Analysis Overview
Threat Level: Likely malicious
The file https://cdn.discordapp.com/attachments/1241109389448843375/1241110933938376765/NoEscape.exe.zip?ex=66490221&is=6647b0a1&hm=7c765be4561d6ca0eb800bd6418056bd63a11ab6c76a9239cbbfa78d51c9949a& was found to be: Likely malicious.
Malicious Activity Summary
Office macro that triggers on suspicious action
Legitimate hosting services abused for malware hosting/C2
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Checks processor information in registry
Enumerates system info in registry
NTFS ADS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-20 00:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-20 00:21
Reported
2024-05-20 00:27
Platform
win11-20240426-en
Max time kernel
299s
Max time network
306s
Command Line
Signatures
Office macro that triggers on suspicious action
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{6CB61F7B-EF39-45A8-A1FB-3FB4DFEC865E} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\metrofax.doc:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\{03794230-46A8-4B12-9851-F4D9F0E4B158}\8tr.exe:Zone.Identifier | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1241109389448843375/1241110933938376765/NoEscape.exe.zip?ex=66490221&is=6647b0a1&hm=7c765be4561d6ca0eb800bd6418056bd63a11ab6c76a9239cbbfa78d51c9949a&
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe782b3cb8,0x7ffe782b3cc8,0x7ffe782b3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6820 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 40.126.32.68:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| FR | 52.109.68.129:443 | roaming.officeapps.live.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| NL | 2.18.121.196:443 | aefd.nelreports.net | tcp |
| NL | 2.18.121.196:443 | aefd.nelreports.net | udp |
| NL | 23.62.61.162:443 | metadata.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 104.18.33.97:443 | api.opensea.io | tcp |
| US | 104.18.33.97:443 | api.opensea.io | tcp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | i.seadn.io | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 172.64.154.159:443 | static.opensea.io | tcp |
| US | 172.64.150.217:443 | openseauserdata.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 3.162.20.22:443 | i.seadn.io | tcp |
| GB | 3.162.20.22:443 | i.seadn.io | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 172.64.154.159:443 | static.opensea.io | tcp |
| US | 8.8.8.8:53 | 22.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 34.120.195.249:443 | o406206.ingest.sentry.io | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.18.33.97:443 | static.opensea.io | tcp |
| US | 172.64.154.51:443 | api.moonpay.com | tcp |
| US | 54.69.199.187:443 | api2.amplitude.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 34.120.195.249:443 | o406206.ingest.sentry.io | udp |
| US | 104.18.33.97:443 | static.opensea.io | tcp |
| US | 104.18.21.237:443 | auth.privy.io | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 104.18.33.97:443 | static.opensea.io | tcp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | tcp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | tcp |
