xworm | hxxps://www[.]upload[.]ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5[.]0[.]rar

Resubmissions

30/12/2024, 20:44

241230-zjcjfazrhy 8

26/11/2024, 18:42

26/11/2024, 18:41

11/04/2024, 09:32

11/04/2024, 09:21

Analysis

max time kernel
695s
max time network
708s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11/04/2024, 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

3.1

full-wet.at.ply.gg:38848

Attributes

Install_directory
%AppData%
install_file
chrome.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000200000002a947-2492.dat	family_xworm
behavioral1/memory/6136-2498-0x0000000000180000-0x0000000000198000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk	svchost.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk	svchost.exe

Executes dropped EXE 4 IoCs

pid	Process
4784	XWorm V3.1.exe
6136	svchost.exe
4776	svchost.exe
3396	svchost.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe"	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
23	camo.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
26	ip-api.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfc009.dat	lodctr.exe
File created	C:\Windows\system32\perfh009.dat	lodctr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4696	schtasks.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\.md	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\md_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\md_auto_file\shell\edit\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\md_auto_file\shell\edit\command\ = "\"C:\\Program Files\\Microsoft Office\\root\\Office16\\Winword.exe\" /n \"%1\""	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\md_auto_file\shell\edit\ = "@C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Office16\\oregres.dll,-1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\.md\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-160263616-143223877-1356318919-1000\{CAA80AB2-8C12-4CD7-995C-6F3442BF1E97}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-160263616-143223877-1356318919-1000\{0ADA48E1-666B-4918-9B25-2751FA2432BA}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\md_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\饻฀谀耢	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\饻฀谀耢\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\md_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\XWorm-5.6-main.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\XWorm-3.1-main.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\XWorm-RAT-V5.6-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
784	Winword.exe
784	Winword.exe
5876	Winword.exe
5876	Winword.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3832	msedge.exe
3832	msedge.exe
2860	msedge.exe
2860	msedge.exe
3676	identity_helper.exe
3676	identity_helper.exe
3232	msedge.exe
3232	msedge.exe
4956	msedge.exe
4956	msedge.exe
2356	msedge.exe
2356	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5576	msedge.exe
5576	msedge.exe
5728	msedge.exe
5728	msedge.exe
860	msedge.exe
860	msedge.exe
1624	identity_helper.exe
1624	identity_helper.exe
3052	msedge.exe
3052	msedge.exe
4816	msedge.exe
4816	msedge.exe
5100	msedge.exe
5100	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
4808	msedge.exe
4808	msedge.exe
3772	powershell.exe
3772	powershell.exe
3772	powershell.exe
3204	powershell.exe
3204	powershell.exe
3204	powershell.exe
3536	powershell.exe
3536	powershell.exe
3536	powershell.exe
6136	svchost.exe
6136	svchost.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe
4784	XWorm V3.1.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
428	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: 33	3956	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3956	AUDIODG.EXE
Token: SeDebugPrivilege	6136	svchost.exe
Token: SeDebugPrivilege	4784	XWorm V3.1.exe
Token: SeDebugPrivilege	3772	powershell.exe
Token: SeDebugPrivilege	3204	powershell.exe
Token: SeDebugPrivilege	3536	powershell.exe
Token: SeDebugPrivilege	6136	svchost.exe
Token: SeDebugPrivilege	4776	svchost.exe
Token: SeDebugPrivilege	3396	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
5576	msedge.exe
4784	XWorm V3.1.exe

Suspicious use of SetWindowsHookEx 41 IoCs

pid	Process
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
428	OpenWith.exe
784	Winword.exe
784	Winword.exe
784	Winword.exe
784	Winword.exe
784	Winword.exe
784	Winword.exe
784	Winword.exe
784	Winword.exe
784	Winword.exe
784	Winword.exe
3860	MiniSearchHost.exe
5876	Winword.exe
5876	Winword.exe
5876	Winword.exe
5876	Winword.exe
5876	Winword.exe
5876	Winword.exe
6136	svchost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 640	2860	msedge.exe	80
PID 2860 wrote to memory of 640	2860	msedge.exe	80
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 4736	2860	msedge.exe	81
PID 2860 wrote to memory of 3832	2860	msedge.exe	82
PID 2860 wrote to memory of 3832	2860	msedge.exe	82
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83
PID 2860 wrote to memory of 3552	2860	msedge.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9ae873cb8,0x7ff9ae873cc8,0x7ff9ae873cd8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7224 /prefetch:8
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7564 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3624 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
  2⤵
  PID:500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9088 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17066697358746446030,11907003687110003876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8656 /prefetch:1
  2⤵
  PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1916

