Analysis Overview
Threat Level: Known bad
The file https://github.com/l4tt-byfron/Electron/releases was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Disables RegEdit via registry modification
Loads dropped DLL
Drops desktop.ini file(s)
Suspicious use of NtSetInformationThreadHideFromDebugger
Probable phishing domain
Sets desktop wallpaper using registry
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-12 19:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-12 19:20
Reported
2024-11-12 19:37
Platform
win11-20241023-en
Max time kernel
437s
Max time network
440s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Probable phishing domain
| Description | Indicator | Process | Target |
| HTTP URL | https://cdnwrd2.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8e18f4e178dab8f4 | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\winnt32.exe | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
| File opened for modification | C:\Windows\winnt32.exe | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
| File created | C:\Windows\winnt32.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759137309368308" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "65" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 560031000000000057596c75100057696e646f777300400009000400efbec5522d606c59bc9b2e000000a6050000000001000000000000000000000000000000f45a4100570069006e0064006f0077007300000016000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\TV_TopViewID = "{BDBE736F-34F5-4829-ABE8-B550E65146C4}" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Applications\7z.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\LogicalViewMode = "5" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "7" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000575997731000372d5a6970003c0009000400efbe57599773575997732e000000f09e02000000040000000000000000000000000000009a43c10037002d005a0069007000000014000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Applications\7z.exe\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Applications | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000020000000000000001000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\ZoraraInjectINGAME.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\NoEscape.exe.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\winnt32.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Electron.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Electron-Electron.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/l4tt-byfron/Electron/releases
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff79823cb8,0x7fff79823cc8,0x7fff79823cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1164 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Electron.rar"
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Electron.rar"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Electron.zip\Electron.rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2716 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7624 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_ZoraraInjectINGAME.zip\ZoraraUI.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_ZoraraInjectINGAME.zip\ZoraraUI.exe"
C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe
"C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe"
C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe
