Analysis Overview
Threat Level: Known bad
The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Disables RegEdit via registry modification
Drops desktop.ini file(s)
Sets desktop wallpaper using registry
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Enumerates system info in registry
Modifies registry class
NTFS ADS
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-06-01 12:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-06-01 12:24
Reported
2025-06-01 12:25
Platform
win11-20250502-de
Max time kernel
40s
Max time network
44s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winnt32.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\winnt32.exe | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
| File opened for modification | C:\Windows\winnt32.exe | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "215" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133932543018007891" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-434880884-4028056734-3558218839-1000\{B05CD2C8-2074-460A-BB96-ADF3A1A57D32} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\NoEscape.exe.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\winnt32.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x244,0x248,0x24c,0x240,0x220,0x7ffafceef208,0x7ffafceef214,0x7ffafceef220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=de --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1716,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=2580 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2552,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=2412 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=de --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2132,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=2944 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3484,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=de --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4888,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5028,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=de --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5320,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5512,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5272,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5136,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5168,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=de --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4752,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=de --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=de --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6716,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=6752 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6744,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=de --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7764,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=7776 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=de --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7816,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=7840 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=de --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7816,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=7840 /prefetch:14
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1136
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=de --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6720,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=7916 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5728,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7324,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7884,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=8120 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8112,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=8164 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8148,i,1110501108739830999,4283313579031530850,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:14
