3f2e307b32601ab335a43f8cd1860954f986dd5d887a02ae37ea0717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
25KB

MD5
e580283a2015072bac6b880355fe117e

SHA1
0c0f3ca89e1a9da80cd5f536130ce5da3ad64bfe

SHA256
be8b1b612f207b673b1b031a7c67f8e2421d57a305bebf11d94f1c6e47d569ee

SHA512
65903ba8657d145cc3bbe37f5688b803ee03dd8ff8da23b587f64acaa793eaea52fcb6e8c0ec5032e0e3a2faacc917406ada179706182ce757d1c02979986dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
64KB

MD5
f0cbdc55688f673ec1f4ff28b5b0024d

SHA1
a77168d29e23261a9aced09095fba979d7890453

SHA256
337bf8ae8863828a208ba6a3105c7b51d140619e9ca1cb73ef98002e941efc21

SHA512
f3a799637331c773dc30e3907655188d4c5b590a199ece10eb029689091449d5f0527464c8cc4b39b346593afe6617e53c08cd92722f9ed8aedcb8861c960118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
32KB

MD5
76bfcc65bb58a24934886f671e1ae906

SHA1
200beea7a1058c1acde2d96bf76ebed4f7967694

SHA256
97fe8a567fb984c3772241fbf9796b67352fc1bd58e7e5afe7242f789557d7bd

SHA512
c6b583ff28e85b35f9c4b0137577260bf48ee912c0a242ca82dc320780ab223b1937829de7a1eb3ed8a5a3edbe8e16e3f68f1156f1982fb5c232b3b96eafd111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
1024KB

MD5
875a5e128097284876a22dd5e37b3725

SHA1
d2dcaba81d90d5afff7b855f10c871268e458e43

SHA256
aa5f511617475e55df9233960732e8a80446d20bfaebc048b5a9b357bcf66010

SHA512
495bb3e7b6710353f5aa9fb87d88f3a5811580bd53fef6633cd272109ce97fb209a2c30b71d08babb02f02bc581e74259281277b6405a45b4e4431da4df54042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082

Filesize
1024KB

MD5
e227987a86d1708deef5022e08bc17ee

SHA1
db8d96377821ac4ba40b6b9e8881e3c45a6a3b1a

SHA256
f2883ca5d869fa73b9fef2e46c35fb95679c36fc7ba878173d1c93525e67fff9

SHA512
e9429bb7bbaaebf10ed79318c39808a22de82181ba6babf96483445c2a0b6208451ba70ad5ca01c33b3f76eb82d56f0755d46b1a79ace1b45615b010c949a709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
5KB

MD5
ae63b6d670e33ca7bc339b03e4023ae7

SHA1
cf5f026f83638d53ab8a0148f400246e013b37a2

SHA256
8800c34ffdbf968e20fbeeb571393da710c339bf1dd02dfa776452f86d90550e

SHA512
142acf4c3daf18e3ec80ae5ed3bd29a1c6748e6940698a91c9d39dfa0c4ca4fadc5ef4d9d4c53b5eadccb9e3d859991a483d86e37dd35271d155f1daf3d19280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0

Filesize
10KB

MD5
b018ecb7bd27aadcd9f12b02e5c93a4c

SHA1
a57316a67a237ccb14d095b49df905ff4ea1592c

SHA256
4294474c5f0e6fe2f6bdac8e2dfc19c928e098cadb17867c9141543df912a165

SHA512
63170e92919307fd9865b48c05a97e7c1ae0dfda9364748ab0839c88198201735f438ddf8bf73d4195f9f1110720878199b3f151de38aa84037b41478642ad70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
fc303d4e326d1966491783d1cd8896f9

SHA1
2e9674d15243bd76124a94723c130f424cf05fc4

SHA256
c833ff8bddb252aead093e545aff54a0d5ba40f2ce5d95ccc8f672167f091671

SHA512
903eb98f47cd73e0d329dec69de1301fb78e364bd6e5381079e4c587e05a2055db977878e2d076b8dd9e2f30d1e46274c802dcb2b74f4e8e6edbc6936cced45a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0