"C:\Users\Admin\Downloads\ZoraraInjectINGAME\ZoraraUI.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16165159121687712266,6700196055226829767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff79becc40,0x7fff79becc4c,0x7fff79becc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1832 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2224 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4424 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4732 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4820 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4272,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3460,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4064 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3464,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,7640489911514093811,15410385136088767028,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5220 /prefetch:8
C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe
"C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe"
C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe
"C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe" -burn.unelevated BurnPipe.{F5FCF72D-EADB-4396-8DBA-98B6F2403A49} {CC01FE71-EF58-4DFA-90C8-4D5CA5B11A82} 1596
C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39cb855 /state1:0x41c64e6d
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 2.19.117.138:443 | aefd.nelreports.net | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| IE | 20.190.159.4:443 | login.microsoftonline.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 23.204.237.191:443 | s.bingparachute.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| US | 198.49.23.144:80 | wearedevs.com | tcp |
| US | 198.49.23.144:80 | wearedevs.com | tcp |
| US | 172.67.71.2:443 | wearedevs.net | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| BE | 66.102.1.154:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.179.238:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.179.238:443 | analytics.google.com | udp |
| US | 104.21.75.26:443 | cdnwrd2.com | tcp |
| US | 104.21.75.26:443 | cdnwrd2.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| GB | 2.19.117.138:443 | aefd.nelreports.net | udp |
| GB | 2.19.117.138:443 | aefd.nelreports.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| US | 172.67.173.251:443 | dllinjector.net | tcp |
| AU | 142.250.71.67:443 | csi.gstatic.com | tcp |
| GB | 92.123.128.148:443 | r.bing.com | tcp |
| GB | 92.123.128.148:443 | r.bing.com | tcp |
| GB | 92.123.128.153:443 | r.bing.com | tcp |
| GB | 92.123.128.153:443 | r.bing.com | tcp |
| GB | 92.123.128.153:443 | r.bing.com | tcp |
| GB | 92.123.128.153:443 | r.bing.com | tcp |
| GB | 92.123.128.153:443 | r.bing.com | tcp |
| GB | 92.123.128.153:443 | r.bing.com | tcp |
| GB | 92.123.128.153:443 | r.bing.com | tcp |
| GB | 92.123.128.153:443 | r.bing.com | tcp |
| GB | 92.123.128.153:443 | r.bing.com | tcp |
| US | 20.189.173.26:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.180.3:443 | id.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.180.3:443 | id.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7bed1eca5620a49f52232fd55246d09a |
| SHA1 | e429d9d401099a1917a6fb31ab2cf65fcee22030 |
| SHA256 | 49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e |
| SHA512 | afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8 |
\??\pipe\LOCAL\crashpad_3932_UUYOSZWVYTLVZOSK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5431d6602455a6db6e087223dd47f600 |
| SHA1 | 27255756dfecd4e0afe4f1185e7708a3d07dea6e |
| SHA256 | 7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763 |
| SHA512 | 868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39a5e394984cc7d024d79bfd3f4f84a6 |
| SHA1 | 77c0fb4e5e3c6e2a22709091748358a77263bd78 |
| SHA256 | 81f8015b6740496a89156617604f2e19d5ad551d73be63caae4eeee55e962d88 |
| SHA512 | a1a91079d2477b5e7b18504ad241a204c0ae1c0e3e623749ff248536e025b000af0a8a81a6c489a9d59c1dfd5c0d4b65d3a53c5912684f3e7d9a03b1b0df3388 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4520daf686bf73cb0d6ae150eba0aad |
| SHA1 | d61b9aba4ca4c31bbdf02b423fd8a42f09688217 |
| SHA256 | 96d2206d674c8c16b18a410db045d0c55371066e6f1dd75f39df8310c588c909 |
