Malware Analysis Report

2024-10-24 21:48

Sample ID 240520-ant7lsaf73
Target https://cdn.discordapp.com/attachments/1241109389448843375/1241110933938376765/NoEscape.exe.zip?ex=66490221&is=6647b0a1&hm=7c765be4561d6ca0eb800bd6418056bd63a11ab6c76a9239cbbfa78d51c9949a&
Tags
macro macro_on_action
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://cdn.discordapp.com/attachments/1241109389448843375/1241110933938376765/NoEscape.exe.zip?ex=66490221&is=6647b0a1&hm=7c765be4561d6ca0eb800bd6418056bd63a11ab6c76a9239cbbfa78d51c9949a& was found to be: Likely malicious.

Malicious Activity Summary

macro macro_on_action

Office macro that triggers on suspicious action

Legitimate hosting services abused for malware hosting/C2

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Checks processor information in registry

Enumerates system info in registry

NTFS ADS

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-20 00:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-20 00:21

Reported

2024-05-20 00:27

Platform

win11-20240426-en

Max time kernel

299s

Max time network

306s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1241109389448843375/1241110933938376765/NoEscape.exe.zip?ex=66490221&is=6647b0a1&hm=7c765be4561d6ca0eb800bd6418056bd63a11ab6c76a9239cbbfa78d51c9949a&

Signatures

Office macro that triggers on suspicious action

macro macro_on_action
Description Indicator Process Target
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{6CB61F7B-EF39-45A8-A1FB-3FB4DFEC865E} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\metrofax.doc:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Temp\{03794230-46A8-4B12-9851-F4D9F0E4B158}\8tr.exe:Zone.Identifier C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3464 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3464 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1241109389448843375/1241110933938376765/NoEscape.exe.zip?ex=66490221&is=6647b0a1&hm=7c765be4561d6ca0eb800bd6418056bd63a11ab6c76a9239cbbfa78d51c9949a&

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe782b3cb8,0x7ffe782b3cc8,0x7ffe782b3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6820 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,6374691443921448912,18415938191726075470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1

Network

Country Destination Domain Proto
US 162.159.130.233:443 cdn.discordapp.com tcp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
NL 40.126.32.68:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
FR 52.109.68.129:443 roaming.officeapps.live.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
NL 2.18.121.196:443 aefd.nelreports.net tcp
NL 2.18.121.196:443 aefd.nelreports.net udp
NL 23.62.61.162:443 metadata.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 2.18.121.71:443 binaries.templates.cdn.office.net tcp
NL 23.62.61.97:443 www.bing.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 104.18.33.97:443 api.opensea.io tcp
US 104.18.33.97:443 api.opensea.io tcp
US 2.18.190.80:80 apps.identrust.com tcp
US 8.8.8.8:53 i.seadn.io udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 172.64.154.159:443 static.opensea.io tcp
US 172.64.150.217:443 openseauserdata.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 3.162.20.22:443 i.seadn.io tcp
GB 3.162.20.22:443 i.seadn.io tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 172.64.154.159:443 static.opensea.io tcp
US 8.8.8.8:53 22.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 34.120.195.249:443 o406206.ingest.sentry.io tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.18.33.97:443 static.opensea.io tcp
US 172.64.154.51:443 api.moonpay.com tcp
US 54.69.199.187:443 api2.amplitude.com tcp
US 204.79.197.237:443 bat.bing.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 34.120.195.249:443 o406206.ingest.sentry.io udp
US 104.18.33.97:443 static.opensea.io tcp
US 104.18.21.237:443 auth.privy.io tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 104.18.33.97:443 static.opensea.io tcp
BE 108.177.15.154:443 stats.g.doubleclick.net tcp
BE 108.177.15.154:443 stats.g.doubleclick.net tcp
US 3.233.152.252:443 csp-report.browser-intake-datadoghq.com tcp
US 104.18.21.237:443 auth.privy.io tcp
US 3.233.152.252:443 csp-report.browser-intake-datadoghq.com tcp
US 104.18.21.237:443 auth.privy.io tcp
GB 3.162.20.79:443 raw.seadn.io tcp
US 104.18.37.8:443 www.walletlink.org tcp
DE 3.66.52.205:443 relay.walletconnect.com tcp
US 8.8.8.8:53 205.52.66.3.in-addr.arpa udp
DE 52.57.114.123:443 verify.walletconnect.com tcp
US 104.18.26.46:443 explorer-api.walletconnect.com tcp
US 8.8.8.8:53 verify.walletconnect.org udp
DE 52.57.114.123:443 verify.walletconnect.org tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.200.59:443 storage.googleapis.com tcp
NL 2.18.121.196:443 aefd.nelreports.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34d22039bc7833a3a27231b8eb834f70
SHA1 79c4290a2894b0e973d3c4b297fad74ef45607bb
SHA256 402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6
SHA512 c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