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:428
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-RAT-V5.6-main.zip\XWorm-RAT-V5.6-main\README.md"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:784

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000440 0x000000000000047C
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9ae873cb8,0x7ff9ae873cc8,0x7ff9ae873cd8
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3644 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3888 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7208 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,8370755117658110547,11018402345054139495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:72

C:\Program Files\Microsoft Office\root\Office16\Winword.exe
"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-5.6-main.zip\XWorm-5.6-main\README.md"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5876

C:\Users\Admin\Downloads\XWorm-3.1-main\XWorm-3.1-main\XWorm V3.1.exe
"C:\Users\Admin\Downloads\XWorm-3.1-main\XWorm-3.1-main\XWorm V3.1.exe"
1⤵
PID:3832
- C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe
  "C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  PID:4784
- C:\Users\Admin\AppData\Roaming\svchost.exe
  "C:\Users\Admin\AppData\Roaming\svchost.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:6136
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3772
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3204
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3536
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\svchost.exe"
    3⤵
    - Creates scheduled task(s)
    PID:4696

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3068

C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4776

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\XWorm-3.1-main\XWorm-3.1-main\Readme.txt
1⤵
PID:3384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\XWorm-3.1-main\XWorm-3.1-main\Fixer.bat" "
1⤵
PID:4228
- C:\Windows\system32\lodctr.exe
  lodctr /r
  2⤵
  - Drops file in System32 directory
  PID:4232

C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c48e8b68231fb5b2d7f1188b930bc0e

SHA1
1822aef5da8fdd47626fb91afcf79a2be175a325

SHA256
c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944

SHA512
2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d2fdd24509dfbb3dbd21e3424e148bf

SHA1
ceead58e505a2d6eb4c035678ca3aff809620738

SHA256
87b19ffd387db2c3be7ed1b76977768ee47e9e0b431c0f513ca135519c5c18dc

SHA512
50a0779226a457802480415ee3ae78c389d09b142572f0811bae315a7b01fe091835c2c5f3418867fffbbf5c62cdca718ab1788d0602a2dda4b5e718a1c4b484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
32e3d5b42c306b75a10282a28a11fe14

SHA1
b68dc95f30dab18628a0a71b3c69dc6d07600448

SHA256
965e9eed4aeed799678ccb566806247653d7d237032573be7e286d346e2d003a

SHA512
a66c8d95017f6b89281ee6b3822cca18fa98531cd2ca1872f7c62f573e371ca6375e23cae9d8c873df5194ed615738f6ff6e9e2ed66abb4f07222dd086fd9be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2dc80f5403feb8461b7ffa09890d6a0

SHA1
d5b61e6d672e7e71571e0132e21cead181da8805

SHA256
eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a

SHA512
5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
35KB

MD5
24f393ce9e4272995bf97f9c5994d826

SHA1
ba40a6c32e34cd16b3f5515be2cc6bc6d0f72e8f

SHA256
ee1abc75c48f6614e30a34f942ffdfaf0a20182d8e0b380f10b57888cd0e7f54

SHA512
7351f18c5ecdebab97a0bcbf75dc94aeb67c1cfbcf3382d518c25f63374de11374f422a215d07ae50c7c96f99c6cb8d82d421cd7d6c381e70773f068fe430eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
1.1MB

MD5
d404b61450122b2ad393c3ece0597317

SHA1
d18809185baef8ec6bbbaca300a2fdb4b76a1f56

SHA256
03551254e2231ecd9c7ee816b488ecbde5d899009cd9abbe44351d98fbf2f5fb

SHA512
cb1a2867cc53733dc72cd294d1b549fa571a041d72de0fa4d7d9195bcac9f8245c2095e6a6f1ece0e55279fa26337cdcc82d4c269e1dd186cbbd2b974e2d6a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
44KB

MD5
a9ed0f3a37bc313d7df62e595ca1ce2d

SHA1
3cd166ea5f37f3f645ebf7ee064057f7cd013eef

SHA256
3a44f7be6fcf889e508b789374c0fe29344dc6fa7a25348083888f7c98f0c57a

SHA512
6631523a8bd34ec39c69b2361c2192abfa998bea86d8690f0f5d25124b1ea4cbbef0e1d406b0afeffa5be537b9c75154fe7710c80650d9885ba81a444a30a5ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
49KB