| SHA512 | 74e8e510104d313ad4e4ed2bc45c7f0a9ee17478fb0dc80139d06863465a9fb9e13523da82d5f497d2760c80201190411b57e8a92bc9558f0af6a800652af6aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4fd3199cb676487f0f4d0be89c079d32 |
| SHA1 | 502f9cc87246b3e5d2f6b117d1bfc8b8418fd5f8 |
| SHA256 | 04265162ee94c57b7e8b988773f185b8034e9a12dccf407541f5dbee0a55af40 |
| SHA512 | fa0fbd9dfc605afaa7e3a3bb545cab18fc46af3ad4ee2754787bdadc721cffec539732771a95f019f8d6f45a66eb235b26bacfe12ec97385b2c46167e5ee307b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b21608e8007d0ad9ca2f5e38aa5971fe |
| SHA1 | f6dd29b46bde9fc419e067c62a96c37d02de91a3 |
| SHA256 | f7a474007fd5990dfeb994bcd8d70a302790157ef1a20c82226a2b82cc05ed82 |
| SHA512 | b25fbda6b2514ef858695f98023eb8a1eb54e97c52eb3667f2ad35ff3d24ab201e3a0b6fe1c0d6107ec5a4f3cf13958e11c3f035270bfb9b91d69f2c2293147b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c4c85e6df843c02999e7925fcef5b560 |
| SHA1 | c5cb1c4f0d1c2120dbe7dc211f3bb45a08e142c6 |
| SHA256 | 98048cb5ee5965cc0631d65fcd9fad1717789e6c2b8f6d8551886b23928f04b1 |
| SHA512 | a943984718072440e96edffe7ed06d7d02b0d3e82c85aa754aaddfc03a03e92699f823802373d01485ce0a4742393e8e2a7e173c36b9fd1e3bbbfc5a53e3d330 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28884cdf72cc2dc523c818d0da6037ec |
| SHA1 | 472a55201eb518c85cf06170b324cd310543f99c |
| SHA256 | f83e86cd001f925c52c2fde8ed1c8f311081da8542e723d1202d29890e3c564e |
| SHA512 | 11dd8a4c504814b5fdf0496103e5bc529a087e9d67408d32d1b4ef0c9aaa4b8ac0e316635bf7afe9c57b488fa72cd55cb1810537e2d2646d24da780fcc353630 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 11dbe55c4f8b839660479e60f487e003 |
| SHA1 | 0ef444b5492e986dc7b97527812bf97221adf2d0 |
| SHA256 | ccfa4d314a456d43ade8853b9ba83755e27b5f2f4e18cb633dcaf08c2bc2cb66 |
| SHA512 | 0546c5380855f3fbcc66c2afca6e3493b53a5b3afd8afe3de2c120a03a13a6040e408a85dec74f7fb752969b33df10718a9b904c0a5f649203b16126631023a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58297c.TMP
| MD5 | 6a5d63977335d244adafadf3409f92fd |
| SHA1 | 287f7d27f6d0a422c219c1463bf2a8154f64280a |
| SHA256 | b1d899024b7670ce705cb26e56c1ca2945617fdcb711562d21aee2454972c1b4 |
| SHA512 | 7563544d0bca32c04b97fad8a7162a5ba2eaa36200ca1c19e21dcfb32df88f822694cba3893c71c06d9d92a09464006f1064e66fee5d0785aace25c1f05d5efa |
C:\Users\Admin\Downloads\Unconfirmed 665337.crdownload
| MD5 | bfd191a3113a5771c09ee16379311bb0 |
| SHA1 | 0155f01c7fec7eb242057426859d32cf47336b42 |
| SHA256 | 0589e2b862392465ef056a9c21a84566ef39bc33c9bed2831c5bbeaf6fd659a6 |
| SHA512 | e7f34854a9e87ce92f2c5a47165bfe1122ebfb2747497759c14fc9fed8b8d3eb0ab1b19a7629355422f2d61ed7087e6aeed446cd74d707c42bae6270264da3a7 |
C:\Users\Admin\Downloads\Electron.rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | bbc122fa000785a01803f27f57d81503 |
| SHA1 | 004dde37f6b3b8685aab6118a02e182485e8ab71 |
| SHA256 | 302ba8f47be6f867e09a9073979c8467ba9f853efc6a779841e5e2966d6f8ed1 |
| SHA512 | 2049fa2725e4b9c2720f8c6eda1fdb17eb870e5a9baf90959e6e871ce7dbb2b8c0932bce8273513b9894b0abd28a492af4e36e1e5a0e32a08970a70a6d9aa56f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cab442b665a8a7c5c2f2ec84fa043b57 |
| SHA1 | e7e48fce2c1e3ffb90864c7aaaa4601b5e6c747c |
| SHA256 | 6f98bcc06dfe368f977d2df95ba8098f2a5d6ede031c10de2ca9838e595cf7a8 |
| SHA512 | a5c2abf23fe190bd3b502bf0cd42e422bc7bfca909b3dd4ec370e80b877d74e8ddf87bd531eb3b4ce7c96348ac9139944ce674fc72b669a2bcd229a57790af67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4b566dcf21db10eb5f3177954f40868b |
| SHA1 | 0196ec48a00064a5324ec2e5fee6f1d906cf1723 |
| SHA256 | 836e808b0ef429791f588bd96f2e205ae9ad494f279b88e48d99bea86d53c072 |
| SHA512 | 93da34e1aab370880a505af35d75f2fdf739ebc4bd75a8ae199ad56ee44e55056dda1f304c55583eaa692ed0760120562a0fe6a769519f09da9e99f096fa3406 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 486f305a90a456ee245f58c283ed7075 |