\??\pipe\LOCAL\crashpad_3464_BBUOSGWRGCFPSKGE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 046d49efac191159051a8b2dea884f79
SHA1 d0cf8dc3bc6a23bf2395940cefcaad1565234a3a
SHA256 00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7
SHA512 46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8b55d59b99a1acd53c9996986398f94
SHA1 d75a039d51794624eea1c062e6b799a16a0c318b
SHA256 8fc47e8ad9b960dcdb0fcdd02b458c3da209470f738d991d6e42e882e3fcaec0
SHA512 521eefd7e78a0e1b39e8098ef59679bde95dfd026e301182fafb051f4d7c82006b67de51f70d59e31a9c4be9aedd72781cd6e8fefb5914feafe48bc0f680bccb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1926915ae2168b56b7879f3170d9a0c8
SHA1 429233e1b88f211721bff5758b47e991343570a7
SHA256 02e3235b001def10ff86ed839365a62289d986f2df6a4b519653bd4c92728cca
SHA512 312fee83edeef9f30b3f935e3dd0f7afd883603409abe962715992ba798eec9b4e26c24bcb5d46095ce1288118ebd723c2c36e6628a489f3feaa1f847554bfd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 54ea0df539ee5ff24b586be6ca319a12
SHA1 5d5138551a7d8ec05a239d8b89a71891b337a5c4
SHA256 694118c12ffd04dbab7d8a014c0abb5cadd0cfccacc7029d1100ae4a4709506a
SHA512 3660db7d50241a9ae9a4083b5ad52972aad9aa7fbccab1e0e240c2371b6f3dee2172fd31acfdbf6d1571c10bdb034bb6af4d483113a43438fa7a6b498227b4d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 395699fc7fc3283d3bade75dbffa446e
SHA1 c9474c5a587fbd3a25c0992f1dfe7946e3b7abba
SHA256 a184c8951b524d5a22d7bca69a0d775523e8c095d158f80ac4415d87d17acd1c
SHA512 70749ca5fc0cc5b9b85d13ecde89ffffbc1af7b36a650be842ff303b0ed0ef49e8d9f3edb91324d42462446b882b2558abff235f42e300226e491432196ba8fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 aac57f6f587f163486628b8860aa3637
SHA1 b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA256 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA512 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 2004fddf8dabaf3ab5709db7ffe1437a
SHA1 5320ba67472de1929e69494496e7f1281f5797eb
SHA256 d32d2c2c4ab40edf9f4258f96e287cbc7bf590637f378dfb783c6dda39c3d401
SHA512 bcfb4a1d364c4025df386e69e65e20794286a2e5e5b644c2fdccbe52070ea579e06b67682387dcde4dc0cfce9ffa54ce19dc19c76d67ce2ab09ab223c506cf9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 153d9573f0f824b040ac13793d95e406
SHA1 f8a73c205962012c4fa5b93ccbc77d7b1be3b5d8
SHA256 c70c12b65715e837682baf0eea8ff99a7531d9036b0b5a9d640def85df92d016
SHA512 5e0f64f8d333be4fff5b869952fe18f3189d6af97bfce10aad8acae96153b790108351083f1b80c40d76cebdca35e5d7e0f3371c588a02c74e6ea0055a3d2b20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ff1e7f9a46853f93eff88ce1aa98e0a
SHA1 e0468cbc80b9103a8e40b98c7f448cc336b2827c
SHA256 7066e31c73bd003f09665bb30cf0615c5478204811f0b81f5f06ffc7baebf87e
SHA512 f540bb3e4e00b64ade9e2ae4f14f97ef1864337bc53e561a18e2f2597f70ad6853c8c4d840c3ac62f08cfefd124625b5a596e1d714994fe9c571efdde6d383d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c91c.TMP