MD5
e1f8c1a199ca38a7811716335fb94d43

SHA1
e35ea248cba54eb9830c06268004848400461164

SHA256
78f0f79cdd0e79a9fba9b367697255425b78da4364dc522bc59a3ce65fe95a6c

SHA512
12310f32ee77701c1e3491325a843d938c792f42bfdbbc599fe4b2f6703f5fe6588fbcd58a6a2d519050fc9ef53619e2e35dfadcbda4b218df8a912a59a5381a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
21KB

MD5
939b17598242605d4cda089e4c40e52a

SHA1
cb7e96bbb89879ab97002ef7764e868d8536fdbd

SHA256
14d0a9ba41b036d7702963b2f0048a670f138372fbc3644ec4f009cd3184e041

SHA512
d62140ff22453508964a7fc40602adc68b2ceea883eb7e77206a84569b2cb6ffad4b0796371ca28ce1a7110adf58786b374854d5fb1dc53a42588d61c79143e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
65KB

MD5
0f8092bcce67b0b6b4a308c8887cf0ed

SHA1
a12fd75c93ef65aa7d0b6140bd515334e384beff

SHA256
c410d812fc6eeb6e0f02c719f2d26fe81b0b9d931a3aa29838ca1c29ad43413a

SHA512
435c6bfd39ddfdcc47c80d396eaa557843083d00223f576e4de3dfde9ebd64c507678ffb994ad0d9c18b17a0b9edf69238f3976554ffd0118c3ab7c9190917af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
151KB

MD5
da800376add972af643bd5ff723c99a5

SHA1
44fe56009c6740ec7e25e33e83a169acff4c6b6c

SHA256
bf252b560c9cc78dfa63abe0ae5caa03b83e99b1ca5fae3c9515483c57aaae3f

SHA512
292819ce339d4546d478fc0aca22ae63f4b7231f6a0aca3fbe1069d53ad09e1e3c936205cdbeb53bbedbfcbc33f3b6077f84364a150f7627f87ac091de08952d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
23KB

MD5
efe81e4daef615b00dbe73ce495ca572

SHA1
efa6284b26573a32770851c3ccfc54de3d6642d2

SHA256
8a2115d91ed4df1f74c0bff1d7800c6c776fed3addf7e6ce4637a1bd0c9f81be

SHA512
a561f8475dc2ec744dad499bfdb45b5c113a216d93c3873321e9fbbf22dfdde932af4dedd5819f4f4e0c8bd614efb77e68825561aaf05ec69c19df6eb7271b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
23KB

MD5
8afc0b779211c04de66abb7d3a425b6e

SHA1
cfa3994bff79c945aa3552852aa75801f7029782

SHA256
74fd2a65c888063313021b081707991510bfa53e9869626a05c2f4610e006daa

SHA512
9a9c44507d3810789fb4dc3332d327666f05ae67f8a5fa5d91c8e3d03e91801bf0be550d226824167419d26649d65e684cf41fd0bcca7dcdebf85d518faa211e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
21KB

MD5
e1bcbcbff08ad26b8ccc9c0a82c5b703

SHA1
de44d9ba23492404a7663ace05f82147af193268

SHA256
8701fd45aabbacc8605d62ec6f64ea910c1bb844b0975f2e78f6e795a122a1d7

SHA512
f4a011fb066bebe222213462e2fc691ff109da417e1f1909ad16c6a561cb09fc0fdf9a1991d2b748b304701d6b04c903958212c83dd67f890f891f22ea194406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
28KB

MD5
ec07ec9529f1e042a96e04f891d81a3d

SHA1
f987ee512dc69721a8f2994df82b6362f0dc5786

SHA256
d98f9835f3e5f050b96608928fd8fb2bad0c2085342c7ea246277bda6bfff371

SHA512
d79d501e4ceaa15e0c02951453ca657cca0cb5b11372ee2602105ba6dde0032611643b014f919d0fc09dadedc60c4e761eec76e4bacdbf9709e586d3df1f0675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
80KB