| SHA1 | ffb22f995cbc936b3a8ad34ff3e0ac0d94b02d51 |
| SHA256 | 94157b6388a91a38407aad2ffe09238b41eede735416fd6c208bc0af6d1a8b03 |
| SHA512 | 65146c487ab665d5a3b588b414d51d75977eb72dbf268bffbfa1bed4ef5d47e7219b8b4cfebaf721eb9aafb15fcccf2811e9bb4d9e206fc59b7592fe03dfb8d4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | f0d162284257c129c8706e9c77d013ff |
| SHA1 | 76c16d321db97690835ab2884731998a4dd94e71 |
| SHA256 | 156180a67811570afedc74616ed140935ce5b83f2b0ee6954288ca235a29efff |
| SHA512 | b370c0e3b99405e8bdf55349b651fd6ed5ef8a9017f5caec4270f927f0c268e190a5fa6c7581278a6eb5569ad024dd5a97cd313d6dee26b879096492a759a1e0 |
C:\Users\Admin\Downloads\Electron-Electron.zip:Zone.Identifier
| MD5 | cdb4b02a979d09cc4d17ca3977884345 |
| SHA1 | 257b534504b3dfb4d6fa9f9e78e796225af6173e |
| SHA256 | 0238928f8b65fae2d6b7b37d950934a111f5ac1295ef3e7d16599618706f3f96 |
| SHA512 | 0f9b117f3a7fad262772b22580fdb0d96dbb4bac6781d3aa917790c1f50f3de792bc21b2281b2ba11c9e8f074f770a18d3048e0c852be06b1e01453e80a905a8 |
C:\Users\Admin\Downloads\Electron-Electron.zip
| MD5 | c1c8c99188c951e2263b6f6c109859cb |
| SHA1 | e6c2cca4589bdb4df530a3070b744eeecf7abd02 |
| SHA256 | 22173a9103bbed7c135b66e48cb94374334e2c0933c64e98291b2f6a474f47d8 |
| SHA512 | eda949d07fa2d4e67e05f607bab5140ca1fde96b8ad811a852820b4416e331a6133acfb60658255712e85221930968020735c2c80cac243fea38e24021aafefd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 2e483f4ada85421f9155bf624bef991e |
| SHA1 | 27c66927e8f5e44e580d899d6d430b3849bbb582 |
| SHA256 | 7310a516e33d821e85596ec8980a61a7ffe7ead50ef5f81a0e58375125780f03 |
| SHA512 | 034856b122a9984176975ca1df74b769a3d97f8c85788a7080ee06c1cf5cbefaa7a9f7e6af5f119ffa7b49bed1d307d961a349cd1d358bf37f82363a8bc4d60f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 823602b569865631965fb1f907ea6a0b |
| SHA1 | c4fbfe7cf134ba542301dd08a7ac1a241727485f |
| SHA256 | 434f5d9e84e8d64c2609998a51700fefe44cdd9a4202af5f3ed57bc3078b643f |
| SHA512 | 93314451bf6e8ed5bcf85fbf806bf04e717003fb954b5547f7e7362312a4cb0578fe6a2ec64b6d722b5c3a856ac65d47b9cc8ab81b2850ddbb259f5aee2cd6a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | befffe1567a34f380e60f7a3bf0f68ac |
| SHA1 | 47e86a226b9bb9ee32f6f3b5d444a528f1ad27fd |
| SHA256 | c16ac4921126924dfdd5343bdbf21261fe2c48c940ed3a1610fa22dde5e7339a |
| SHA512 | 70f3e36459acc5ec819e5ac0c65b985e2477c6a9fab059d8c75b3e83c5ce830b8ff5368a98169b5e95fa67262625551b8a67d955d53d769055f5b8e2ca8a0763 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 63aee37228e83765974c84a4ad602d4c |
| SHA1 | 51a7fa050a90d6437096658ec33eb8ea0585c76f |
| SHA256 | 6fc000893c09d715751801cc2d66eecb37b06b1d18ad2fe558054be672738adb |
| SHA512 | dda2e3158ab307bb9bee819c61af8063c582bbb190d6b4ce12b84e13e5a987ff48ad6274bbacd95e2f8f4921011ce3897c304dd4c78bb02708046a53233ee6f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be984dc7a8a077bab0e6992012a3ea09 |
| SHA1 | 93e6fa16b6803d2e6a096673d5a4b1f91df0e18d |
| SHA256 | cc1dce4795186c22309979667ca8ce41029d680fc371e37a64cd209c9355d328 |
| SHA512 | 165a025e4d43c4f4695587fc427aec668aca11223232e570dd4d2287dd0369a5c65992a7c44f38b27ffef7c8ffc188da22c29bc64fefef5a226e961619fd29e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7e50cb8dd8bf278113bac046c75f224 |
| SHA1 | 07eb6d55f0a1f21f9ebf6086a45cb39cb2079626 |
| SHA256 | fefa0c3893ea53f2d5e55d4ff965f4b49c33544131b4ddc615e302b02f8556f4 |
| SHA512 | 3bcf5ca8d20e18f472577f239f93e49f04e2063a98a2f27571824035f80ea594cc5decce4b96bc74eede58e386622c6aeee24d255f62cccc9edc29cfa03d12e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9f35b9d39160ee3f76317475a6fd861b |
| SHA1 | 01efed40de71a2afb22a576e467a61e4f76545c3 |
| SHA256 | cc60df0e284584555917b3a36c1a6133fda9d712983767208d92c775845d2523 |
| SHA512 | d34cb3042321f48f95f2ba32989b341796cfed97c6888c5c94f4172e0231f3f3b05da5010c04b6a71b38c8147279848ba9b645fa5968db82a7d3da2138a999e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2eeb800325d1b73bcef54aba82c57029 |