MD5 f31436a0597081e7fdfd8afed57b2ea3
SHA1 12d70add34399011a9d4aa968907f964d3845a1d
SHA256 9eb1c3927201f30803b3795fa19bb422cd183b2a8c2634c3c1fdab584f2450e8
SHA512 c72a8bdfcd39e80617f586a8a3787478d94fe94c6667b3dfc4ac71c0c7a5a593717d5bfd2eef27cfb043208be95d71830ec0860a14f0462a9637e1812aeee92f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 562ef8adc5278916a58bb7324af1749a
SHA1 542041eb2b5ccc94656ad3210f1d0f23e95d4e0b
SHA256 4a206fce9a520bae2675b6da5e776a04b7cb78f112d893be9d33cbe63c5de886
SHA512 627ee8152a5289266e3b8165bf247608d0d3492027785c5ba03cadf6ebc3827f19a197eedc4f002404741b93241e4a2072978e33d87567da17b588721b6b9f9d

C:\Users\Admin\Downloads\metrofax.doc

MD5 28e855032f83adbd2d8499af6d2d0e22
SHA1 6b590325e2e465d9762fa5d1877846667268558a
SHA256 b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e
SHA512 e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34

C:\Users\Admin\Downloads\metrofax.doc:Zone.Identifier

MD5 a10e4fdae1afe986f06734d531d70c9f
SHA1 77af05afc723ea8fa055b4ceeeb66561c3730aa5
SHA256 96c810b47cd4da12574414e8885c5057c805e6cbf6f13bf3bc25d23fff154355
SHA512 fe18b92ad6096ad94cfe866b76f8bf3d5d8ccc8f32322f86bb2be50491eef5bb628a5bab060d98a3743ead58837ea1a3aa996b72efa13bd1583297a64f465f9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8510ee834249433549e5e2841695b1f6
SHA1 3af0ad569b3547426091ce5aa11a1e42fd06f791
SHA256 945f6486dbecbb5bc932959806659abcf2ed07e7fb884ee5f40d03fc2a162f5c
SHA512 4867bac132e7b8ef2a92c4258ca9e9c12c2e42c10603102554a65932dcf35d41e31dc5e232cecb9dc23be7854fd6e9d0b73134882ef66568e3571ce2938c2ee1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b814be03a47ebb74cb28601507eff70
SHA1 a9c196e6f29bae830ada96565b6ebe154036a80e
SHA256 21212e6c7b8f07e1d298382e478f742136640730dbc5a7384845ea808a2ef14b
SHA512 4cae58cd9832b5fdd41b980df3c9b606d2a35ff8edc97165c9d75b77c84cb285f8670ba9cdd4491b0366281dccfe3ec0e0a8c862c96f800daa2cdb2e6570d9dc

memory/2940-568-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp

memory/2940-567-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp

memory/2940-566-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp

memory/2940-569-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp

memory/2940-570-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp

memory/2940-571-0x00007FFE41510000-0x00007FFE41520000-memory.dmp

memory/2940-572-0x00007FFE41510000-0x00007FFE41520000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 74635f6e5554ebd726fdca0c002dbee2
SHA1 278e66625144f9d89050b0bedb482a68855b97d4
SHA256 483e814b8f7ff4423f67f93987147b151908e1eef88479b67d4c7c69e5444424
SHA512 bb5dfc5a78b97bd7a5bc0bfe1083b1f03b5592543abf9ce00a7a36c84fb540ddfb1c8ec8994f7e6eabc30b6de896414d171d7eb3c0735ee9708093162fd17f34