MD5
14e39be019da848a73da7658165674cb

SHA1
e016473c4189a8cc3dbff754a48b3e42d68af25a

SHA256
39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd

SHA512
828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
20KB

MD5
9b3d940b2d583cf3242f8658b7c9207d

SHA1
9f3b198c286df98b65b9ea31ba8cbc8b43dd1e95

SHA256
0a3468a56300bbfaa2b55997a24d6af70bb9b2d70b4685f2600d4044f9b31894

SHA512
52d4f933fa1eec3b623d9faf6a10df45a71fa617cf8a1d151cb6c7423537010df3244bc38a68803bf0eb327210470d9f9d494bbb97e98530cfcdeabbeb5b39d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
25KB

MD5
ad8274c9e206dbe7a5d67ee8133976bf

SHA1
49bfa94431fc7edd170ebf8e4f4ad5887eb1aa9b

SHA256
dad2768d56535f7bd25c1bcfaca202b9b8373f53e5cb8a36ebdb82bb2fd406a3

SHA512
a83077cf2edbec5a017a15a0c4e38bd31f04f2ced88ce20e8a7e91afd20bb339909154658f4ad376641aa72c3a5520a03c306554a670eecb28152794f5a0a2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efa986235cc38916_0

Filesize
2KB

MD5
765371095ca8faeec18b0677fa4d532f

SHA1
8f57f76432453d0b842ce256ce7ec665b4aa0e34

SHA256
a14ddf5f9ac1d2c458a23a5bd047fdf8011c1e87aa28f298dcec54edbb26e1a8

SHA512
949fd40c9ca20c713e25592f94db7f6763cfb4b5fda2e07d102f5f569e15ba7bf18b166a8e1a884668c979867b25af9b82f97fe33cda6809c470ab961a5ad566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fd0b3fb171188d84_0

Filesize
9KB

MD5
7cb8600597d9dd21dbccb4627c3d8582

SHA1
168f6aedd3fde293a7c701ac44ac201470b271a8

SHA256
cd4d4099b87902ba15811116c65dfb4f8c6ce2beb57b76d9519c8cf1696831b2

SHA512
537353c4f4d56e9e6fe12f486dcfb3dd9a7bec8fe03b8f64aa7fc6e737c906d15b4ad0fe850dde3ad8ede1a354a1f963345b21d602851989e2f081aa0de5eb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
144ade2e9c2a969a97bf36e239e8fbd5

SHA1
44454aecb9b8aad9523a48d5f92d57cd92936d12

SHA256
359457e80516c98e02f057d41c89a2f2b94f4f934e2d3fd7c57511ccc670b830

SHA512
2c736a68a499e1a4f718e25cc31ea14c0bea9cda4d3e6c25f87971826eda47e82d234b0592904e3fe716cb26e0831865fcddf5bf61d18ccaa460effb3a208f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
58ed0b9948413819d790531e2074383a

SHA1
697faa30f58482b7d00dfcae49226b933132dc4d

SHA256
e4a28c5c7acb5acedc031e915203e9b2eebb8ea2b9dbd5f4ee4c606e4f20f445

SHA512
51602fc3194d5ae17ca0aacefd8386325a89b3a9d8ced0ac34fc32c3ed1a686ba406104b1998d0e14200d9ea4a03f3a64a80a29bedf19cd5e3589ec787ce81cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
501090b0c246f3639680c99fd9ef9d73

SHA1
eec4b6da73d99e0d8ce76ebfe37e0b429d84b538

SHA256
b997583f5cff4662368af1bfc246ae979b433f58b44977925cacdd3cdff9ee33

SHA512
096197f7c5ba6cc2fe859d4ef98a7464aa728dad9f2e3633a15ef8e83b79e2fca0407e40eb57cfaf50b84ad264b5d684d7488a49c4379c00227d5d4c1cc40066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
05731d8373d7f09b64523c21b2ec4c0d

SHA1
e779339535732e038a6f7bb20df9b725e98a06b3

SHA256
0c902a587c93a7bfdd1392176c9a33cad04fb135a6514b4efc804ff49affd042

SHA512
366ee551d4676c2197d7331bd18682a5ff73991f787c959d80831c41e1e17c978fb104bbd7fb16a233bb0960163c218a530e31915705b7cf46da0983c4be6fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ea461584820012249d51e7ecfb116447

SHA1
cc49c25332099caeebe8c99acebd29a8cec5aa58

SHA256
037eddd29ef6b1453bfbc089536f8630680157d1a5fc237d521b3bc12d70a00c

SHA512
304c482c46e8864fa9cd6f130587e1a755bbd499df63b64387ceabdb37107afa2c0b2e2e05c8d6517c228e247203d5827adef20d39f317f002ea7943a4a8ce86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f1a3affbe0fcde9a9e7c65de2b4b3799