| US | 3.233.152.252:443 | csp-report.browser-intake-datadoghq.com | tcp |
| US | 104.18.21.237:443 | auth.privy.io | tcp |
| US | 3.233.152.252:443 | csp-report.browser-intake-datadoghq.com | tcp |
| US | 104.18.21.237:443 | auth.privy.io | tcp |
| GB | 3.162.20.79:443 | raw.seadn.io | tcp |
| US | 104.18.37.8:443 | www.walletlink.org | tcp |
| DE | 3.66.52.205:443 | relay.walletconnect.com | tcp |
| US | 8.8.8.8:53 | 205.52.66.3.in-addr.arpa | udp |
| DE | 52.57.114.123:443 | verify.walletconnect.com | tcp |
| US | 104.18.26.46:443 | explorer-api.walletconnect.com | tcp |
| US | 8.8.8.8:53 | verify.walletconnect.org | udp |
| DE | 52.57.114.123:443 | verify.walletconnect.org | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 142.250.200.59:443 | storage.googleapis.com | tcp |
| NL | 2.18.121.196:443 | aefd.nelreports.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d22039bc7833a3a27231b8eb834f70 |
| SHA1 | 79c4290a2894b0e973d3c4b297fad74ef45607bb |
| SHA256 | 402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6 |
| SHA512 | c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7 |
\??\pipe\LOCAL\crashpad_3464_BBUOSGWRGCFPSKGE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 046d49efac191159051a8b2dea884f79 |
| SHA1 | d0cf8dc3bc6a23bf2395940cefcaad1565234a3a |
| SHA256 | 00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7 |
| SHA512 | 46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8b55d59b99a1acd53c9996986398f94 |
| SHA1 | d75a039d51794624eea1c062e6b799a16a0c318b |
| SHA256 | 8fc47e8ad9b960dcdb0fcdd02b458c3da209470f738d991d6e42e882e3fcaec0 |
| SHA512 | 521eefd7e78a0e1b39e8098ef59679bde95dfd026e301182fafb051f4d7c82006b67de51f70d59e31a9c4be9aedd72781cd6e8fefb5914feafe48bc0f680bccb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1926915ae2168b56b7879f3170d9a0c8 |
| SHA1 | 429233e1b88f211721bff5758b47e991343570a7 |
| SHA256 | 02e3235b001def10ff86ed839365a62289d986f2df6a4b519653bd4c92728cca |
| SHA512 | 312fee83edeef9f30b3f935e3dd0f7afd883603409abe962715992ba798eec9b4e26c24bcb5d46095ce1288118ebd723c2c36e6628a489f3feaa1f847554bfd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 54ea0df539ee5ff24b586be6ca319a12 |
| SHA1 | 5d5138551a7d8ec05a239d8b89a71891b337a5c4 |
| SHA256 | 694118c12ffd04dbab7d8a014c0abb5cadd0cfccacc7029d1100ae4a4709506a |
| SHA512 | 3660db7d50241a9ae9a4083b5ad52972aad9aa7fbccab1e0e240c2371b6f3dee2172fd31acfdbf6d1571c10bdb034bb6af4d483113a43438fa7a6b498227b4d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 395699fc7fc3283d3bade75dbffa446e |
| SHA1 | c9474c5a587fbd3a25c0992f1dfe7946e3b7abba |
| SHA256 | a184c8951b524d5a22d7bca69a0d775523e8c095d158f80ac4415d87d17acd1c |
| SHA512 | 70749ca5fc0cc5b9b85d13ecde89ffffbc1af7b36a650be842ff303b0ed0ef49e8d9f3edb91324d42462446b882b2558abff235f42e300226e491432196ba8fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | aac57f6f587f163486628b8860aa3637 |
| SHA1 | b1b51e14672caae2361f0e2c54b72d1107cfce54 |
| SHA256 | 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486 |
| SHA512 | 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 2004fddf8dabaf3ab5709db7ffe1437a |