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\90FF6E76.emf

MD5 0ed5bc16545d23c325d756013579a697
SHA1 dcdde3196414a743177131d7d906cb67315d88e7
SHA256 3e430584cd9774ea3b21d8e19b485b48212fe356776158dd5f3c5f63a5bde7d3
SHA512 c93072d11058fa50e3b09ff4da9f3dbe2637c2b5df05e616bd8ddd04557ea1e8b0db106b1545fad334619118c467776f81cf97ca52d3f2fcbbe007f30032b8af

C:\Users\Admin\AppData\Local\Temp\vbhja.rtf

MD5 2a52375808c4b3438deb2e017e295f5b
SHA1 6a821a67c267b46563fb8bc18bfdf0846791b98a
SHA256 04ee5e43e76e01559b2c6cc19d059622aa89963c4845942644818374fff18611
SHA512 03a12e76912cb8b35d869523e4d9545cd4a1e5cff4d53e2f10f0f94d69652b4c43100206c8ccda98de0d0474fe49b33a79777465c2d01b822fe01482dcdba523

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c2f88215dc983057e62e2f09be854815
SHA1 6ed1fbeecf1dad5fd59b90998ed0beda7665fa83
SHA256 f66d3ca15bddc4427bfd7dbfe615e7e3f27506f85fcbca5f432b94542762f735
SHA512 f844353b4217ff57d7993e674c3dbe3b7ac3c7b9f648b5eac738a0da35b43f483276403e654e04c52b7c71ddb52ff3577b954ff9f4ea20161f3bf72eb574c190

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4821691c0732568b276f593eabdd1c2d
SHA1 929ed114ee3c71a41cdbb63aa2b9f4eed29ea4e3
SHA256 e54372128f4ac6fef2740e9b0cc07f104c5fe6d4059eab94130132287fb3c910
SHA512 aa36d45b96086bf1845e1a5ad7dd0a264b7f4ae9438dcb40556f8de96e7781f7202a84f3d48ff15a980d8691e0d7119693c49b31ea5cc34c3b03b809613eb0c0

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\94602B49-6972-4E7E-B78D-D81C81E154E6

MD5 68cc36f2ac02e520c286959bd0248b02
SHA1 a42105ef19436e3ab5141311b8a5ec677a2895c3
SHA256 f2d034648be58f737586a5656ff64ad608c721a9022313f1bec45ca31aeee544
SHA512 fb9aa061b85351a1b431d54d7a2649b94d0607a4287f2d73db6171747dcf3502b8363d8434e3beb802dbf7ff3534281c048933f27ebe9b3b73ee059e6dbe9c3e

C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

MD5 c1bfa7afa12ff6bedfbd03469c94984b
SHA1 892ce09069a30e3356f9f4ef676d8c5fa8c24054
SHA256 e561672c9daf38a23fda75972d9995deec5215e99c562eabbfb9f23bca31433c
SHA512 32d8abdd467db9eb4abc357d1fe093dbe810afc189240f354c3d64d91ae7dfb3bbe136af71f98534421b3d4440246a3a6c5fcf2b86811714c3cb80f6b0be7a4e