SHA1
3c4e85d4990343eae15ddc293fddd6aa62f4b322

SHA256
27eaf24020a9fe3e973acd2d7421206665efb31c2655bfce16b1098e40152a19

SHA512
dcd3481f76035482de313a762cbf7cdcb1e56656308e56db08ca57b795489758156e8eee78b42b146307da04f95ddcd5e8372b69010e93d2a7780c20478f5e3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cb2b7fca447db9abc20c0fbc41312299

SHA1
b9f6fe57e34d8fc0fc5530471ce8047419ad65cc

SHA256
ec48ca7c44bfc8dd3cfc5b967928cf92beaf767f2478bf0a882a4840e128bafd

SHA512
1dddb7c9b5f3bd6725239db342a8eb70eab3539b25746bfb5b05b4d24d95599fd881b5619f5d24fa87615693fdb426b4c84c0c8b2f1c3a87d6d083fdb7b05404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c28bec83f68523bb611741d5de241515

SHA1
b6ce51b3c71b366c0041632bc90dd55dfe9a1925

SHA256
dd2410090f85ed01efda7d712d84c43629cf22a1f74940ea8874e3f373e1034c

SHA512
42f8105450ce67b20da734ff19b8b5c23ba8f9241d531750e622ddddcaa8ff190b125e5330238a803643362df95a83039292e893320d762ff5625ea65110edee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c0c183cea4052a194b1f9d7be6e4fe73

SHA1
7e64286e95ea1761d1d84d7e2663375aed46e542

SHA256
a8e87134413316744b87cf3bfe1cc02641c8bd7d74f5f9ad5fdb72f1e005033c

SHA512
ab91d3f0ddda28ef17404523c6b72f8a568425f017c0687ff59f9f46a3239cd30073148498cbc24dc60b10019e11f72caef871bed7edb97274f2d4ea33f52a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
bc20843caad772a375f73f20da6b25ba

SHA1
1982306b74ba52b23c7c042549c6cb2ba02b727a

SHA256
448fb033d25037fb37d7c818937f7499ec3e010bc4d083a7d66c0ed0f08b86c3

SHA512
54c72cf4e59ca827bfe2d36d9e5e35dc0795ea23e9392ebc6b60c89e386a87bbe85ac26c23b0f8c04703530f4a213bf032f615b2e4b133079955be703012ae52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c4ec81b0935e3831e0c1f9f43dd337f1

SHA1
6caf65bac802325905ff133f7b8ed7284e6f4fc8

SHA256
69030a9285b635521b7a92a875c7179f89bc471a0c6e0d97106c3d20863ab68f

SHA512
43732b937e1b11c300b76e2be320514b9e6b62c21ee34be80e4f6fde2623b542eee6a78c03ba98522d37b0f8ecdc6ab47dac428d3d305c542f8dfa29a67c14b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d48339259ce5f0231d7fa1bfee6b7cf1

SHA1
702ef38a3116963aa4b833a96399b98efa4bc932

SHA256
595b05ad02b0390d9cbc5c60ddfe936a108315c8260de668d36522e12dd99e22

SHA512
a45b05779dba599545ae9b3029820013c12645207933debb11281fc4fe92f73ddcbd3bf2792d2d6d52cd3b3792e3b2e4ba035594f4493a5c32c8cbcc8dde002c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
bf3844ba759e36981cebc756c4176015

SHA1
db3f1ab6398a1d3763bccbe6b124ed25eddb91a6

SHA256
957cc8baf7005960bebff33e7e167e692b58a8e73304f902e65de974f17d739c

SHA512
dc9bcd683641e88d1fae4e20a87f91bee1cf1732aa86f3d6eb5d675042866942245f9c2e3c99337e0940d052059cee515852ffbac1830bb63288a697d6a08ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d81a4013945593ba6cee4ef5c8f86d2a

SHA1
5fb980f70a3611163885214901d8d6f3d1bdf24a

SHA256
c2d53fbb25291ee3d95813da727d1586a1caf1d557c3dadfe9263b7458a39f3d

SHA512
1e96abcf493fbf258716c1169def6afc031de4342a7bca2238e4ba88311577d564a6c2808da656d7ce91ff566e8f9443c999db2d206dc026a11997615d5fe974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
43b260e996c390c263a523ff058a42fd