| SHA1 | 5320ba67472de1929e69494496e7f1281f5797eb |
| SHA256 | d32d2c2c4ab40edf9f4258f96e287cbc7bf590637f378dfb783c6dda39c3d401 |
| SHA512 | bcfb4a1d364c4025df386e69e65e20794286a2e5e5b644c2fdccbe52070ea579e06b67682387dcde4dc0cfce9ffa54ce19dc19c76d67ce2ab09ab223c506cf9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 153d9573f0f824b040ac13793d95e406 |
| SHA1 | f8a73c205962012c4fa5b93ccbc77d7b1be3b5d8 |
| SHA256 | c70c12b65715e837682baf0eea8ff99a7531d9036b0b5a9d640def85df92d016 |
| SHA512 | 5e0f64f8d333be4fff5b869952fe18f3189d6af97bfce10aad8acae96153b790108351083f1b80c40d76cebdca35e5d7e0f3371c588a02c74e6ea0055a3d2b20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ff1e7f9a46853f93eff88ce1aa98e0a |
| SHA1 | e0468cbc80b9103a8e40b98c7f448cc336b2827c |
| SHA256 | 7066e31c73bd003f09665bb30cf0615c5478204811f0b81f5f06ffc7baebf87e |
| SHA512 | f540bb3e4e00b64ade9e2ae4f14f97ef1864337bc53e561a18e2f2597f70ad6853c8c4d840c3ac62f08cfefd124625b5a596e1d714994fe9c571efdde6d383d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c91c.TMP
| MD5 | f31436a0597081e7fdfd8afed57b2ea3 |
| SHA1 | 12d70add34399011a9d4aa968907f964d3845a1d |
| SHA256 | 9eb1c3927201f30803b3795fa19bb422cd183b2a8c2634c3c1fdab584f2450e8 |
| SHA512 | c72a8bdfcd39e80617f586a8a3787478d94fe94c6667b3dfc4ac71c0c7a5a593717d5bfd2eef27cfb043208be95d71830ec0860a14f0462a9637e1812aeee92f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 562ef8adc5278916a58bb7324af1749a |
| SHA1 | 542041eb2b5ccc94656ad3210f1d0f23e95d4e0b |
| SHA256 | 4a206fce9a520bae2675b6da5e776a04b7cb78f112d893be9d33cbe63c5de886 |
| SHA512 | 627ee8152a5289266e3b8165bf247608d0d3492027785c5ba03cadf6ebc3827f19a197eedc4f002404741b93241e4a2072978e33d87567da17b588721b6b9f9d |
C:\Users\Admin\Downloads\metrofax.doc
| MD5 | 28e855032f83adbd2d8499af6d2d0e22 |
| SHA1 | 6b590325e2e465d9762fa5d1877846667268558a |
| SHA256 | b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e |
| SHA512 | e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34 |
C:\Users\Admin\Downloads\metrofax.doc:Zone.Identifier
| MD5 | a10e4fdae1afe986f06734d531d70c9f |
| SHA1 | 77af05afc723ea8fa055b4ceeeb66561c3730aa5 |
| SHA256 | 96c810b47cd4da12574414e8885c5057c805e6cbf6f13bf3bc25d23fff154355 |
| SHA512 | fe18b92ad6096ad94cfe866b76f8bf3d5d8ccc8f32322f86bb2be50491eef5bb628a5bab060d98a3743ead58837ea1a3aa996b72efa13bd1583297a64f465f9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8510ee834249433549e5e2841695b1f6 |
| SHA1 | 3af0ad569b3547426091ce5aa11a1e42fd06f791 |
| SHA256 | 945f6486dbecbb5bc932959806659abcf2ed07e7fb884ee5f40d03fc2a162f5c |
| SHA512 | 4867bac132e7b8ef2a92c4258ca9e9c12c2e42c10603102554a65932dcf35d41e31dc5e232cecb9dc23be7854fd6e9d0b73134882ef66568e3571ce2938c2ee1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b814be03a47ebb74cb28601507eff70 |
| SHA1 | a9c196e6f29bae830ada96565b6ebe154036a80e |
| SHA256 | 21212e6c7b8f07e1d298382e478f742136640730dbc5a7384845ea808a2ef14b |
| SHA512 | 4cae58cd9832b5fdd41b980df3c9b606d2a35ff8edc97165c9d75b77c84cb285f8670ba9cdd4491b0366281dccfe3ec0e0a8c862c96f800daa2cdb2e6570d9dc |