C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

MD5 35148c4ffe7f00e6f840602a7c23a4d8
SHA1 cdc82b094b3bc0a6ec3b8a43c18e3b0cdd65caf9
SHA256 87f772ffef4c72b4fc2ad33c2ba323661fff93063089728f8f65f501a07163b6
SHA512 497d796c1767e89134cb54b21e197eb31ba78351c3f0f86dd753978f967348b6453a903dc4f8ee27605d137f3c4227661e73485f688a89f655460c7da543de98

memory/2940-730-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp

memory/2940-731-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp

memory/2940-728-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp

memory/2940-729-0x00007FFE440B0000-0x00007FFE440C0000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 06dcbd58744f04194e9539c3b5d9d27f
SHA1 fcfe1c6e17de2200b346bf252dca02f9a4202ee4
SHA256 c39e7de26badc307d396e81725442901aba72d948ad68d3b7e280c232b4976f5
SHA512 51ff3ef89cbf78ab2080eb5fc970ad10874a2e664ab4e020d5e80418df9d57d10eaa61f0be09a709855e2f0f05ba1ec1ed65dd441299da1e1bbafbb6adb4169c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 cad32f8a3fc43781a09e27182a2787b5
SHA1 57202f4130990e4c120f4bbafe43a8622b45b5cc
SHA256 1484f37b083ae153097c2497787fe08c38e49e4cfa6d4b4c94b40553f791caa8
SHA512 ab3754c063fc3a7b1d4541e20f21f05f0862049f35436d393e9bcbf5bd9b77e25f77ac57cc38bee6df46c643e4920f6d0d5549bfa7ba30e971fa46718d59aebf

C:\Users\Admin\AppData\Local\Temp\TCD5BD2.tmp\sist02.xsl

MD5 f883b260a8d67082ea895c14bf56dd56
SHA1 7954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256 ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512 d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3886c6e8ef69b784dbb7cb967a476701
SHA1 7a81aa5f21498af2b405bd8ab96cf7bcd3752a9a
SHA256 1ac47e56f071254f780e06bbe0e21cd19733a9c2b4e2746326e517ec79c6756b
SHA512 d347f35786c078e8916f1f2e39143ca7aaf8c0832bf4a11c85dca25d95e6ef9bf431539e4f4599dd03ec80a4f08c0a4f56c50a76f00ebe0369b8bddd1f0180f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ea52c767e3275ad635423f1bf9a38498
SHA1 69652fc5d52cb0fad8527a715489d8d986b676a3
SHA256 0286aa809ab7e4bd96151ecff94019d7aedf68a29ac66bbb6aeaa7791aa74db5
SHA512 7084ae143fc21d921cc3a9d0319cf08d15da06a5cc013f9189711b31544059fa4093e6c876d1f2fa2e924cc5d16780b99c89d0586edba92fb0f6fb794478e6dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 990dc2cb3958f27023a2625ab36c0071
SHA1 2f6f66d8901e90c67bcea778bb1515e59c7ea319
SHA256 3f54a4d9c567d9ac183953bd90e65972dee0e60eed78becce46207344b89e5ab
SHA512 bfe4ff7ff44a7594b4570c9f3b7086e2b5d775e62f2de4a36fc921c4672dd05ac450bcca1b40b313cb597ae0de5b082984376eaca8f351ceb46bfd4bed114d81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 cf989be758e8dab43e0a5bc0798c71e0
SHA1 97537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256 beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512 f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 3cd0f2f60ab620c7be0c2c3dbf2cda97
SHA1 47fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA256 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512 ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c1be097885d0f451a18735a4631b36d
SHA1 3de7d21b1f0292dc620919e8978a771391ab8f99
SHA256 d0046ed57dec9cbe3244b364c11027a683da5e33350f74c0cda7b5e695e9073a
SHA512 435f3c1fedf5ba30a17122324085e794eabe62465522726c41f118a0f3b1d0e97fa6d6e734e7f3c9a4d353b21f28671ea7b4c73c92b7b64ea87f2edf9e073394

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b99ab3e63e0cb2fb4870fa44e5541828
SHA1 c6a55f90e4d2382677b890b4082d6a483cd2f580
SHA256 b4e05837fc03e51f3fe78d01a831f488d47488d408d6961ccef4b56940f1a286
SHA512 542735ccda32fcd4cb08cbf366ac9f0b5d97b0aad6e0559a6dac745a5778ce51910b9519b2b699dcefe2b6117d4b78f65a675967b92ec9ded2dea87750cfa915