SHA1
6f603eeb13cdd174a20f67d6e07a6e60d614023f

SHA256
297ea65058221fbd90056af69e24dd8ff183ad4b5b01ca1959f8fa02672217db

SHA512
bf360baba0d6f48835b6c2bbce1b355d583dafdddfabc9844d29c7276c47b72d59867f2fc60abd47be61b5dcb0062afb1f9bc12dc4f64a25fc2409f07d489ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ccba9ce4980ed18f8ff6fc4d3c1b1b38

SHA1
ecc8bb1170baaf397bf1e79e7693512f39f41aeb

SHA256
e8e9e2b785a2fa4f55fea9360069c592198f67f4d74389f00f918575860dabea

SHA512
20c213dd858f55227d531ef649951d01f45cd48aa18f502cb21c916dbb8dc0303ab15031976b280014187acb857e2d6f3c766a73401b2289771093563e2c31a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
72be9ce5bcc3f9fd7f2b9b1f81c86540

SHA1
9786b80461451384f714373ee0486fd52f0e40b1

SHA256
ca6710c05f1b1610f9b17dc377de0998d709f8d5d9700a5332f3ce07fa274096

SHA512
dc85758ccfd9f7fc0a16d19baee7b589a5d67698ead34a24a23f9a026602c573c83a22e85458b8a5c064aee7735625a9e4458d5821a5c87cd066ba136e1106b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4a6c0be392b800d8369470361740d3d3

SHA1
73ca709a88e2a6313854817ff5ca0e3d386e2d63

SHA256
7eaf3b1c225d7d00dda24491a7c9a62f121a68b0c7fa4688effa3890145bd993

SHA512
bf0e49189577f45499624bbb79fb97961bc523b862d59d037434d1f8c585a25485b89fa9ca6e15ff9e3e5252e77a0d5018f9e27a5f085777a7c7ceec01b5fc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e333eb3b24e10e86037ac60d31899fcf

SHA1
ae0fb84906dd620124a7df21212c2bfd21af2889

SHA256
a6a6676294a95122330b22aab5b5b21212fa607d3c1ec77d23f4e1a534208e31

SHA512
9314ea7020295af7658d2392980e577d79d9406280ae852643887a145eb9c4d517d22ad912faa6de2596ea52166e20d5aba744e451e564f78b7495780b6c7435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c2d5022e273d3abed72ca1b5faf66cfa

SHA1
3356b0148ac31f0c4718cf215e8a2f65b44ca45b

SHA256
527e0e2a49a38d7b95dfe567fd67a4b58aa24e77e0ea29c49a6aa82a470ef23c

SHA512
b697181abd15af25d719f868ec3cf95e6bd6f3db96550c6e5d12196698c3c4fc2eb7509fa3fe9833b0e79d5b7e0a93b5b0d7a614f6d140ea46a45e0f8c9502b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
acf9a205205578e95b3ca2c7e87adea2

SHA1
34baf9e215fa3f19d77f6bd4a3ec2c064c243f43

SHA256
ea6049ef7882d6d3a9dc3ccd3aa40a53d6f6d762c963a6270813bea148394235

SHA512
0e6d767a5eebdcb5bbe395f738de0543686ddc3178b32df4a612c6589befe1a4a76708f2a89ac3a952f0d74e4b35effaf1becc9a931b3d031a837dd6726e9588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8d87db7e0491cac5d7779dc8d2972132

SHA1
3fe31adaa3e6d4295cd6dc07dd1ce32b8f9769d0

SHA256
fd342dc4de7833ffa1638eb91b69384652aa9973f7584e5bf3b31767d1086b8a

SHA512
221dfacd9e2f7866caf6894edbf365ca81e36110a967fb12616b166788cb767cc90621ecd36a2e6357f25d189d153ab2dfcace69d4e01b0b4d5524637f6eeeb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c8d39c5b6da6092b7fe346fda4cc6c8f

SHA1
05cc0a7daa2200087b99d6d0d27be5bccd571208

SHA256
8fee605c9c0b5c8b83b717716ea60b28da2e4b60a75c18813c2eafb66b3961da

SHA512
b5adc491707d7fc796943b3dfd44460f2d4a9215fefd663c8a5f1256f99acd22bb2a894ac41c692e3bba411bcd67643f3bade7c3db5e9a91c36bc5886e2a8e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e88c65889d88595ff7bc6e02f95ce62a