memory/2940-568-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp
memory/2940-567-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp
memory/2940-566-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp
memory/2940-569-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp
memory/2940-570-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp
memory/2940-571-0x00007FFE41510000-0x00007FFE41520000-memory.dmp
memory/2940-572-0x00007FFE41510000-0x00007FFE41520000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 74635f6e5554ebd726fdca0c002dbee2 |
| SHA1 | 278e66625144f9d89050b0bedb482a68855b97d4 |
| SHA256 | 483e814b8f7ff4423f67f93987147b151908e1eef88479b67d4c7c69e5444424 |
| SHA512 | bb5dfc5a78b97bd7a5bc0bfe1083b1f03b5592543abf9ce00a7a36c84fb540ddfb1c8ec8994f7e6eabc30b6de896414d171d7eb3c0735ee9708093162fd17f34 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\90FF6E76.emf
| MD5 | 0ed5bc16545d23c325d756013579a697 |
| SHA1 | dcdde3196414a743177131d7d906cb67315d88e7 |
| SHA256 | 3e430584cd9774ea3b21d8e19b485b48212fe356776158dd5f3c5f63a5bde7d3 |
| SHA512 | c93072d11058fa50e3b09ff4da9f3dbe2637c2b5df05e616bd8ddd04557ea1e8b0db106b1545fad334619118c467776f81cf97ca52d3f2fcbbe007f30032b8af |
C:\Users\Admin\AppData\Local\Temp\vbhja.rtf
| MD5 | 2a52375808c4b3438deb2e017e295f5b |
| SHA1 | 6a821a67c267b46563fb8bc18bfdf0846791b98a |
| SHA256 | 04ee5e43e76e01559b2c6cc19d059622aa89963c4845942644818374fff18611 |
| SHA512 | 03a12e76912cb8b35d869523e4d9545cd4a1e5cff4d53e2f10f0f94d69652b4c43100206c8ccda98de0d0474fe49b33a79777465c2d01b822fe01482dcdba523 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c2f88215dc983057e62e2f09be854815 |
| SHA1 | 6ed1fbeecf1dad5fd59b90998ed0beda7665fa83 |
| SHA256 | f66d3ca15bddc4427bfd7dbfe615e7e3f27506f85fcbca5f432b94542762f735 |
| SHA512 | f844353b4217ff57d7993e674c3dbe3b7ac3c7b9f648b5eac738a0da35b43f483276403e654e04c52b7c71ddb52ff3577b954ff9f4ea20161f3bf72eb574c190 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4821691c0732568b276f593eabdd1c2d |
| SHA1 | 929ed114ee3c71a41cdbb63aa2b9f4eed29ea4e3 |
| SHA256 | e54372128f4ac6fef2740e9b0cc07f104c5fe6d4059eab94130132287fb3c910 |
| SHA512 | aa36d45b96086bf1845e1a5ad7dd0a264b7f4ae9438dcb40556f8de96e7781f7202a84f3d48ff15a980d8691e0d7119693c49b31ea5cc34c3b03b809613eb0c0 |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\94602B49-6972-4E7E-B78D-D81C81E154E6
| MD5 | 68cc36f2ac02e520c286959bd0248b02 |
| SHA1 | a42105ef19436e3ab5141311b8a5ec677a2895c3 |
| SHA256 | f2d034648be58f737586a5656ff64ad608c721a9022313f1bec45ca31aeee544 |
| SHA512 | fb9aa061b85351a1b431d54d7a2649b94d0607a4287f2d73db6171747dcf3502b8363d8434e3beb802dbf7ff3534281c048933f27ebe9b3b73ee059e6dbe9c3e |
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal
| MD5 | c1bfa7afa12ff6bedfbd03469c94984b |
| SHA1 | 892ce09069a30e3356f9f4ef676d8c5fa8c24054 |
| SHA256 | e561672c9daf38a23fda75972d9995deec5215e99c562eabbfb9f23bca31433c |
| SHA512 | 32d8abdd467db9eb4abc357d1fe093dbe810afc189240f354c3d64d91ae7dfb3bbe136af71f98534421b3d4440246a3a6c5fcf2b86811714c3cb80f6b0be7a4e |
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog
| MD5 | 35148c4ffe7f00e6f840602a7c23a4d8 |