C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a27855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 140.82.114.3:443 | github.com | tcp |
| US | 140.82.114.3:443 | github.com | tcp |
| US | 13.107.246.40:443 | api.edgeoffer.microsoft.com | tcp |
| US | 23.219.82.90:443 | copilot.microsoft.com | tcp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 140.82.114.3:443 | github.com | tcp |
| US | 13.107.246.40:443 | api.edgeoffer.microsoft.com | tcp |
| US | 23.219.82.90:443 | copilot.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 140.82.114.3:443 | github.com | tcp |
| US | 140.82.114.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | xpaywalletcdn.azureedge.net | udp |
| US | 8.8.8.8:53 | xpaywalletcdn.azureedge.net | udp |
| US | 13.107.246.40:443 | xpaywalletcdn.azureedge.net | tcp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 140.82.113.5:443 | api.github.com | tcp |
| US | 140.82.113.5:443 | api.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 23.219.82.8:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 23.44.133.21:443 | assets.msn.com | tcp |
| US | 23.44.133.21:443 | assets.msn.com | tcp |
| US | 23.44.133.21:443 | assets.msn.com | tcp |
| US | 23.44.133.21:443 | assets.msn.com | tcp |
| US | 23.219.82.8:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 23.219.82.8:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 23.219.36.110:443 | img-s-msn-com.akamaized.net | tcp |
| US | 150.171.27.10:443 | c.bing.com | tcp |
| US | 23.44.133.21:443 | assets.msn.com | tcp |
| US | 23.219.82.40:443 | www.bing.com | tcp |
| US | 20.110.205.119:443 | c.msn.com | tcp |
| US | 23.219.82.8:443 | www.bing.com | tcp |
| CA | 3.162.3.51:443 | sb.scorecardresearch.com | tcp |
| US | 20.189.173.10:443 | browser.events.data.msn.com | tcp |
| US | 23.219.36.110:443 | img-s-msn-com.akamaized.net | tcp |
| US | 23.219.82.8:443 | www.bing.com | tcp |
| US | 23.219.36.110:443 | img-s-msn-com.akamaized.net | tcp |
| US | 23.219.36.110:443 | img-s-msn-com.akamaized.net | tcp |
| US | 23.219.36.110:443 | img-s-msn-com.akamaized.net | tcp |
| US | 23.219.82.40:443 | www.bing.com | tcp |
| US | 23.219.82.40:443 | www.bing.com | tcp |
| US | 23.219.82.40:443 | www.bing.com | tcp |
| US | 23.219.82.40:443 | www.bing.com | tcp |
| US | 23.219.82.40:443 | www.bing.com | tcp |
| US | 23.219.82.8:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 23.219.82.8:443 | www.bing.com | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 23.44.133.21:443 | assets.msn.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 23.219.36.112:443 | aefd.nelreports.net | tcp |
| US | 23.219.36.112:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 23.219.82.9:443 | th.bing.com | tcp |
| US | 23.219.82.9:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 23.219.82.40:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | cdn.sapphire.microsoftapp.net | udp |
| US | 8.8.8.8:53 | cdn.sapphire.microsoftapp.net | udp |
| US | 13.107.246.40:443 | cdn.sapphire.microsoftapp.net | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| CA | 142.250.69.99:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 23.219.82.8:443 | r.bing.com | udp |
| US | 140.82.113.5:443 | api.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 23.219.36.110:443 | img-s-msn-com.akamaized.net | udp |
| CA | 3.162.3.51:443 | sb.scorecardresearch.com | tcp |
| US | 23.219.82.8:443 | r.bing.com | udp |
| US | 23.44.133.21:443 | assets.msn.com | udp |
| US | 23.44.133.21:443 | assets.msn.com | udp |
| US | 150.171.27.10:443 | c.bing.com | tcp |
| US | 20.110.205.119:443 | c.msn.com | tcp |