SHA1
47c44a707cb6165c92edf45a61223c535747f794

SHA256
b78d8806e2de3b0b3ef85ad7dd2acd688cefafc96db057845ce57178d41be935

SHA512
7759b7ce1a6a0d6ea64f41d81bcbbddf473a26489709f62d302bdce674f524b6aaeddd1a910048ff9d717e91710db9df302a5803e19b4f9b6a13d95a141422a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6e0c99235fc8c7aa5f1edb03ccc287a2

SHA1
39bb9f8bd635a479d1b8a38d5585f88b4a7a6de0

SHA256
86063ebbf71021d4004a4207269306dfc0a7080b76393c06a1a872b256c0c9fd

SHA512
9530d1f3f07003b437c45130b0455c9de46fbb6a4378ff71b67c8f6373b485ffbde2940947e71e8e303433e002326177fbadcb18c956d6161ad5075281501ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5ccd2c03254ea236dd87d965fbb40d6e

SHA1
737011d554990d1a0197f64df1cbc8c481ad6614

SHA256
e07e7cdbdad77111d442debdd9058dda19fdf4c95e923b15df5e22d5642ed634

SHA512
768745ed8c7df178bdf7de6058a4b39c3dae5f358e6619a7fa7ff7120469731929e22b0bcd0aa1b4669ee40175096908e0d713cfcaf340e6b082887355c3f556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
15a1b05157d3b2b8059b50351d89c0aa

SHA1
61ef22e37c0308ba5a3c099dba0cf790a3b02dbf

SHA256
dcfcbc1f9d8637d1673d44b896e86282881b01da87d6ca1bca67651a1e07b2c7

SHA512
2675e294ab1749df82be461e0c19c2b5cf517ac6ef04cde074a587b1d6919f72797230c18b0f250aa8ea8993cea3c9dcdc78fb36b2946fb1ded3487e11f2dfc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
db145bce589ba8050fa280227797d4c5

SHA1
eb1f34967f9d53ca71d0453edf802e5397ef023d

SHA256
0873009a7a75a8eb38eb5e5b10008fc3495fb2ebcea70fd8b5969023cc05c162

SHA512
d73511eed78cf889bc103f2907b860df48001ebe61541afef05c83faaf53ffaa7a39aa285502fdaea5ee3e559291bdb42392717683f26c62f4f24daddc967363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7ff08c7aaed5d010a96b3a10d3e203d6

SHA1
20e778febc321ff7ed6fc8cbae1f9913e102f476

SHA256
3c55a604389b23d897feefbc66bb7f066ce11971af9411a50fbd6ecb5a4ccc35

SHA512
e1b0f21f4ba2fa9539fabb8ef4f6c3921976c6f5c51bfddd3125c0693e52a5426153fb0c42b23b39b6a848f306c0ff7e4edf3597294eaf3c205d3238d023200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1522dd698b4077986a5e862f1f9faf0a

SHA1
a698efe4ef54f08bd53f3d6a5eddc93aa124a214

SHA256
739ec096ca1d8847e1f35a531d2b8e3fcac8cce705dba57df6d092831b6e4672

SHA512
86caac85e83d739f6d83e84c572324ab2e99b94fb28067f0f1d85cec1bfe55cdc1a468c9c650077068bba1fe45f93e9d24dc47dcd3037360738e3332efde52bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fff6419be789f2daea1f4ece445c45ec

SHA1
c8c0b8bc4cba8fbd1da98b8d70d9d38255ee0a12

SHA256
cb270089ce6e799d7f1fe5af58b152cd3d0c6d74553b84191c93b037a1dcba49

SHA512
9fd6a5647b415c5ce6f5bb1b37f70629f1b6a607710c912ac26560a133b893a88b060f82d527d49c64c3ec72baca7627efb6d44c4f5ee495f0f536bdad685e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ca51e533e976f1feb70274b126feb034

SHA1
4f637fc144623cb4f162361b9af677d83b7cea52

SHA256
783346866e2befcef5b0343a7e45bf66063b2d7b5021aa69098c9bfa9bb3d7e9

SHA512
a485c5745ba62fc28c466759d3e76d293d2ce695a24871b1bd5d7f878be711c3feaa6d8dce71640bc9a2725f668d577b4953ad858c5550ebaba0caf449ad3b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4f0abccd0bf8e23975886f756a1118fc