| SHA1 | cdc82b094b3bc0a6ec3b8a43c18e3b0cdd65caf9 |
| SHA256 | 87f772ffef4c72b4fc2ad33c2ba323661fff93063089728f8f65f501a07163b6 |
| SHA512 | 497d796c1767e89134cb54b21e197eb31ba78351c3f0f86dd753978f967348b6453a903dc4f8ee27605d137f3c4227661e73485f688a89f655460c7da543de98 |
memory/2940-730-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp
memory/2940-731-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp
memory/2940-728-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp
memory/2940-729-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 06dcbd58744f04194e9539c3b5d9d27f |
| SHA1 | fcfe1c6e17de2200b346bf252dca02f9a4202ee4 |
| SHA256 | c39e7de26badc307d396e81725442901aba72d948ad68d3b7e280c232b4976f5 |
| SHA512 | 51ff3ef89cbf78ab2080eb5fc970ad10874a2e664ab4e020d5e80418df9d57d10eaa61f0be09a709855e2f0f05ba1ec1ed65dd441299da1e1bbafbb6adb4169c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | cad32f8a3fc43781a09e27182a2787b5 |
| SHA1 | 57202f4130990e4c120f4bbafe43a8622b45b5cc |
| SHA256 | 1484f37b083ae153097c2497787fe08c38e49e4cfa6d4b4c94b40553f791caa8 |
| SHA512 | ab3754c063fc3a7b1d4541e20f21f05f0862049f35436d393e9bcbf5bd9b77e25f77ac57cc38bee6df46c643e4920f6d0d5549bfa7ba30e971fa46718d59aebf |
C:\Users\Admin\AppData\Local\Temp\TCD5BD2.tmp\sist02.xsl
| MD5 | f883b260a8d67082ea895c14bf56dd56 |
| SHA1 | 7954565c1f243d46ad3b1e2f1baf3281451fc14b |
| SHA256 | ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353 |
| SHA512 | d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3886c6e8ef69b784dbb7cb967a476701 |
| SHA1 | 7a81aa5f21498af2b405bd8ab96cf7bcd3752a9a |
| SHA256 | 1ac47e56f071254f780e06bbe0e21cd19733a9c2b4e2746326e517ec79c6756b |
| SHA512 | d347f35786c078e8916f1f2e39143ca7aaf8c0832bf4a11c85dca25d95e6ef9bf431539e4f4599dd03ec80a4f08c0a4f56c50a76f00ebe0369b8bddd1f0180f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ea52c767e3275ad635423f1bf9a38498 |
| SHA1 | 69652fc5d52cb0fad8527a715489d8d986b676a3 |
| SHA256 | 0286aa809ab7e4bd96151ecff94019d7aedf68a29ac66bbb6aeaa7791aa74db5 |
| SHA512 | 7084ae143fc21d921cc3a9d0319cf08d15da06a5cc013f9189711b31544059fa4093e6c876d1f2fa2e924cc5d16780b99c89d0586edba92fb0f6fb794478e6dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 990dc2cb3958f27023a2625ab36c0071 |
| SHA1 | 2f6f66d8901e90c67bcea778bb1515e59c7ea319 |
| SHA256 | 3f54a4d9c567d9ac183953bd90e65972dee0e60eed78becce46207344b89e5ab |
| SHA512 | bfe4ff7ff44a7594b4570c9f3b7086e2b5d775e62f2de4a36fc921c4672dd05ac450bcca1b40b313cb597ae0de5b082984376eaca8f351ceb46bfd4bed114d81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | cf989be758e8dab43e0a5bc0798c71e0 |
| SHA1 | 97537516ffd3621ffdd0219ede2a0771a9d1e01d |
| SHA256 | beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615 |
| SHA512 | f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 3cd0f2f60ab620c7be0c2c3dbf2cda97 |
| SHA1 | 47fad82bfa9a32d578c0c84aed2840c55bd27bfb |
| SHA256 | 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b |
| SHA512 | ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c1be097885d0f451a18735a4631b36d |
| SHA1 | 3de7d21b1f0292dc620919e8978a771391ab8f99 |