| US | 23.219.82.40:443 | r.bing.com | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 150.171.22.12:443 | px.ads.linkedin.com | tcp |
| US | 151.101.65.44:443 | trc.taboola.com | tcp |
| US | 8.8.8.8:53 | m.adnxs.com | udp |
| US | 8.8.8.8:53 | m.adnxs.com | udp |
| US | 68.67.181.248:443 | m.adnxs.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 68.67.160.114:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.40:443 | edge-consumer-static.azureedge.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 19f0820989c9c1cab676e5e174a779ba |
| SHA1 | ae9adfb6943272ff21d847192ec894de79a13ecc |
| SHA256 | afe7562ab21387573a1e151fcd83ecda27e6b53d7f92ca53d710442377248f2a |
| SHA512 | 2f9dd57c3b38f59f8188620f4da3afe6965aa742b3e1d9ad6a2d314be1d6ce2bf3574efca2326407897ccae361f33444a709eb585551951ccd2e635684c6739b |
\??\pipe\crashpad_2076_XDRWCFRYBKZPZNTJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4af5a745b28539744b58a86bd8131eb |
| SHA1 | 1891d8e9b97bab9c8199913b832036224f7abb08 |
| SHA256 | 6cb3dc503cbaec5c7a88e0e53fd658eed40f6867316772ac53a68320f4487c84 |
| SHA512 | 49d4627155f0878aa9760cbdd5e271c2477a665cdc368c57e121c1ce0c0331e61f0353b9034c6201404caefa7d6dcd44760ca609ca7f40eb2946f7f12cf848b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a2afc6a7cff39f593c62c4ed23cb98f2 |
| SHA1 | 8fba056f4a7604cc287982d043ffd0f2a2e44742 |
| SHA256 | ed88faa9755fbea9916bd39f0030bca0820b235e6db235992dec8f33abd5f58f |
| SHA512 | 3fb5fd072119f49bd0f11d621a3eb3bb71ee86a240f6d76f2b7d5041bac616965064e964f07439c931983ef20c81e65e9d52837a21f4735fbbbfd575ed538934 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ea453e8ec7df648b250b9884f5c6abaf |
| SHA1 | 99fd0eda636e1f546ae6f6e1ccaa375f2ab0345a |
| SHA256 | dc314aef5ca4202eb6ec193f7a9bed2a22fc39a9a5b16d7044078894c7a98ae5 |
| SHA512 | 0796c1adfd79c4a89ba349e13cb6dc873ed2d9957ad3120c030286a4afcdece20c595bf668999c37b41e1fbd877d23a78eb348e201044b41cc5b9e3879548633 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 535b2b7b029dbf6a5d94e8e497e92518 |
| SHA1 | daff0d0fbb06e79ef43957ab87135aa0c353e4dc |
| SHA256 | 2cd54acc9dcb59cb3fcf7b9afb3c431056ff11fadad76245114b18c1a502bccc |
| SHA512 | 9c22518f3ea83a7108990fbc8cba6872de7a5d53c818024a64a0f44650df128a2b5de1945603c45d22dcde153b28a7b64966183a7e44993dce7fd480192a2804 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | fdab952a524201a26f266fdf45779968 |
| SHA1 | 8f51d697f678c1570523aafcafb8903b750f2153 |
| SHA256 | b22c6c6baa0ee34f35e70a79b4d5ec34fc848a0406f0cf215074e44f53e8de05 |
| SHA512 | beea6a21e068d79fcc6b48abede2e7c1d81cefde35ea1a1c8070db32a37de06513fdc4e70b5a0d9c0d997a9ab1b65cccdffc47fce33c23185ef8fff669d802cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 9b50024d7c56fe11207f0250415cae79 |
| SHA1 | c5cf3943a25860cc707cf925f68c528edaf05188 |
| SHA256 | 9a11a3da005b3895a4048cec20786debada2339e361389872b3578846b9fd808 |
| SHA512 | 7ed45e2b2b2e92c60c09ffa013b89d2ad57d4281232ecea09edbe2cd4729b3a350ef6be1a62edb2fd7089c04b070f42527a723a9bbc35cde57c5c5c59479e890 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 8d8f222c9643b027ddee10d609eac7e8 |
| SHA1 | 15a1e171cae7cb97f9469dc5304b2d974a3639dc |
| SHA256 | 5f40b093cfcbf17c6d581477f465bbcb005125ea8297bed55ed452681824f93c |
| SHA512 | 5d2da7a9fe698b5076dd6c545e237a4204594f258a57200aba4a502f39aab1719b4252b46c783bab2603dcc6f71053ef0955d0a000f44928e14f260769897338 |
C:\Users\Admin\Downloads\NoEscape.exe.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\Downloads\NoEscape.exe.zip
| MD5 | 660708319a500f1865fa9d2fadfa712d |
| SHA1 | b2ae3aef17095ab26410e0f1792a379a4a2966f8 |
| SHA256 | 542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c |
| SHA512 | 18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\38f0e3b1-e4c1-4929-8f66-ca1b9e3d5a43\index-dir\the-real-index~RFe57d040.TMP
| MD5 | 5b4a251f010c697c755c458fd8e80de9 |
| SHA1 | eefdf1f2e12b22aaf19a1a37fbf61ccf67da81f1 |