Filesize
10KB

MD5
2bad2b545b5b6df8ef871f298da6c16a

SHA1
02e8a3f67325db862db9fc3ac8f0b51fa78131c0

SHA256
0d62b404213b6f7ffe893d6e0c0da7e5e9bbd819f03b3ea9552d64767647ed2f

SHA512
876666f2cc4d323462c9051f78ca931175af9cbde36c1e81b92ec16b70b326afda9396d65692deaad18afa05e3c2c88c77ec43bebfdbbcc6ae1c3f4c49a00ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
38KB

MD5
38a74c9914e4bf9203388b027807272f

SHA1
2162eaf4cd4d4d064eb0839b9222d176d7ae2aec

SHA256
cf8771a48886a3b35fc02ca5d5145f7866bd67e1aabde1360befce3cd4ce0588

SHA512
9f221fc52aaad4e45c807b5fbf02216578a2fe2942346313f2b0958d281662c446dacfa0ef512a879280849f632c2b44d712183047078dd3c40c34d77e6c5659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
23KB

MD5
11c535c9315f87cc8ad9c62669c42aa3

SHA1
bc59e256131a9e812b0a3605236a874cbb487d2c

SHA256
e45bbd44d58d85e7b1e74b88cec62da33e16c5e081547ca143f21f7f05483a11

SHA512
64af969ed621f4017b566b079505f53b74fed67dc4069754f9e453920d53864265fc1ace93b2e8dbfb9b5e2291bee67db5d0952e69b292ca3f326eb859b77f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
4e66262f8e4d6254880cb846c6b8c8ef

SHA1
f856d99b8c0da1d8ed0cda4d0e3e6fb740c4255f

SHA256
552ae1cc2a1df77101423603136fcacb9bb353518d0b677230c8d9c84f2ff6aa

SHA512
71e9cb02a53bb79b8850eabd7dd66f0e2b8f120bc08415019afdbdb05129f42f1c55889a9f5694353171a8d0af1dc5bd35a9c1bccc65659c0233929fecfcd752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
3KB

MD5
7400f07c1489d99bf910aa6557dbf8dc

SHA1
b28c60f23a91d85fc8fd9fe733ee398af6840d2f

SHA256
f86e69b2ee60a2c0e6effe20825db92192563216fc308e81a4982426024f84f1

SHA512
081d34bfe2ca59b76e8211d5ecbde1dca573873a80199cc01720fa15d8152335d377f5367856ea1fa8a98fdb4b2c54b85179caa011d0acfa34315c2f6646ee57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
dd8962b45cc5f4803b975a3dc429d1ab

SHA1
0f7bfa9feae4e25f470f3fe988aecc88dd1159e5

SHA256
3e72216d4d1bc91ddfc73c724b7bd9e638840ceb80cad12a16c2c3e4d220a76d

SHA512
70fff7ceb0b5e09611fdda370313c60b3543ad2dd1617f7ad0ea288cc34ee8b209f1e78f8fa1b5127c22eb14d00c6868bf4954ff9338cdd12e1a482c0b3729ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
15KB

MD5
c4e0ce84453b54a65fa63b7a0c0c65da

SHA1
52e4b1cd2053d8a09580d29a2245576e9db84aca

SHA256
6c7ef99e4d09623b442c40a468955bd921c0de86a70098107b1670f4ba7fb49e

SHA512
7fb165b0cb3e981c1b9eff812f14077e8fa7c0e299923d4a7ca113c83655b21f28d5a9baff7dd6da1176cafb379ab87bd6990be68ce5b3bd1330e139f68777a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
36f7d5bcc7cb9ef21a88aff1ad91904f

SHA1
00d899b478c5d68818cfe35521a946a3b60ba3f9

SHA256
8cb141597d11dcc34d75a14fb1496c248d827624345b86cd98705d55d92ae009

SHA512
e73c66722912b7ebb1bda3e2589ae35ee2be3d801b19973f2d06c0431ca65dac933751357c8176815b035f51e77bc369689d7168f5712841372313446fc31210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23c950e9eb0d45_0