| SHA256 | d0046ed57dec9cbe3244b364c11027a683da5e33350f74c0cda7b5e695e9073a |
| SHA512 | 435f3c1fedf5ba30a17122324085e794eabe62465522726c41f118a0f3b1d0e97fa6d6e734e7f3c9a4d353b21f28671ea7b4c73c92b7b64ea87f2edf9e073394 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b99ab3e63e0cb2fb4870fa44e5541828 |
| SHA1 | c6a55f90e4d2382677b890b4082d6a483cd2f580 |
| SHA256 | b4e05837fc03e51f3fe78d01a831f488d47488d408d6961ccef4b56940f1a286 |
| SHA512 | 542735ccda32fcd4cb08cbf366ac9f0b5d97b0aad6e0559a6dac745a5778ce51910b9519b2b699dcefe2b6117d4b78f65a675967b92ec9ded2dea87750cfa915 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 0f3de113dc536643a187f641efae47f4 |
| SHA1 | 729e48891d13fb7581697f5fee8175f60519615e |
| SHA256 | 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8 |
| SHA512 | 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7ada277de030373df66dcac76689a7d2 |
| SHA1 | 3406efd2be4f70b355428927f79adbcf88438910 |
| SHA256 | 55672160d59fad8957a1f023e4771a021e9bfb51a4bec9c60ace08f949f651d9 |
| SHA512 | 1b973fd90403b0ddd87616f72965a0a422f3f714398697d99d640f23846b48c15f909ca62b89bd9428779bc1caa31bc9145e759d6ac60acadf329dfcc9b9a1e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dcd6ea737854d416f0ce5912fddd88f8 |
| SHA1 | 2ccdc1e32db5b62a8d6e2effe16b18b208c0b4cc |
| SHA256 | 19791059ecb23aa9bc02c8c5318c51f69d29b1505100f7dba13dca49934fa596 |
| SHA512 | 2ea449911910273aafa7af25dbe7862a95e5a2ce2cc1fb271c773982249a9739442fde4b349cac29e3d9ef3b30b97e285786e2a9039af2e68469534556747b16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c42858b0aecb0ecd9235cb4b1ec997ab |
| SHA1 | c1e0a34f880281a01a0b85410722e7d23205f409 |
| SHA256 | 9c9d9128c6fc4d2b4b13a9a72b76790715f29730fa821353b179e4b9f12ceaaf |
| SHA512 | 89887058d3588c98e9497fbc9b1fc7027c29458e903daba101b370f2abf12c713fe06910010e65b20ff391c282aca1f5bc3e4004c222826897139fa16d5de585 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 25ad047180626221a3006b1c2ce8ec00 |
| SHA1 | 19750260d64a18050cc5dbc730daa70f95ff3527 |
| SHA256 | 43ed9bcc65258493f76ca992bf14da022a0e38dbca660972074a6f27318924ee |
| SHA512 | 3c0616d64b53005f49cb8ae896d94942c5865d5705c04ddab16bc2b7355b258576b65151c63c0b2afdba4a6af96874a45be14a9c4ea4148183069b556b0bc846 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ebf0b3ccfd7c386f820a307cebf853e8 |
| SHA1 | 8c65b4d8e9bbfafc352ae6f8b59f86c16f475fe2 |
| SHA256 | d59e225a3948d0e3cefc9d39c187bba3fc8a302e5996ae0a164f91ae68fbfd9d |
| SHA512 | e9de53a05821758765265d374707131715ba8a79bab007496e377c3f57e72b2a71aa72fc526516493b6a49b0406cafce16d5899606fd284887bc17050ced853d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bde848c3de5dbe0fe428935de9439729 |
| SHA1 | 35c7b31de1726ae91bb294107c731cc5f24ef820 |
| SHA256 | a3ebd0b7c406ade667ca8eb9c669e7195c961718f089ad921862215054138135 |
| SHA512 | 377683eacafa0ff3fb40f2e41cb30767caa436d5bce0b70c06599d27b5b60cb84e1ff78ec1764f41986317b8f780326952d2ef2959db30088133b55abb098ceb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e6abb6a5dc09500f19f39167b7f08b8 |
| SHA1 | a03f3144b2dc90fc479522584a5e053b43deecf2 |
| SHA256 | e88a3537ba2ee0d9b13c81f5340e003505a305e4748aafd9494fc9a935d7f92d |
