hxxp://noescape[.]exe

max time kernel
978s
max time network
1044s
platform
windows11-21h2_x64
resource
win11-20250207-en
resource tags

arch:x64arch:x86image:win11-20250207-enlocale:en-usos:windows11-21h2-x64system
submitted
08-02-2025 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://noescape.exe

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
1608	msedge.exe
1608	msedge.exe
5080	identity_helper.exe
5080	identity_helper.exe
4076	msedge.exe
4076	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1488	MicrosoftEdgeUpdate.exe
1488	MicrosoftEdgeUpdate.exe
1488	MicrosoftEdgeUpdate.exe
1488	MicrosoftEdgeUpdate.exe
1204	MicrosoftEdgeUpdate.exe
1204	MicrosoftEdgeUpdate.exe
1204	MicrosoftEdgeUpdate.exe
1204	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1488	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1204	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 1508	1608	msedge.exe	82
PID 1608 wrote to memory of 1508	1608	msedge.exe	82
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 2780	1608	msedge.exe	83
PID 1608 wrote to memory of 3416	1608	msedge.exe	84
PID 1608 wrote to memory of 3416	1608	msedge.exe	84
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85
PID 1608 wrote to memory of 2712	1608	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://noescape.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9bdf43cb8,0x7ff9bdf43cc8,0x7ff9bdf43cd8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,8788081865780994566,696195139728658908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1104

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1488

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
237KB

MD5
15f7d7702867794a5ea80e91549e1f1d

SHA1
f157f501afb672d1719ee465d0243841ab45ad4d

SHA256
4dfa2d277b4d4a95fa00840cc22d1f7a8dc72a26ee8c22aacb8d56fa20d2dffa

SHA512
135098167c7481da7348550828ebe96dbf35956707edfe61e0405e778a93fe054a4e6028b4b9c1412fc3762941f4a61c5a3bafe0767f17f4596000e6c8361b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2522886e1b6b01847a8b2bd8239db83a

SHA1
4c16812bf9f827262030825bda1f644746c90ac0

SHA256
596eec2b17e61e2acd9682ba492a4d5263cab1361dadbee49dbf1a175c226cf3

SHA512
f32b6e29315f7e0459a3ee890eb40b713262b936182609c9ba7408c9aeff97353a27fd711e7713629f9a302b48cbb7cd1175bbed28dd6e07869bb947cf048c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a2b6a38b7ba9aa7c64738c68e58edb9

SHA1
fc9280f92eaf999ddc4dfe87c08f0640384ecc77

SHA256
ceaedf34d68a4c20e135231363cba3816453f53b96ae58fd88bc5f00135dbb6b

SHA512
69aed16cd3a96b7dbc1205714fa46040f105547b8b7338d7320cbef5338cdee2985953cd10b037e2dd7ff8a79dd7ce76edced906c7b50ef54980e52fe00a4e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\031e1ffc-e2a5-4ff2-acf1-2f2dbe441f42.tmp

Filesize
5KB

MD5
e02fd8e52319cb1ad396cf176cb9792b

SHA1
fab65819bf2ca4097628f4ec8a2f11b9807b34dc

SHA256
bfa4833c9f22e67daac68ef5fe5818408c2b6ced9b7417f02e4a87c25ee3dac4

SHA512
67fc122ae6f3374b93ca9dd106dec96227b1eeafedae9cd76479b8ca4d5b60c30a59cf3f8b41367b41a300cdb83b213e45e7b6358cad43f58e0e2ddba7283d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
87f3ec33cdb558d4c4852bc4ef775d3a

SHA1
f9509f6309c0792980be01e3df68caa1dce2040c

SHA256
262d80303178ee5cf596d47d34b867dc4689fe7b5c490836c8a87a696a103943

SHA512
b33aadb1f3af25e3be6b59b407197d43aa685429a637c12cc4c84d362e273c863ac62f539288641d9cf78a7d10bd093747050153a7ba25f2a3b284e4f84e295d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b80cabb37c5da7c4a1a1054f6f1ac7bd

SHA1
369642d8c93601cb2e3d5787f45499e02f289ec0

SHA256
45cbdcf5836632fd73d8ce0f11eb89e994b20aa949a4726927e3de128918c817

SHA512
901f5cca479dd7f80c8a4fc57ff8bd2e5abd5d24e8e56e5f74f8feef8ee9733f0dfe5985144afb385b8baa7c050290817ae44fc906f0889c6c036d3f25692f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
706B

MD5
b85287fc7388c8122dd15be069d32cb6

SHA1
9bd88bb3008c621d498bba53788867e0a429993b

SHA256
b674b73651e4fba4450f31cd21e27517a20c92e3705fcecfe6b22d32e8c42683

SHA512
9cb0ab58cfc5183500cf5b1f816f5d8671d977d92089512a4c84c37f12ceefec1d56c48a11f9152ed013715093c879ca9525b0efbb69ff39f62c3e890eb4fed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a4490017644d735821782e3ec331173b

SHA1
ee10e040fee8fabb6461e9ce4b1dfb83fe04f9c3

SHA256
06b1127a8526fdfadbe50e8ef34b06462a694c4130b66a0f366b6e1501a1191c

SHA512
d9cd8502bf901c80091aed0141677cb51d3fc105cf4f10b0c21c5617bc9630cd4bf6fe66234b55b769cf54a812ce75f92748ec77f352012d5502f8b4d7c495f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e8f7ca7082d378e197ba14e59284e87a