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 0f3de113dc536643a187f641efae47f4
SHA1 729e48891d13fb7581697f5fee8175f60519615e
SHA256 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA512 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7ada277de030373df66dcac76689a7d2
SHA1 3406efd2be4f70b355428927f79adbcf88438910
SHA256 55672160d59fad8957a1f023e4771a021e9bfb51a4bec9c60ace08f949f651d9
SHA512 1b973fd90403b0ddd87616f72965a0a422f3f714398697d99d640f23846b48c15f909ca62b89bd9428779bc1caa31bc9145e759d6ac60acadf329dfcc9b9a1e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dcd6ea737854d416f0ce5912fddd88f8
SHA1 2ccdc1e32db5b62a8d6e2effe16b18b208c0b4cc
SHA256 19791059ecb23aa9bc02c8c5318c51f69d29b1505100f7dba13dca49934fa596
SHA512 2ea449911910273aafa7af25dbe7862a95e5a2ce2cc1fb271c773982249a9739442fde4b349cac29e3d9ef3b30b97e285786e2a9039af2e68469534556747b16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c42858b0aecb0ecd9235cb4b1ec997ab
SHA1 c1e0a34f880281a01a0b85410722e7d23205f409
SHA256 9c9d9128c6fc4d2b4b13a9a72b76790715f29730fa821353b179e4b9f12ceaaf
SHA512 89887058d3588c98e9497fbc9b1fc7027c29458e903daba101b370f2abf12c713fe06910010e65b20ff391c282aca1f5bc3e4004c222826897139fa16d5de585

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 25ad047180626221a3006b1c2ce8ec00
SHA1 19750260d64a18050cc5dbc730daa70f95ff3527
SHA256 43ed9bcc65258493f76ca992bf14da022a0e38dbca660972074a6f27318924ee
SHA512 3c0616d64b53005f49cb8ae896d94942c5865d5705c04ddab16bc2b7355b258576b65151c63c0b2afdba4a6af96874a45be14a9c4ea4148183069b556b0bc846

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ebf0b3ccfd7c386f820a307cebf853e8
SHA1 8c65b4d8e9bbfafc352ae6f8b59f86c16f475fe2
SHA256 d59e225a3948d0e3cefc9d39c187bba3fc8a302e5996ae0a164f91ae68fbfd9d
SHA512 e9de53a05821758765265d374707131715ba8a79bab007496e377c3f57e72b2a71aa72fc526516493b6a49b0406cafce16d5899606fd284887bc17050ced853d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bde848c3de5dbe0fe428935de9439729
SHA1 35c7b31de1726ae91bb294107c731cc5f24ef820
SHA256 a3ebd0b7c406ade667ca8eb9c669e7195c961718f089ad921862215054138135
SHA512 377683eacafa0ff3fb40f2e41cb30767caa436d5bce0b70c06599d27b5b60cb84e1ff78ec1764f41986317b8f780326952d2ef2959db30088133b55abb098ceb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e6abb6a5dc09500f19f39167b7f08b8
SHA1 a03f3144b2dc90fc479522584a5e053b43deecf2
SHA256 e88a3537ba2ee0d9b13c81f5340e003505a305e4748aafd9494fc9a935d7f92d
SHA512 44f7460d3d186d305eae0086e586f865d713c57ace33fb671593ac8c6d843ddef701a37f58f69b829092802f5bbf35b997f390093dd1201474e85744463f8742