| SHA1 | 64bab64cc22e654b551f1ddf0a38c02e27f66b02 |
| SHA256 | c9b31fc9628418f875a0fe3d887297193e4f3418cf19236df51a9dbcd849eeda |
| SHA512 | bc98413435b0591bc672c15c8ca6e06a6ce674d930b39b24d8ba5a6cb0acc24da844f127ce3fc7072b9f473766d9400b8af75b427debd8db578b55c733325246 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e572939ca683564fc0f94e6601c1402e |
| SHA1 | e5627faa48387d18b8e9ccfca5e494c2fbed39e0 |
| SHA256 | fc760797426ca694dd20da20f67e61f3050732196152c642f7033466576bd40b |
| SHA512 | fe9c49ec6090a9109da4d1165cdb17eb13ae16166ec48764337558c0fb71dfca7e80c3d3ea2079985ec48cd1224de1d73aaa684b7442f7e541ccbd2ad9fe8691 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d1b6486ecfb99145f150bfbf6d56569e |
| SHA1 | 0b83990b2bf1b90974bb1d943fa1ed1368c37ab5 |
| SHA256 | c7bba91ca0247ee9e4fadda218e89fdd0923659e9bfdde4cb01cda075209284f |
| SHA512 | 8d6e9661d6b052696a2a3ba45500bfb22f8c0409ede5cc3a3a3f4ef3101a40e60cf6473ea1af5e07637c0b38ea2be67a84aa6b4043501aedbacd7a13fc0424ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5aef03f7df3e29ded3699318556453e5 |
| SHA1 | 94c1d1e7c128bfaeaac2ff963781c51bfda753c1 |
| SHA256 | b0ec3763988cac4c7a92681c200b4e83e6cae7488a01a395e1f7515561448891 |
| SHA512 | 813ffda8fd8a54cabe76098b9844497dccccc160c245774cbc25f1cb5f83919f8f59e9934af3ae064d73055d3eb62e32232829e6dbf6f60ffad2519a43e2d1cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 5ab90989a408f5b91c9314e459e767b1 |
| SHA1 | 4cde850f3a57a6cc731a5ed7854776cbacce1ec0 |
| SHA256 | 3c5feeb0b4bf0e08cce486b859d251ed829b2b936aa4c73e21992e30dea1d98b |
| SHA512 | 1370ab291a03a0b5a0adc0ff603f45cb539889784911d9b56437def6b2861f50849a42ac12039d388fe15d1e1aab69e9bcbb41c50d2f80236c82939034777e1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | ff8e7d53e6fa7c115fbde3bd92dcfa57 |
| SHA1 | cb7f2e4dedea7651cd516234864a2d0d53ab3354 |
| SHA256 | c9bfdcfebb5b0847a907d577e6d637d6a82d1146bcadafb9a75abf11dc4328c7 |
| SHA512 | 9a1b5180b39e483dc50056db7c532e2645b732a338eba4c8b34e25281e651504703e86ec7ec1cc026837d63f0ee3d0ba1daa33196254cfdf9e915e0179d1f6dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 9a36e47b062c2a7cc98b2c7c60423338 |
| SHA1 | a981b814d5b10e4dc0ab86fff926c960f19d756f |
| SHA256 | cd85f4762e736ff87d7184e4a146149df68c9b646be1841aab202e55ccad499e |
| SHA512 | 8e4f25e2e4af4a3317e94eb97c580008ac622ba7110f3716e09a15647793921912ce57436c31dd48578185b6cd00edb975a49a21d1684420b07cb98c0f2902ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 642a8e4b585010bc604640472b978f17 |
| SHA1 | 26326401f4eec71683ec4708a695d6a3bbc802a3 |
| SHA256 | 31b42821e86f79ab04affa82c51ad3987598c782377d9aa3e2761db31dbe5da8 |
| SHA512 | f2a6a61f92fe6cc30a552437fdd8dc9c4c5a9ce277b278ea71e1f2335a05e713eae6601acb12c2b9e943ac998edc0c7649a69b99bfb9320c987a1508075d7d61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3a05812d4573462315fa6ca1d92984e4 |
| SHA1 | dad8193570554e62e4e4f9291a00da18c7fdea21 |
| SHA256 | c017110a5474937ba8b00fc660d9e03e7954f0afc418a9c2938673d60bc9ba61 |
| SHA512 | a6c145f8e6f18991f09869c85622bcffc4db0ca7965b8fa0aa0014debe6ceee85bbfd9154d3f05d141b6c9a76fed549df9110f59a2724411808db565b5b1b7bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b86a1.TMP
| MD5 | ce80d085bf0fbc03fce58a48374b8c70 |
| SHA1 | e34e78edb7b8349a469fb8267257ef1155a73ff5 |
| SHA256 | b587c245663affc99dd55661b6925206924ad1b15ead69fdebbc2f58ad287e26 |
| SHA512 | c337f1da2fca619bb5fd474dedce64681ae992c4b47b8c7294bce7d6425f966333beb228829e78b212147311a5152c6f89dfaa440f8d7d121cbc5294c88e738f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | d0f5b76f857d8deb4d30bb5b70c645fa |
| SHA1 | 59d8a405f090da0134d914928fe139ab1d2161b5 |
| SHA256 | dfa1550dee1a7c01ba2953a77643b3a8fe5ede30cc8b4b00bf3ded470d4b6cc8 |