SHA1
c5453249ab101a8fa501742b5dc8bafc16852efd

SHA256
1ce5af7911510fcd181aaa0cdd7fd8010b027c6226a8aff24bce6c9491582584

SHA512
1793d96bcd7e32b4aea54480fa16896ebb047741cf983790c6cdd6153581f8304675d45359efe31fc684723b035f425614220896ce6098077bad110730fa5fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
030fb1d8eea9aeee33dea814bc1245b0

SHA1
cdb9af9d1a6e54d922b8c51a96704a8c6c0cd7dd

SHA256
0ca66494a600a1fc1b0f7f6040029ff38a8012179976120d45a065eb82968c0e

SHA512
a2c5307f48b205f02449f577611b6d9cf75d47f82bab97375479622452c1af1e7c2f77b7ec2fe7645f441f31bfa3875e804f35643dbc1788d6655b4d9b488dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9f5f7de81c937269613822fcf4bf61df

SHA1
2bfba2421b22a04de35840d102265444d72d8c4b

SHA256
19b2384197d16b09e2040cbde867aa910fbbf1e8c140a63040888993e3a88371

SHA512
6fce4a11273e0478ee445b3c5218d26273d5573cec12439c936d485834313e7fc198cdb7f44ba88cccb9de75fb14916796ea9ba0b5d32b8dbdbf67507b30f8e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9970798f22a808340435aac3f3baf8bd

SHA1
32a5889f159c9a105ca9e4aaace088b5c88690d6

SHA256
08fefb01705182cd6f7898ad93443cc5beadb284112803b8c0788b8269d2361c

SHA512
d53461753ba173ffef54154d8d722322c70ed4174bef69043d77f3dc4f659ee9041d2d11d9cf3c75734b7f4979ed7ba98d39b7ba4780596b01b2090570bd2807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6f65ecff992c053520c2cc5ffbbf9189

SHA1
5eda063a0523abd040ed6586e64be9e3da5a0bf6

SHA256
3349eb83acdfc8c6f656bda38ca5bc189f4f244a843cba4884583574cf61f473

SHA512
62ff32ce8532c5eac149cd602aa90d58f409e0c73d82bb3ebf14101b0a77dddea56500ee8f4371237be5fcde27e028819efd71592bc36062955c3ead23b3c797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ac2222844ca73eafd425f26fe15c19e

SHA1
4c59a4d4e95b2d1154c1eb3ccc8fb06c82cc4095

SHA256
e945a3ae7d33a53881880f6934e938a26569dc945b49c4d5cc9656644a27df69

SHA512
3c57d1881f280df7599716c8c96e72466aaea4b829aa01f5ecf052f7adf5107f6e63e16bbc14f857c01f9ed92808ed1ab1731cc708ea664c51eae3e941afaf35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
08980c1186a51d8c1fbb00d5f9e24715

SHA1
48b96a1ca51ea7a11c6ddc4bca39ea42ddb01ca3

SHA256
b946e07c9f40e04ee1ae0e30eacbd7f51567b5c33a423f564001791ee7eb040c

SHA512
71552c10b6acef79029e2a45f8ea88b50fb134dd7c6e426d72bd58605791de4605fe5b40c40c1d5a48890937fb8071e56e0da0cfcc2862ccc89ee8f9d95d9ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
496ded12313f54ddfbd58cfabd3b5a91

SHA1
4c1a540ee696381ab79a97b55b24818bcba9b78b

SHA256
037f2a88ba39b67b44f0319b55e9eb345df8d79f5214ad76c8983cde58961fac

SHA512
7324545281526c8586bcb697c089d69e0e12bb76f29d31cd49551fc9322911eb4bbab20584a9ff98e5d55bc9d31ee561c3df33a72c3d86999ac3623f4f6636b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
14fab0cfad3a6af1b92e910909be0cff

SHA1
33b05bfc756ff8049d574a4c4f238b29780890a9

SHA256
809d16e413e1014bc95e329fb1e3d88dd1526b2ec63fde4d5e32e83843a17f8b

SHA512
6f5d67cedad5f9f52649e0a77a30afb1d1ea3816c9fdaa37772b92354c5105c0054ccfe33c6ed8d183d8cc241ece4c380f44ca91e60fcab5c01b40d5b4690309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58274a.TMP

Filesize
538B

MD5
a6c8589e5936397ba67f01e9358e1d02

SHA1
153f69b53fb45a77a94ff87e5b899312852ec71f

SHA256
5505311f6f2deb1d27ff9ecd72383fbb8a1495d028c2d2bc1ac35a22402e28e6

SHA512
4da433c3a3aa97b20f7cac6c14af3353bab2c33f4ed452e3ec322b627900d67ba8457c235f20f27a94d448adfbbed1b8a320a8ae6fd7bdb206d5ab850320e4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2c812d3bfe80fc90de7886d1c7fb5abb

SHA1
250ac70f36e9fe7bd8ba402b732d3e2a3596b5df

SHA256
beb9882d17b2cd9b33137f2a7bf2dc3fe85be082041ee5eb46d8988ee5071f6c

SHA512
31cd86bae46e81a2284dfb7fe0f4fdba3d424a8e831108895166559c1633f9f3d8060ff105b32beb769b5f308ba7f9bcac13e7d0235d0f26eb40ef8b07b1e7de

Download Submit