| SHA512 | 44f7460d3d186d305eae0086e586f865d713c57ace33fb671593ac8c6d843ddef701a37f58f69b829092802f5bbf35b997f390093dd1201474e85744463f8742 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 113d723e86fa0d5cdab34ac3b6f6ba39 |
| SHA1 | a36530f4c4f44d7999c1c24b21819304fe4f8daa |
| SHA256 | e3e13191c4c536ec187a3fc44b6a2dc9c5605bfbc72a5c2a0f647b30c15fba22 |
| SHA512 | 2a7cafbb727831362bfb6432b547ef714ef6b626b2dfb0b1a23e00ab05f1c87a801c86ad6fbb99024fd570483fb4c73c950d2d078d3d3ad27a0d1d87fc5c994a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4d4174ede10bc6181e1344dbb227210b |
| SHA1 | bd40f7e5560fd0ab3e7de249508a6e802ec5fa8b |
| SHA256 | dfd4c96efd90dcf50e4b8e33fc075b86997a65455d347e29e36426656a7baf61 |
| SHA512 | 51eaa135988c30d85f149bb740b2124d9cdf5aa7608e7a31846028e9b3c4337c0db363c2062c420541dbd65cb698f98db304ccc31312cfc551d263c9bf815f2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | db6f1dfc95e2a35bdf2411d6e7dd5bf0 |
| SHA1 | 85a58770faca58687927fcfdacdc48a3180acfb5 |
| SHA256 | a989b6be82854f89a42c21d52b335f65e279660c8f70cab8cba287eed8254227 |
| SHA512 | f6fa89ff1787c8279cf55a66db78d62313e66fc5de794e9bb88eba36b56e77c694dadba5e40a8e6e2e6d24c42b8764c188182f65a39f4c605189165d76489089 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 21f0951728a1c0930ac6f56edfa10f9a |
| SHA1 | 871769fd277f8c55f7cdb16dc6a2abd8be042b23 |
| SHA256 | 391136e73cab5258d42004906762c48b1493f70f239d176c715ac5e3858d4a85 |
| SHA512 | 641d5e65d13ba03716c63c968c05b0c4961df0c996edbc64485afbb8fb6283ff69e216fc1dd708f97554b26dcdd9e8d2fd87d78a7a920f888900e7f26780ee64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6ecb9b309609ceae6d8cab6743bdbe8f |
| SHA1 | 7f4f9405e6acb82a24d2f99f17c7e81dcfd6e5ff |
| SHA256 | f42bf44c68550e270d8803eda57707b2527ca2bb249e7d7fab7aa3f3590cb9a7 |
| SHA512 | e5d7510b80ed77709967948d1ab6b4e7ed0c32e134d947528e256a7846646c3acbd14b8c9d504aeb1df52fbdb3c5fffd0243f9e007186043f038ede48bbfe88e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a8f0c8e0df0f53e3ca13e2d89cee81b8 |
| SHA1 | 241b030e2cc13b2b45484c24036bced83dc9205b |
| SHA256 | cd38f8572d2367249a41b858d1ff53d907417229253644df98c2098ee72a006b |
| SHA512 | 7ceb59e1f98f0cad378bec3fd89125ac6842f16050dc410545ed9546b9d665ae868b3f757d5fe41aa89ff42b27028b19c20fdbe619cc424dbf878dfe930d262e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1c94d86e5ef539d4e9a57a7560d2f8e9 |
| SHA1 | 3df666378372eea6f90a8caca92830a26ebce422 |
| SHA256 | c011b193dffadd9eebb900476885bda68a91e17fb689c4037f7c9f91bac31b14 |
| SHA512 | 478713457d429d3bef10db5bcc0bb9fea6310fd54fefdd15ded59ff2ea3ddee12be9c4a21ad4c3a391c8250f0f7ff8ade3dc16da597f4bc4d811dd437bb2d3ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e278a8eda2b88593099381fee23a1847 |
| SHA1 | 6a91d45fb70063a691bc2b2c4e214ceb9260e6a8 |
| SHA256 | 32f5a255f93d82a264b84fa5f0ea67230a9ff95a8cfec3fdd07999197420cd6b |
| SHA512 | b70b88023649af91b142e824c895b84826073780864878ea4e1901e1ee6bcdba7f5746c65453296bf672df9929d785f6c55638b240689b336b13c6240caa0e22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 39dd935f8eb0907ae827376543de4e59 |