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 113d723e86fa0d5cdab34ac3b6f6ba39
SHA1 a36530f4c4f44d7999c1c24b21819304fe4f8daa
SHA256 e3e13191c4c536ec187a3fc44b6a2dc9c5605bfbc72a5c2a0f647b30c15fba22
SHA512 2a7cafbb727831362bfb6432b547ef714ef6b626b2dfb0b1a23e00ab05f1c87a801c86ad6fbb99024fd570483fb4c73c950d2d078d3d3ad27a0d1d87fc5c994a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4d4174ede10bc6181e1344dbb227210b
SHA1 bd40f7e5560fd0ab3e7de249508a6e802ec5fa8b
SHA256 dfd4c96efd90dcf50e4b8e33fc075b86997a65455d347e29e36426656a7baf61
SHA512 51eaa135988c30d85f149bb740b2124d9cdf5aa7608e7a31846028e9b3c4337c0db363c2062c420541dbd65cb698f98db304ccc31312cfc551d263c9bf815f2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 db6f1dfc95e2a35bdf2411d6e7dd5bf0
SHA1 85a58770faca58687927fcfdacdc48a3180acfb5
SHA256 a989b6be82854f89a42c21d52b335f65e279660c8f70cab8cba287eed8254227
SHA512 f6fa89ff1787c8279cf55a66db78d62313e66fc5de794e9bb88eba36b56e77c694dadba5e40a8e6e2e6d24c42b8764c188182f65a39f4c605189165d76489089