| SHA256 | e594f2a0d3e565ecdb88b2eedcafaa8fbc06c7372e94b124d80a15c7f984ab7d |
| SHA512 | 4391279ee51d6f5b768a8847278927343f1fbf1de8a96f534ac47a9a1ca01b754070d3e3d06dbb44bc7926bcfa0768cebff11c4b9e008107c160daf774097f0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\38f0e3b1-e4c1-4929-8f66-ca1b9e3d5a43\index-dir\the-real-index
| MD5 | 51102c0fed6d2a871388a4137d9adbd5 |
| SHA1 | 762d4488f4b971aaf54da6e859e404b1cb92a927 |
| SHA256 | 452aa61954a89f3192b9b0c87bb16f1f97eced1b369558b434f9a8914d4ad647 |
| SHA512 | bf234afb70941cdfe2de18574f034e8703a58ce49fe688abf69082b083d177cf846545b3ba0ea103550cfa9fe3bf7bedd08b254982d7899fbe7a89e18a8b7940 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a393777afb66cd4710134d1472543aa4 |
| SHA1 | 659e6183feb09b6f04dacc10e4210b5f3a3a7ff8 |
| SHA256 | ce0c053fe2ecb583a90632273d00e15be477c2f933aafe19efe478edaeb4126f |
| SHA512 | fc3558ced2dd2fa02693d55678638fec4b2e9f859a435d7ef7f23313a7472823644491a5a9e47a9ad2cdc4813916225256827bb21f6c56eb8354bc5e44c6a081 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | ad8794f7fd5b362defd0703701deccd7 |
| SHA1 | 0a72879a46651d2e75e5af1a4322bc939226b87e |
| SHA256 | 01f9764649fb539730f9b1d39f11854da97c4b6e28bd305002e18ee106f2a171 |
| SHA512 | 509012427caa2c10ecaaf97f0e9a0b3b8588396b5d81769261f496399e5c2fdd402a4065969317f414a345911649b5f663d51b99e9f42da83ebac6d24f8aa2a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069
| MD5 | bd929e1b131c20289bc152ed817eebe1 |
| SHA1 | 2fb3b3cff0ce9b7eb0a9bbb398040647aac7c764 |
| SHA256 | 67013116698cf73be78acff4a37970855cb3980b57f43fda436bd3748eaf81a8 |
| SHA512 | 508e4bfcdba4de17c44579d459b92ef29d25b66b593e016723c98739e6b9b011e0674bffbecd7cf6427174fb1bade2eeb0c7b6d65cf4f11e9201d39de41585c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067
| MD5 | 657bd9b29babb07a279765be3f5e3296 |
| SHA1 | 4ce9ef80f57831bf3f9a776e4b86d8717388709e |
| SHA256 | d9bcd368dc139e513e35c2bd32c1a60e8e650d4c5a4dfc379359a9d9357fa276 |
| SHA512 | fed84c228050fa65b7bad0e109579ff98676c275fcf2cea433c6e21274b7da7b78791cad067451a3ad6ad5d50d89117b86028f84957443f7f5d4013714b30df8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066
| MD5 | db59c0de5aed8cbd1e58fe46fbc484a6 |
| SHA1 | e566b780f7f260f2023074dc00f4f2dc90425d0d |
| SHA256 | ceb95d02805feecb2beac1818602542bf04251819bbb5ee6b48f16d2a96045de |
| SHA512 | f993b6199ce5794eec155b543b75d70e839c7a8419ebe11df9b68c4125fe9068df4dd01c0a67ef8856a8b3ba13276a8f0a4914db8195aedaa9d0326fb91eb4f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065
| MD5 | 6997fcb39fe7781b738ca7f61524ff18 |
| SHA1 | 438e41ff8c55a92b59e1191ccee44a2eccaf811d |
| SHA256 | 619a26750446f311c5c46d9cc74353bedf634e6446bd4b3b9f9d65fb87286c21 |
| SHA512 | 204bd2eaf82516ee5940e5c97c8e54744a14c7d102d00a20ddb55fbbe42bb59e628d9838e41007ba88f6d621829edfeea7d04b7aabf7e1caa6b712e8e48e5f81 |
memory/432-1250-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | d31968dab293836b3c0ff6e242641612 |
| SHA1 | 58ff559515387fd94f145726cd1c18af54293187 |
| SHA256 | 6ee10fbd43567643c4006fbbf1004ea2230b363df82857db4d13a5fd86819a83 |
| SHA512 | 5872242472b5241a2e2c3edf8ce60ad3ccf09e1ce5a362f198f1d0cf148b6460a2dc62d4b1c07aeda94bc01e2f4e841485ae614a35ccb08f292e77878d9fff46 |
C:\Users\Public\Desktop\ẇඓ᳟₹⨹⮗ສஉ▗␃ֻ⡑┸Ⱂᳬ۔⿎᳝ᕸ⊙⌊ᝩ
| MD5 | e49f0a8effa6380b4518a8064f6d240b |
| SHA1 | ba62ffe370e186b7f980922067ac68613521bd51 |
| SHA256 | 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13 |
| SHA512 | de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4 |
memory/432-1453-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 4b9b9d99f5c67d45bc438b0d27eb1a6c |
| SHA1 | 42758ddeede98b376be1131f176b8986063ab5ed |
| SHA256 | 962ac8f75c98a92401a6390946f2acafd777ef7dcae1ac89d9d2c20354e4aeda |
| SHA512 | 09db29d7af6cd710ca8f467118c9ffdad5407191a8a4825a520470c6850e5b64f45631f00e31b82b15ceb92ac60686af2f8e953497467ed34b5728cf2bd7f11f |