Filesize
291KB

MD5
474371892832e5807dabd0b5b57b2aa0

SHA1
5ff3a8dc4d054375e3d5294b85b10bd250f2df9c

SHA256
f9d162fd42d2804f7505ea19a8ab0070bee2f68e672b9d44aaeeed58dc34fc79

SHA512
c762e91bdd05ae852ca2f2c253ab4efc1d527b15a089a3d99811fabf3abc162b220d998977b25ce9c7a8ab6ef420201987c8d088120c82f1f14dfa3df360b4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a5635605a3b130b_0

Filesize
210KB

MD5
57ab1a944f7f325edea5a135471ecef8

SHA1
34e5632522af67645b00865ac3c7976ebfb4c89a

SHA256
8ca03d88eddfd58e18143ac13dbba82b72a6688f95351af3ec970b108b3e2c76

SHA512
1a14029c4826cf328ffdba932d554729c0a03d7254aea765d0ed89058d7722fd986d57b110965c3b6962a922436f77cb68618c3a6d085c240d64ec4d86174af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
ab96415827275c4cd3ba52942df5d3a2

SHA1
5d03617b0a990ca8cc811dd3cbf01e9159f8f83e

SHA256
cfe6fd86ddbcdbeccc0dd45464de15c69cabcead360731fb27aa2530116b064b

SHA512
f8291850a9e46b3841354ee0bc1f1a865ccc4c1e2bfc0cfa6bac288a2aeceafa0555603ef495c04ef5bc7218969b727ec34fc637709357732bd274b249a9a6e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
2KB

MD5
116c5eb18618270cf5321f55427cb211

SHA1
d2a0728deaa5a2f10cde2d094d49cc04664407ba

SHA256
b4d35910edf55253c94cc4e30c3fa3c25baee36e24a3baedff2c4f8ab1272d9c

SHA512
92941128b5d6969921ab1cc4b2edd5b630a6c4b9ba2a69fc306f582a8b605c44ba3a69a137a108574d58de284d54263f66f52cc71046054424268ed758b37f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c0d1825e36e4f904_0

Filesize
43KB

MD5
b2d2f0940221115a07ca7216b252df53

SHA1
74af6f4d1ad4dc091a4df0e64834d7079ed3cd6a

SHA256
2189c7f13528f9ffeea299eb614b4c6cd2139c770748b3df69e9dec39ac5c6ac

SHA512
d0fe9a41e0c74218959a0b5db22f55d54f430c45abe541ac78ffd3954fa3994def82801dd578d00bbd48694077722d9d7d7262c6756deac67df8f638188d57bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9875f4e92689106_0

Filesize
294B

MD5
e3f6cdd197a527b6f0003d7627d8f776

SHA1
882209029c9cbd3524bd36c3cbe871a8519b9fdd

SHA256
e952509188c1637e254ad1ca49fb7d1d45262b914a90cdc77a249049746956c7

SHA512
099d77a0691791749b7a3c4576213a4db4c8ef7ea4ba4f79caf1b41f40e2cfa6c3c873ef4cc6853280c0fd9b94aa76b2006642646b8fbb05f0e86668c3cd04cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
8KB

MD5
9141ad81d892500ba72810f06b6328a0

SHA1
d2388580172fcc2df64286305262c14021dc4de6

SHA256
78c347cf017362c24741c8697c420bc18565a4e1c07a0ca889346dda6faaa267

SHA512
253b830ff34ff43bc4a8dd105492b820f3e242ed390f79701b91c135e4afd5c1ec15dece796d05427f3c3da28406649ab73cfa891770ed854399a961dfb4bb57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
187515b3184bf676dc08ebad446d3974

SHA1
56c119910df6480a9b92a9a1c53d3e0e3d8ec601

SHA256
07d537d760e0dd03db1e76874f668cc2dab93b42600958219d4d68ee5b518011

SHA512
5ce5b6748ad5984c07871f05042db3217d8de564dec0106717aba4b0524deb2dfd6688f0d84ef52af6c9c6e46647b0f321d9021469e4612d4fac146a4bc9c44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ecdc23efabea4638023bbc1713334a26

SHA1
59443516441c1788d00a530e9f7eb6827525dd19

SHA256
58cfcd59cac47e71abc8be055c7c0aea684ec2afa376e995892a6162cb4fd828

SHA512
de3bfb313635ae944f4bd0b0f9260cd55646ac7aa9c56fe8e2cce08915a694377492f24a96f92cc19b0c4b14af0f64aa4ee9c133b8cd6ebc027adbbb3b0326c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
3b14240c09dd1bb585b36046e1a35338