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 21f0951728a1c0930ac6f56edfa10f9a
SHA1 871769fd277f8c55f7cdb16dc6a2abd8be042b23
SHA256 391136e73cab5258d42004906762c48b1493f70f239d176c715ac5e3858d4a85
SHA512 641d5e65d13ba03716c63c968c05b0c4961df0c996edbc64485afbb8fb6283ff69e216fc1dd708f97554b26dcdd9e8d2fd87d78a7a920f888900e7f26780ee64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6ecb9b309609ceae6d8cab6743bdbe8f
SHA1 7f4f9405e6acb82a24d2f99f17c7e81dcfd6e5ff
SHA256 f42bf44c68550e270d8803eda57707b2527ca2bb249e7d7fab7aa3f3590cb9a7
SHA512 e5d7510b80ed77709967948d1ab6b4e7ed0c32e134d947528e256a7846646c3acbd14b8c9d504aeb1df52fbdb3c5fffd0243f9e007186043f038ede48bbfe88e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a8f0c8e0df0f53e3ca13e2d89cee81b8
SHA1 241b030e2cc13b2b45484c24036bced83dc9205b
SHA256 cd38f8572d2367249a41b858d1ff53d907417229253644df98c2098ee72a006b
SHA512 7ceb59e1f98f0cad378bec3fd89125ac6842f16050dc410545ed9546b9d665ae868b3f757d5fe41aa89ff42b27028b19c20fdbe619cc424dbf878dfe930d262e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1c94d86e5ef539d4e9a57a7560d2f8e9
SHA1 3df666378372eea6f90a8caca92830a26ebce422
SHA256 c011b193dffadd9eebb900476885bda68a91e17fb689c4037f7c9f91bac31b14
SHA512 478713457d429d3bef10db5bcc0bb9fea6310fd54fefdd15ded59ff2ea3ddee12be9c4a21ad4c3a391c8250f0f7ff8ade3dc16da597f4bc4d811dd437bb2d3ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e278a8eda2b88593099381fee23a1847
SHA1 6a91d45fb70063a691bc2b2c4e214ceb9260e6a8
SHA256 32f5a255f93d82a264b84fa5f0ea67230a9ff95a8cfec3fdd07999197420cd6b
SHA512 b70b88023649af91b142e824c895b84826073780864878ea4e1901e1ee6bcdba7f5746c65453296bf672df9929d785f6c55638b240689b336b13c6240caa0e22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 39dd935f8eb0907ae827376543de4e59
SHA1 cd20db3113dea5316a08845acdbb8ef3b670f97e
SHA256 e47361c1eb9cab1318d425b291d47c4345c5d1ca92a6d4988735e8431ab1fbbd
SHA512 01282988cc2100bbeebc3e6fdba3af56cc38f0782318f0948bf33639a89b036060d5f22d432889d2a29db0d68b1487342d672cd6619970f66127eee61f3dabf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d1c01ecf34a6a4bfce9b00b133454667
SHA1 6c9b10705c773c41639b3036e7577405a441ab83
SHA256 70d58f3023b9561ad808c19a44f6793154675d9fe528b80102c8290659b6746f
SHA512 9860bb4b8efbcf96feec110c95495bce34ae43a53315f2a6576e9fd6fc4880b9e3e0376c1ecb9d2cdd89394845479caf055126af7b39ad1572cfef44fcd89d76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8602ea6206aa09a6208ee34e88a25d5e
SHA1 2c3185c93e5e8793019acecd13a608a51bf29156
SHA256 4d37a448c5fc34ecad3798f15786f16bd17890d0e97dc4582b09dab0d92e1afa
SHA512 49693a28d1fea7fc37e662188e82c77596254fb832270d49b2392bf481742415547751dfbcac7d9eaf72baa2c748a2749e471cf754aca597db951db105e7ab9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 64a84378b6ce48cc5f22b5beb00bed94
SHA1 ecc1e47f65f1f75ab9f96726bb9b978908bdfd31
SHA256 601a8b4fa0e4a08074465527672ab76676b3c92d35ed167887b17cc236740773
SHA512 d3463198257556553281479282569ab2854e827bce05d36477099362b5f8cc95237e92025d3ab5a6c2a1d6cdf4bc93ed39344a403057c056c39b204cd281cf91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b615884e5700baea0019ed0a1ba7f305
SHA1 49b3152891fe4e188cab90b889d03ea19d382ffc
SHA256 09a479be74c0165fc7696108a318af10e95726d3bc45851eaca4a2e546425aa1
SHA512 c09204a7d7fe9c2a2482ae1525261433bec0d7a3dd806ab509ab2d5140668c9e04342fbcd1405e213bce3ea41f56d6678d393b09ee55d18697a7a84506e1c70b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 85049cafe382293b3b39429734a00300
SHA1 e882eb8e8df788131a972a8cc9c4a863d2cccd6b
SHA256 6846fec84c2a30beab34876c43b778533efff5a7d58a08b943962ecfbe50872c
SHA512 c4c35910eab17626d5bd76919ac0699de387cbb91a2bfd8ac4ddb8b417936894f6aaf670047d685a702ea582129975273e42b788c6d0ffdb6334dbff6f8063cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8b114b6f163234ec2757498f221d4bf4
SHA1 e79318f85cf2e028b4cc954e340173816badbdc2
SHA256 c52577e91df5bbfd3518c3e33cfd42644054954b185575c368c2371118672678
SHA512 2d4332615c5c213067cdf1dbf21c98db9204fe56aef0b27d9cfb07ba8d290745cfc1e7d12558aa211502de5b704729eee000f5edee855e4bfc4cc5705e2144e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7238c9442bdf45511873359abfb99ac9
SHA1 a37bf5d1495c2158180ae8e3386dbeb66c26759b
SHA256 f7b5495a2427e8240c86d7ea3a602eb763fc2298f536761d5c2d50b04313fe2c
SHA512 9fd2bcd7fd07646d0ec4b0499be792b10c9fa45d5914be50b156fb8c4ecdce5ea07c387d3e72a6fa4781c0fef3badb1878bed48349c3289edda54257ab86d7fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eec49f41095ad917dafa9755529a0252
SHA1 46ac4348da615b95663380de878258e7df187f7b
SHA256 0930ac71b51551cf10c80be0212a5b32c44b8d2c440d6b9c493dab93fbdad35c
SHA512 9476fbb3ebb7f99586896d738c94e5027a6fdc24e340e7b05d2f9f5556a67113d2940014833a45372d13ea7f71171137965c28c9fc8074f4ccc83a11c130d3b6