| SHA1 | cd20db3113dea5316a08845acdbb8ef3b670f97e |
| SHA256 | e47361c1eb9cab1318d425b291d47c4345c5d1ca92a6d4988735e8431ab1fbbd |
| SHA512 | 01282988cc2100bbeebc3e6fdba3af56cc38f0782318f0948bf33639a89b036060d5f22d432889d2a29db0d68b1487342d672cd6619970f66127eee61f3dabf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d1c01ecf34a6a4bfce9b00b133454667 |
| SHA1 | 6c9b10705c773c41639b3036e7577405a441ab83 |
| SHA256 | 70d58f3023b9561ad808c19a44f6793154675d9fe528b80102c8290659b6746f |
| SHA512 | 9860bb4b8efbcf96feec110c95495bce34ae43a53315f2a6576e9fd6fc4880b9e3e0376c1ecb9d2cdd89394845479caf055126af7b39ad1572cfef44fcd89d76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8602ea6206aa09a6208ee34e88a25d5e |
| SHA1 | 2c3185c93e5e8793019acecd13a608a51bf29156 |
| SHA256 | 4d37a448c5fc34ecad3798f15786f16bd17890d0e97dc4582b09dab0d92e1afa |
| SHA512 | 49693a28d1fea7fc37e662188e82c77596254fb832270d49b2392bf481742415547751dfbcac7d9eaf72baa2c748a2749e471cf754aca597db951db105e7ab9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 64a84378b6ce48cc5f22b5beb00bed94 |
| SHA1 | ecc1e47f65f1f75ab9f96726bb9b978908bdfd31 |
| SHA256 | 601a8b4fa0e4a08074465527672ab76676b3c92d35ed167887b17cc236740773 |
| SHA512 | d3463198257556553281479282569ab2854e827bce05d36477099362b5f8cc95237e92025d3ab5a6c2a1d6cdf4bc93ed39344a403057c056c39b204cd281cf91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b615884e5700baea0019ed0a1ba7f305 |
| SHA1 | 49b3152891fe4e188cab90b889d03ea19d382ffc |
| SHA256 | 09a479be74c0165fc7696108a318af10e95726d3bc45851eaca4a2e546425aa1 |
| SHA512 | c09204a7d7fe9c2a2482ae1525261433bec0d7a3dd806ab509ab2d5140668c9e04342fbcd1405e213bce3ea41f56d6678d393b09ee55d18697a7a84506e1c70b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 85049cafe382293b3b39429734a00300 |
| SHA1 | e882eb8e8df788131a972a8cc9c4a863d2cccd6b |
| SHA256 | 6846fec84c2a30beab34876c43b778533efff5a7d58a08b943962ecfbe50872c |
| SHA512 | c4c35910eab17626d5bd76919ac0699de387cbb91a2bfd8ac4ddb8b417936894f6aaf670047d685a702ea582129975273e42b788c6d0ffdb6334dbff6f8063cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8b114b6f163234ec2757498f221d4bf4 |
| SHA1 | e79318f85cf2e028b4cc954e340173816badbdc2 |
| SHA256 | c52577e91df5bbfd3518c3e33cfd42644054954b185575c368c2371118672678 |
| SHA512 | 2d4332615c5c213067cdf1dbf21c98db9204fe56aef0b27d9cfb07ba8d290745cfc1e7d12558aa211502de5b704729eee000f5edee855e4bfc4cc5705e2144e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7238c9442bdf45511873359abfb99ac9 |
| SHA1 | a37bf5d1495c2158180ae8e3386dbeb66c26759b |
| SHA256 | f7b5495a2427e8240c86d7ea3a602eb763fc2298f536761d5c2d50b04313fe2c |
| SHA512 | 9fd2bcd7fd07646d0ec4b0499be792b10c9fa45d5914be50b156fb8c4ecdce5ea07c387d3e72a6fa4781c0fef3badb1878bed48349c3289edda54257ab86d7fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eec49f41095ad917dafa9755529a0252 |
| SHA1 | 46ac4348da615b95663380de878258e7df187f7b |
| SHA256 | 0930ac71b51551cf10c80be0212a5b32c44b8d2c440d6b9c493dab93fbdad35c |
| SHA512 | 9476fbb3ebb7f99586896d738c94e5027a6fdc24e340e7b05d2f9f5556a67113d2940014833a45372d13ea7f71171137965c28c9fc8074f4ccc83a11c130d3b6 |