SHA1
7269dd37d9dc4b06deaa4bff78977ca605211fd0

SHA256
44f31c71995c96ed91a02894339944e48e68201b7677ea1ddcb5e43d48173564

SHA512
310dfd05c11571c3447a76be40b30288a9bc8d42d5360032187bba2a2dd3f91288a75c3ebae550e00a140ead7de470bcbe26d607c1790b76c37627ffbb372d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d5c1c849a5ed06d18ca66ed909d40c6a

SHA1
66de20347b45c79c066b8a931feb6ca57813862d

SHA256
4ddc6a831d6efbbc8da00037daa024cb855cfd282496d68dac526d8225585b2e

SHA512
79d0a07cc2e43a75bedaf7c9a9684102df25dde684962bbf05f9e788763c0b72cdd75e1f7241a57a791e02caafdbd0c7d2eb5ba21409fc5f92654541b9a2739f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
00e5453c7960af08d8257d9ea4414af2

SHA1
804fc5f8d873713dbbae47dd15a9fe3b24085fc0

SHA256
e795f53ddd8ade1c6bf8f79731118f863ce8b364cd5200fe8adfcd7060b0c46b

SHA512
396509cc1ffd0242535c6889cd24dce76d9c971c8ac9ae634b694046ca80d82be6dee75954267accec52685fd3413eaeb86d8c0ed94a65ad3efd40ca6c2a15af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8ad194deedc6b52e4b8144e60726c70c

SHA1
c0893b9c5fe6d1e6cbfaf93caa69f2f53758abc6

SHA256
d48011689f84d567556fcff8b1e8c2009612bb8092f49f82ab51fb6c931babf2

SHA512
d6779ac47aef6056fcc7736e015ef648614d52dd2c319d4b05af1067425f6b7ed8204668ef8e4cbb039401b926c038763a3610b671fa544e7d2bcbe9f37f5fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
068aa1c0f2b154a820f6240f9f6ddb93

SHA1
d4d5ca7f5ba3f663b163eb7010810375ee5a037f

SHA256
bb76b5df068585713130e4b66be11a44c269779b1a66d0de092b48e357dac279

SHA512
18aae0c48dfa8483e18a89561f437a6ec4bc6f8b8ac25ae4860a3867ff6cb630ede108934fd3b69e3adb6aa5229d85b3a16060522ced8b3fb7a666d6d1528566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6917353ae896afcd25932a42c830b8b6

SHA1
2569f39345534aa13d41e2f0d2de3acca5523245

SHA256
78ccbd54cba6181224c8f02d795fa4c52ba73f71337e424ee58a4f573f0bf80d

SHA512
6a6d4fc22fc96b47c3515d54f920eb27760615f87974e43f822dcd88bfc0d87b08845debf2d754440a0d474d2baad18b3ecf5e8e34f1ee1d8b996d5349730946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c128610e458b401ec4654e1be8058c93

SHA1
ac24147531090a6500763ac7817bae3bbfe34288

SHA256
8ab73f5b7f46331782392ac369221b1610ab36f31ea47a914fcefbfef53d9a70

SHA512
871b232832028f6a777e1a79fb0d24c5539e72ed20edb67ee0845271f5e2606a084c397d9d24e60b0dc53461a5e1af6bfcf099cb081a3f03d291a0260ec1608a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
99e91544161efc8ed40851b44f0ff606

SHA1
ceb0e85463a8f2db5de07acd5268603cab0224e2

SHA256
8ee5564817d80e2a37820e283542307e6be932c22d406c8a403bca8c333994b8

SHA512
bd2c5e24778bb67544aed800fcadb741b0b054205ad79adc2b4f363a77880e2cabfd30d1e8439ddf535432424a7d73571a66672755906c335011c95ec07c90b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
49a8f0baa8b2d81419960bb5319eba1a