| SHA512 | 1de0d3922a24d6b7a1794f4af6fae2342857080f829f6f3f53de7a9e829d8d4484c1006f463a547ed6c7d0cb2fd636ebaf3a7905cffd66e3b6cc6af2c5d2a5b9 |
C:\Users\Admin\Downloads\Unconfirmed 475670.crdownload
| MD5 | 688e0d87ccdccd758d94f5ba1d82af1c |
| SHA1 | 35d2f0c993934129c150eb607191fff63f69007d |
| SHA256 | 197f056b0b1462d6a8d21b87f867a80f84b7136bd01eb9a8b9e78fabbb392879 |
| SHA512 | 5a280b7d8f598b35e6bf3500f1dcce0417b096ff36714abc1560b0feafcdd8f91ed70dc157a624dbc23ca594c7a4ace0d43894f13f39ac2ca2a602981160e048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7748815bad8ce191c197353dba37b974 |
| SHA1 | 2495ef356da60d89f99d3ddf7676eab234d47474 |
| SHA256 | 7cbd54ed90d715846347bc628d8bcba6cd4c08e2e9cb0b462eb32fdd9f2ba893 |
| SHA512 | 575437a6c5e1061ebdd616312fc0fbc2c6838acb0d2522428024ba18a308c091a63941f97c18063094fdaf4dacd1e2be29d9892bdfa1f3335b756ca02d9406d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 696344cfecf4ae2433dce135e029eea6 |
| SHA1 | fdcf843209a3e4d9c833c67c76ecacf1311cd8f5 |
| SHA256 | f2d91edf5e01d44ae27924d509ad20ef8d998387f2296fe42e03380f6ba3fbd8 |
| SHA512 | 9927374bc295e4d87192a9c5bef5134a76f3ee77d4f9de1126ab21dde42fbf21cfee071a2bc5214f0386a01bde503ec9b97b1232ba997d7c29bca9480f7fc8ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f2f7a462343d64f646722d02ee3b5926 |
| SHA1 | 926bcdc756ed0af2a6b7ab7161345266aa0e1577 |
| SHA256 | 32ae7b67f14d09d51cfbc9c3f01cc9c4b10fa4ca52a570e6f07ca3a98e09336a |
| SHA512 | 16b6387e6cf91ab0f57333f4008146ab702d0649e43003f9f53a0754da371570366ed9a91fbae84f322d571265f347bb6afcef12f5f3ddd36e511f6dcfbc787b |
memory/2276-1058-0x00000247F65F0000-0x00000247F65F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ef4c2301f59c00bc377ce23c7074eafa |
| SHA1 | 0c5869ccc62055ad5bcc9cc3f4885469569b6e91 |
| SHA256 | 4d64b4dfec13ccad86aba5865d6153f5088e3a7a417e22371c13975a505a9eb3 |
| SHA512 | f9cc4adcf76bb9db2d6ebc0bf660f58371795d0f0283d48f60721ba0a2df24364886e9603b7cb7129742fc1cae2fb83123cebb93a54f5cce420d5ebcbb9504cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | f71f3447632663712cae791aae4842ab |
| SHA1 | e64de54e6d6a4b8a5a9fd3f8fdb51ce635126faa |
| SHA256 | a0c75b717a8cc64e3304767e7bb51622ee20182441ecf51bb093536d417e2b61 |
| SHA512 | 93db41bb6c71fe99f2a6dba80585ec8f6144535cc021f1598f08281a06a756c6f8a4ddd0f53bff01fe863b9ba46545bb6e6ec2799b65e7bd5d560bf130021c4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 755cd92e5f922f1dff312cd348e37ae4 |
| SHA1 | 03a93a29180f6898929b6dffb48807f020214e45 |
| SHA256 | c1998ab732f4a8c4caefda175ee440506f929467fd5b690a85a78f6fb551e54e |
| SHA512 | 2a7907916e86f11f271e7f85a1a41a16869bcd2c418c730772fb45de8d004607903bb43cee9388bafc742301d4848c4f02f7ba48b50a34db5c3640813adae18a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7e28cf4ef47d1a91ffbafe0501cf68b8 |
| SHA1 | 04a4ffda2991eb74701fd73d83a7ab97fd9e943f |
| SHA256 | 94307769a6bcfeaaf93a5a49c1a852004387dfe3a7009f75314e02e307ef1bb0 |
| SHA512 | f74b6c39c4856efa555ae94ea76780a58c42f4221dddd670ac6efac48d6fd7fbad6bbd07be79e5afacbfdeea0fbf6355e9379aa1df1c2dcf80355c3f14effdb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6afa7e9a7f6e74f015deecbfd04fcc22 |
| SHA1 | 4b5fbe4957906bc3a7096137b45440a86bb83162 |
| SHA256 | 1918b29bbb5e732997592b591fecede6fa125ef519db642af67e6129b250a0d6 |
| SHA512 | 76b2f00f16221d8558a8058bda3459579295b54bed0581e2abedeb5523864a6c2c5a1dd626c0fb47fea1d0dfe7fd03e3e25e53263261fb56ac03d95c68248fe0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8d98a1f533ead5e3bfab8273ba82e101 |
| SHA1 | 014bb1b5aa2031ab031c7d3e6919c186541853fe |
| SHA256 | 93c055e334727411d61809b787d4d12a0268fec366da2fb2f7b17718a224a218 |
| SHA512 | 92adc26b71fef1ff5f2ee2d91547493e39cf4a8c446bba8b5d51abc7671ff49e21efb5b1846d983ebe4a2080d5691921672ea18b848e67f07fb47d47c334daab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6a378a60d7945c1b422440f8c9b9d885 |