SHA1
0bf4a22438e3ef49a15dddbf336fafd3cd730350

SHA256
98c9386d1fd92e27fc9b7ccdcb439121d1fe79d8f1dc05e8e9c8231c2f0be662

SHA512
321308fa8dc37bce335e9f6c1cf2c40d1bc27ef0e18063699c1461e039435c4556b77ca2d01579acea17982753cc568eddf3a1f508833db96a306728810c86f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
606ca4eaca6120f1b83887085c2cd538

SHA1
7d2936152a9295f252167555b4bcf8bb2bd6300b

SHA256
1df910d08bfaa9fd18caa7b7738a799fcbc2dd88159e4ce02f7937ba3f950ac4

SHA512
85835a3794530c6f8acd08091cd8d16827a21844fc5b0ce0f977f2e67e5920a069c22be6a81a286223c72314dcd7dc9e0aa2d3cc71f4065dbb831fdbfcdb3fec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
46d1644144fce36d0a562a29a78cc0b1

SHA1
a07b5e7fbe8d117b659f7b28c20c8abfb3c2e0ec

SHA256
7f3f803f3c46257b064171a9bc02397bbd41e45c8259da2adf6c57f5be303c98

SHA512
3825c722f392347d7d497de3f88fa91cc14c48daa75a486b0f07b1a1bdce701a327ccc3feb6d1d17faad250eb14a1f00935d493962eb85454d03f2088d545148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d063bd738c1ad8d3551c9e59deb824e1

SHA1
130a54bdefc33c372b861f352b3386ee4aad43b0

SHA256
1d92be2279df93d65b73d5626ba426d495b0de432f27866494277735ec5bbf7a

SHA512
b3acc8c9dac5b4926b06c013811e321de2c8f0eb78c1cfd734181c9dc5aac2329a9277dfb14ebeec421d0a85a0b70f1f6e3d628d1f051f588ea70fff9b03666a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74926e2e8623c76764445b627fc961ff

SHA1
1efa24ff64d8404c1eb958301cc0dc187aa36d7c

SHA256
e5d5c10bf34fa5c47551e2527aceabdd9667328b7a230b5f4f196e927615844e

SHA512
8202f42e089a3427c4d7444e7ca78c2c1f70088ee124575836b0d7a7df0a70b13bbf4b9a10549f4441748e5d3367b9b87aa9bbc6b01889616947bf55963d3e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e4957812d90abc5aa3bce5413c4ffc7

SHA1
a30de318304ce5a84c2adab715d7926f3ac2d036

SHA256
9e1252fef6f36a4211f5a4a4c88d3fed46d6da47e312d0350458d58eae9a240d

SHA512
823ada9008eec624cb8ba0729e680f75205886cd0d2931e855cdba51554b5cc95538f34622a3e7aa788206ea8c2b26bc200320025e8319475fba2f536a003087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b325bc0beb86bafb2d3ef0983987fe96

SHA1
90f578456d834e5b5a080c7e2c436e527412e5c3

SHA256
24ff4a26801bfdcd544d2aa46529d6131eae675b47c5eff60b3e4d237850bc77

SHA512
e9ab2ddec8d527bdfa7253414739bf435f9b383689eec1d02bdc9e642bc1912595d91a53855d6ac60205ff696c1c8ef62004e48b35ccf029f17f277f732aab2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4c776951e3e2ed9755255ec583e6279

SHA1
cf94bf50a80a95cab9e48088af2630b7d1d6925c

SHA256
b5f83b3b5db4adda1391f0b03df4a4fa81b59cc7c6b37b7f153a23844467cbcd

SHA512
86d44dc873ff345aec54323db7c2e651b7f3589d7ea43a843f51b3f7527f7956aec87c89c09acd44bbcf54209a3a5dd7532d44a84aa397ffbbaebf993ed2817e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11aa741930607b9c4329e71de98ab49b

SHA1
2f66fb68465658208eb6b1cc91281e0034bf5d31

SHA256
3470483a7c6ff6a278c0effae87d7b9ab730c63d1c073a5a1c4cb065e25ef3a1

SHA512
8033a73af610fce3caaac21372c525668ab3b412056e3917e70aa7ecf6f30a4c1143688c7c3cef7dc093834af2130fd4471c821d3eadb92578abfab0e694b723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
6693e1593b980b3e44e3d8f4774b02da