| SHA1 | fbd169d9a04ba316b5617e462f26f7cea4a38307 |
| SHA256 | cc198d758984c704b0a90e4c52941ecaa427e901a234ea5eba370a42b5464927 |
| SHA512 | f0418633ecab30b85e1a429955a1f96d27da572326c85449d96c4228af26253afa1e4044331e60a6844b0da0e5ea4db21eeb9d947e884e3ee986b20504322d67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | ac78d223c3e2ec69fc06034362646664 |
| SHA1 | d59f20033a75242167e76ba8be60b598711b54fc |
| SHA256 | d5c81bfa684fd518185c848f0a460849b00d512ed78a2e56f29326d2f9c3bf4d |
| SHA512 | d781ba793d2466cb2d9ceea9bc8974f3a14e84d6c573c7b63a1e743618c90801be18a586ac4fe7e526a194de359f8e89a795a77cc1e61b33d35de3942cfec7d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b3b4114d57d397d43850ab15d4c2d694 |
| SHA1 | 12d12421f8f9d38fdb80ee2efaebc08abce97f8b |
| SHA256 | 41805dd9b4fead90b858a1c03f72cd2e723dc0c76547f0b5658b115c4111b6c0 |
| SHA512 | ecc8e90b14dd918caedd603c9f3b76d190f2a2315b18590be87cd1cb8b2517262591b71b1c1778188679eb87feb2946f19b36ebc7b895cb37647ec802677f7ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 212436c45f7e31d2cb154bd95a8ecf52 |
| SHA1 | b348830c9298b3721b31158e3b29cfce76257448 |
| SHA256 | acd578077c3abe954b5f87fc735a157a4536d2945d7ac49858376a98e50ad4a2 |
| SHA512 | 57362d537f9cd647a70c4f4ca0586aceaf92df033bbcab7640df51d5644a94b38149b8ce7ff762045d4b7c1926749a7ada28ae44a57734c6f2df0ac16222155a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ecafa3d4e3cf6f5f4476019731490eca |
| SHA1 | 748b618751b6a975759c6d55e813427e7f6e5802 |
| SHA256 | 7b8b73c3d0f58b44a68de06245042cb781ebb1829e00891124b36cf9b14f1186 |
| SHA512 | 07441332ff5b372e9fd5510a283484627b58eb2f21ac3f2c47a0e5909cbb00bc35a64df6b932763c2a595c979b55c5b11241efbca699e6fc98f6ebfe5db48a07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 789861745726cd7a8d6d1a8d3e24640e |
| SHA1 | c28ba8e1c1463c6ddfd1a6bcf3cf91c9fa0d8ea1 |
| SHA256 | 08dc6b81f3ba080ca90a8f2ccf7c27f322a9c045c2e936f13d6a579422ccbdf4 |
| SHA512 | cdbc9c3d4f6ae39dfa843c7f2cef35fc57084e61c28951d8e56d43bb95859b4d85a939dc16b50ef1170533ddfd6921e57e36b0776caeeccb8f71d8c7dd8619fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 18a9e10ae509fccecb33cdf2176d37d4 |
| SHA1 | 9176495bd028d0d3e354c7d8a01d49f100a1cb69 |
| SHA256 | e7da06cd581370552f70892b4116e6c26fb57d672c0ab87cb625bbf530a43f0f |
| SHA512 | 5e129dd006a03d35fd5fa11eadfd7c28328131332deaa97d26d36bb2e2d09b277f75c6fda108131977de2f4573c64067880ca058adc6476cfd8a8a7d76c3a611 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d55ad5ec5c80ef4c84967fa4abd6afbf |
| SHA1 | d6174199076dda46ba69c33b021b5fc71c6988ba |
| SHA256 | 08ff2f4ccdfbfda6b6178098dd517cbc28edfec57086ed9005ea03ea9764306d |
| SHA512 | f2ae60927016063b079e736e70275b826837969f329ee6f82755852484168d6d1ac257f75be13add0b15a335b2737b9bdf15ba99600eca7cf805c251002dc9f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c27eb3eab1a7c340c393c7fd53c4a29 |
| SHA1 | 538dd3fe7b3d4545e5750f811e150ca6721bb93f |
| SHA256 | 4ffe5e53103a000027176381c83cd283f24d4c97f30a1aa2b3a9a8d0113c9999 |
| SHA512 | f1fc8ea57fddbbe1544b3b95b2c3aff027654d3f4f185a98db002bd94c160c2114a1be814cd77490e47de2e3d7edf03e2ec6b372780101128bbc7f512c3931f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 91e3bbd81a353169628ccde55c2b5627 |
| SHA1 | 67b584ca18c9ee687a8fba3780fef278a293850d |
| SHA256 | c2010368485e0cd095f81741f97b9a079b3bc8c70e23920ccded41e3f481d570 |
| SHA512 | 3d9cda72f8f9aaf5d7e9d911b37916130d93915b6f2489da224bb4aa08879de9573b900523025aa795b90a055d86a59ec7d28a1430ed7d45ae045e106a089a7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 143bd4541bd4ffde4c81e395fed25b70 |
| SHA1 | 773be2ec3d92c4d67eea0aa8854014e0e9eb6f7b |
| SHA256 | e696e60e8baa9c6765cd4a0d534688b62acfdc91c71aef1317efa1a8a10bedef |
| SHA512 | af79a34b9e05a1a32eaad2d8296cccb1081809a3c6b2394ee74d325efdd4f050dbc8232430c0091cadbebdb5b92d79cd6d462520706936a3cd7cc92598dafd51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8fb14af946f1a3002cd93ea76e43b685 |