SHA1
5bc2c66d7f634b59262d8bbb748fc9e45d2d9cf8

SHA256
cecb6bcc0fe632dc7b7bc73298db9c06161364ee693b19212b4257ac09c60f2d

SHA512
caa55f4a1389c9162a24a888d173419305ab3b8e485ba68181f2307fc5be6f94db4bb74e26cf85fff8d602a7c41a0ac0e08290dc58965ba55707d2ee5ac2806d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
13611598531f1359d029a9d71bbc1a1a

SHA1
c5a95523b61d8f78be94fd74eefb92dc8a4e6967

SHA256
830054a75dd5eb18e45ac76d5a830e47280ec033769c93b26eeccc2803f13280

SHA512
7e9ce40eed3ab3b50923802556054ace10ff4e12ef2ead5ea6499ee70dd52b18167c55905bcdf0cabb907c3e843fd5efb5443fbd13fe3ff700c2ee051c0727c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e3a5238393e702753a259ba24251742a

SHA1
b7a89b55bab9b2f9ed6829b9855b819df8bfc6d3

SHA256
0c28ce2e5fa3a2c6d3a7618168538f8cac4f31267896ad385a0e0d8dd0aac6dc

SHA512
04b1b21af7611d774635de4f7c7bc1b61e19cf2f9a06caf5d980ea28e176d1107117b3017cb14ec0b0ae7722cdb900e8d8f83324e510e9932d9e658c86515cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
897a19efca617aa8169b4b6ff3acebb4

SHA1
09ed36655522f48d2d2d2ba83df106a32c106a68

SHA256
15b593e3105877b2a150ec1eda7b19bb8a30495bae5ab68f9c0e5d52a663f5f4

SHA512
2e300cdea45ce2cdbe0acd7ff8a9a2a26d3214dff82829b0d418ab079b08276621e922a59e0415ca85bc036dc5f4a2226c920c7dbc4ad937ff851de22f699436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af32b4b7fb9a37d500c70e7ad0860af9

SHA1
6f32eea5c313400c6c99eab98f4298ff55c13b11

SHA256
46d4e3e30a7823e66236f27f1c1addc72a25fc0f116c1f23e46e479018806cef

SHA512
1d49746d784670bfaea39e6561a50089e94797dfa5a022a95fed6b24dbc080d2ac75a8d56e60d6d661260fbe33595eb330cc41782b9f7b890811615490e272f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0c5e9015bd1457c1d9c3394cfe9a5dc

SHA1
acf41dce6dd7bac5db2a973303374daa218353ac

SHA256
3959d90c3f3fc58ad6f707743cf127038ad22226738f670b6bd0583c475070d5

SHA512
d46a40b168e0f26a3d8f1ee0d43fb48b4c13125b5c44a4f94a9389c676aa16595e6cbb2bdb0f950e6d84c30e3b21bc79c03baf92af479ee8af6846f04814561d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7cd55a99df1c27ce821ee7273428caa1

SHA1
f05f47cf64302c5c4e0d68057b3670444b148682

SHA256
a6fc92b15b36a271a622a1c2f6c0edc194d6c2bc73094e39439c3c31a9a9238e

SHA512
247f4c67d5f812abab86fb8a326c9223485dab31e161849c3ef893fda7536439553ad47912ae5c6f7f6050d459a25e190caba05841f952740dbf16a77f2390ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7ffd2dbbe4fd272355556571a9abd4c8

SHA1
2b047affb4f4d7292c69994d859f3d1c6e84a74e

SHA256
70d7ab97296cb62994dc39ab660f130e6ee3b90f35ef9ae14fc952969f45cc6f

SHA512
ff33ec8931e3917bbdfe8515477f62da5a78a7011cc1c2b53e6404bafdb7d907288f0799e073f8d6cfcae26f1ed1f42eddc513410d2afff7ccc0b0c187ae5bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b0c3b50ec15d8932157483c89417abb

SHA1
e4b20cb569e88ed2d7b23c88c0cb2747a161a55f

SHA256
e0f74e0189c518f54e9c25f10b4cd65f215711c08c55a7ea9322fd7d93d417e2

SHA512
6adc12e78f1da8e534cb23e382c0b2e8b708ec798370dcb97fa227949848e6eb1779d49ee6d6145c4c44e2cf11a198f4ff0ea7ad1ab70f582b90cb8818c254c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
57d036e80fde71918c8495d5ecf75564