| SHA1 | 030a1f36817dbcb1099e9fabd5feae4e918979ea |
| SHA256 | 951b414626cc105d656b3fee7d479cacacb14f67c44e37efdbf724a8cf5e9e47 |
| SHA512 | cf35dac705ff243f4fa36a80c426dd6757fe9879adec40bc2c52ffc925fe92a367248239d54aa964ccab167f705d45a9e599642c20948c33ea6242202fa3c029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b4837f361e8570aa914ab79284bd8e5c |
| SHA1 | 00b1433fda3d5206c1e5f75a29aa0c8d648a4338 |
| SHA256 | fcf8fdc7e0ddaab6452ddf28a21c55a2a592665abea3a51012da3986caa48cbc |
| SHA512 | d15fa8a9e4af26ef0d4db54c37a855b22cebd1e545bf069295e10c02f77e5828054713ff9053cbc26ad48c0d04f4080ba7718e5837985c8b8ecda3c781f0279e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 62867e04378c369d2bc57e7d18e87a13 |
| SHA1 | 674090c4408fcc8997f983844f69c5fc50c7455f |
| SHA256 | 251ac29dfe74de24a1e13e6c5b21109cf91682e2dbe68767f9bdff717ca6cb3c |
| SHA512 | 89526490c41c14991fdde1ba532625e2838a9a79dd48afcf2fdbe3be610dbfd692b2e167c6f1586b02aa380f438a33a3d62c8233028a512b3de4b86b1d28f492 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4963594c358e04cbc687549914785dfa |
| SHA1 | e734759baff780d1dec5624a7bdd63f82dbbef95 |
| SHA256 | 8fe402844dc8d04727475217e12f809a0a237ddc7a2e3bb3e13552b4b3aaee7a |
| SHA512 | 15c6dcbfcb34d31cc4628b4c7e5e926acb935c4b8decb03ea6c0249421c2257b486d58b0f603b20fe8c837db00f0d304bb050d335ea2244bfd3dcc6b3f02e032 |
C:\Users\Admin\Downloads\NoEscape.exe.zip.crdownload
| MD5 | 660708319a500f1865fa9d2fadfa712d |
| SHA1 | b2ae3aef17095ab26410e0f1792a379a4a2966f8 |
| SHA256 | 542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c |
| SHA512 | 18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 64bfe80778c0b14d858deb4019d7fc71 |
| SHA1 | 7ffd49554a14eb1675b42d0729cc85d81786cd9d |
| SHA256 | f95de1f95a8a6998e6572d2c72e7656134f0d15121e5aacacb7432f3a7779e93 |
| SHA512 | 91991d95ad6ddd5cf067672411b6f70ee7958d8d46581927aca6c9c7fc73ed96ffd710a347f1405675970b6046e54233436de3331ef070e23bce425e74f173c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bfc8c82bed7486239d687ca88e762084 |
| SHA1 | 3938bb947682335780042c569efe7f6feb155197 |
| SHA256 | 87458f2980549a1274a21d10965c6f28b40d8a8a3d1f0455a3acc4f2fed167e5 |
| SHA512 | 5b6db529e3f004c6efbd14a138c6daaebec673851fe83dd28eb28b9f13b0bd6749e2ecf470221972ec5ff37ced306c28581c566bb53ed23b6b9a4d3ed18b23a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4f038b4f582f47e6d6c9fe3cdbf1bdd7 |
| SHA1 | f42883fe803eca0f9cca7b10baf571d3a49ec25c |
| SHA256 | 19decd63bbb0797810973dadb95f7e09a4509dd7d5801ae58854758fb3a6c883 |
| SHA512 | bc5c042febec400283b78e8397c9a658dbeb31fd0a31ef78a84e415842106bad3cde27ce595bcb79a3f3c2adb731dd528bdf493e33d9cc62010320fd12958c6a |
C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
memory/1060-1726-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Public\Desktop\⒔⡢ᗬጊ⌶ᒶ♀⚐ᅂᕕᲨ➢ᮟ♂☃ᛩᕖ഼◻܌ᘶ➉ᇯի⺨⣎⣨᠔
| MD5 | e49f0a8effa6380b4518a8064f6d240b |
| SHA1 | ba62ffe370e186b7f980922067ac68613521bd51 |
| SHA256 | 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13 |
| SHA512 | de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d315d96906025c7aaf56fe8daa38769 |
| SHA1 | c3f33996abe25bfd9f2b7e4f1162128e1380b199 |
| SHA256 | febde52ac1715f7199bacd2a8be783a267f3ac0544093cff83f7526669067a09 |
| SHA512 | f9f4896294459b612f16378632d7a4cc92a0a857ca58da5121e33db20bbc6cc5bf72199ba17f5eae3b19999b833714b0e761f1f95c1714cce51e1422b4eca877 |
memory/1060-1912-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cff0cb39166f75df414e30a2951affcf |
| SHA1 | e725cfe7ed7f50ccba75798c26f346dcc6e75a9c |
| SHA256 | a345f5f9c660e14e4df2ecba9d56d51715fe00927db8de38137b3506abca8e8f |
| SHA512 | 99fe7c07a71410fa9a12c77ef6343742050af5892338978728d4d0544c1eb9c37653f4845c81ff6ea626374ea63ca54b8818b963b9150b4ad53a7401e902c338 |