SHA1
a32d0a0da9a839c5831f608b67f1f3a795bb0d6b

SHA256
91e296f6614c1cf3390cc0e1998eef96e83e4d866f049a6d50c0ef764f531a33

SHA512
0e3c3c0856279362940dd0e472452443c37ed7b6695294297911539bbe535640b5a5268ffc1d09127ed69e751c5a5f9b2666136da875a29e23ef08e6da073201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
85b6f9c330a6d894de1d62af91b95385

SHA1
3fb3e4ea6cd9b78c399ca9073642698ac6022ccd

SHA256
acca780c0619db4f32046511874c0a01d1f9318e5691417ff5b4f5442ec47b09

SHA512
2e31654cfa7434118978dccc864822a6fa8b236e691cdc5e1beb1a2ad31fa38a4756988a759869d7b3054f777e87653f3213bb940949126ada2d1418d58dea3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a6cdec49beb1d7e4666fdbfd493de293

SHA1
317d18d6e896f12fe38cf56db2addaaf8a8020a2

SHA256
6203643d6bb54178d24b8f71ef5fa86030dc46f7535e3747e193f9be869f8090

SHA512
9599b91bcff20977499f4a1bb6ee3439c5cb1ff2686ae42b6fff601d1fee30e3147a600b05c02609323c318abc48d9382d6d66b147e2e06a79d026fc3a70d6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587598.TMP

Filesize
538B

MD5
ad2808bd37f2b4d43c5d991fa8e6d3ce

SHA1
56e0442520891ac17f449d69f2c928a5932f4912

SHA256
296b4f3a9948865fcaa7d7e689f8eae929f899b87070947fe523d893a2e47aef

SHA512
a0da780cb78ef99445a9180949f29db74a72f8c100e29b737d468eab31a03818c3adcef9c0af2f40b0125566ff1b5df7b3235db151902706569de6527f380d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d84e7707-3fc9-4167-b515-56901a74fc5a.tmp

Filesize
1KB

MD5
950c7e82c6e1f72b0ce7d5daf55595bf

SHA1
22c7026e7859f00e0c142ebdefc9a5d6fcce0559

SHA256
a06c649262cf70bcde586cb9bc811db44213187bfe27c99442d6665722bab0c7

SHA512
fc1cba7ce7af41dd48debde476f511aedc666105b14f735581ac1efb6683a4aa708f5454d49ee9019ffe0e25792fcf36aad2f2a7b701bb03309f37ef2dcb14b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
328da400d57b0dfa5cc8e98c7ea5b17e

SHA1
2872762d6a6703a560fecd308886aba83a0e9ce9

SHA256
ac0414f67b040d65d56a62bb0bebfc6f0a336acd901fc49cc75c771f67cc44e7

SHA512
656caf42c6b33018c227ad21131c2bbf66fc4ec6405aa308ad7f99b92f5cf7a3f3aa819567502888af541b62fd528761db317cdff3b42c9e14a13c54b640930c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
95400ada027f40d57619742558f6b7c7

SHA1
dde337f54b99482e57ee077c328595966e7e5b49

SHA256
d6035c3205a46a4998c3b4a34d0c879ccfacb0318aedffd61d0b0c2c06b92a11

SHA512
582575864bbba676e31373e420f541992c4f936506e1310b95b6d58bd5bdd9f65ba200ba0694bed9e3e95d2248c32a6805fe5b028d933b2608af497e01df078c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4f34ec91b9895bf7dd2c92ddc55b287d

SHA1
d7c029c01d1c4ddb03fd4e0f1d0a1b3edef8dd68

SHA256
11f313a44fcb802c79b3e4c76ceb4b3d68efa7aa179e45c64dddd3fae798dc81

SHA512
fc6794c21acc2a129166d59b1222c59bd9f5d9be1c75042a287e13b008072019c090276c032e126dc3a81500f65d2eb1763673afc8d0a6b8a24ba59bc05f8368

Download Submit