SHA1
4457eb0a5ceb2bc85442ef979c0c6001c05b3a58

SHA256
c3263eca673ce992c7ebbb93c03eb9273c31a6ecade72adcabfa768def1854b7

SHA512
2fada7b20bdca7053e99c93a37a113c503db09295c4f7bbcb33fc56f98a58d6e49ba5ce29380f02d623ffb88f6a1555e3120d7e442fe59b7d75bd6287aa8fc65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ed3d5e7a8d1ed307fd10f657585d59c8

SHA1
15b2cd578335c5f0cd65717f51a4f22bc8017b75

SHA256
015b01c0f4cc43861d3ff29a6ec1164b0c22b099f8b1f88d06f0e1af34de41e4

SHA512
1b8a750fe1997c87cef9c9dae969d0b0c7d889250af10acd7d024bfd96fb37aedec054e59c1201bc14401aef52588d961d86d7d8f3a4a07ec30a07969115c2b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d6b94d1b57cfc00a44081af71a037cf9

SHA1
eb45dfc508f46e7564e3bc652fae2cbfb227df15

SHA256
00d64a458e3cd5ca717cb401b1505ca226ea71c3051fbb7575f740cabbc5fb2e

SHA512
2a0b49f6e34d847d5f02a067f80c9989b36656c4b6d619267282ab02b85b472043115cee7f3b0895440b872560ceddfba9e8f85f8a4ca3ebeddf3c4dd9579aa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6f94fb781d7d2a9fbfce597742db6304

SHA1
04b834d2d0ba2d1c730d904e3526d44c34b707e1

SHA256
425bf4652e42e9f72b688b3c9e8253be1782e835065adc72d640aa4b39b3a42c

SHA512
cc7436cc7eb94c1540011ee9fa090674688ed08b65adb0eb41f22a7521a719f86c1ecc0e2bd2c5d9b358f1bef6bf8257d36dd94f89604764c3ba2aa7e2a89b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eea570a92b5c71db12356a5347087496

SHA1
3ef5e44db08744c5fe86635e967e2bbe9167aa8f

SHA256
9e3550d604b09bde38c2e2c18d4cb6540e9cf802981c592ce87d4d0ec323b0f2

SHA512
7cb897633a57b8bf6c6e7bd2f1a583f5bc7a8a1253fb3076e5fd91b551359e040987aa7e074185730f6aaed96faa20752ba04ed50487ec1070aca0819a9db01a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e417afefc1424207f4b5a3031b9c5625

SHA1
f5e3de0861538b9360c44a9a2b272273264e754d

SHA256
3dda26559a23a46c60d7666bb7d07e65fd7c64d34586e6d4d27dcdcf2f12ec02

SHA512
98c88ff811857af835a8815cc620c1dd8f3cca1e14b22c65403c03e8586c15a81292344496fde25a2870ea5e0414a2bd4a69a147e0d53b62286c5dc4de9557fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e2808.TMP

Filesize
48B

MD5
751c0abae3c782785504c91b2bd59106

SHA1
06e2db499fcaf06c4632e8ec59c86db0331f599f

SHA256
c39a050b90039b414423cb524fe5ee6185c2303d4433a3a2d130b93308c9d695

SHA512
ce5c76e2ac456d83600712c7d58aecde1eb73a99085202be1d8183f012f16eda8c89e8952d3728938c64e482feab2b8e26b5035c865a20647ff43d93a267776a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5b93b0dd872f6a8796ee7059365614cd

SHA1
de646dc76e1aff32e5affab45ee822738cec5de5

SHA256
8d4b448e77e9a38ceec58e63b4cfc4a496249658416a74cb2a70ea774059490f

SHA512
2ec6510f81be9f74d365b6695af790ec4aebff7a5bf84e2940012fd227456bdebe574fe948866930fc99dc01a61c6076c33a050ee70c2a5a95a9ac43f6786254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a6913f9512502a7774f227567025d8d6

SHA1
bb5ae552187cd9160642e17093a72a3c59d18c14

SHA256
0dbe3b692ee5da7b6e71216a42ee85ec99df2b7e39cad12268eedf08ded97af9

SHA512
4480eb3bf89d203dfed8d6ad7310f7accdb4d16e47b7e087f5afa7aea9f557b3b14c333c9b9cba28d956ff30b3fa4ef1f752b709d68f073e10514c9d8f27817c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9485a5e545183ba00c3e49ad1dcca5e5

SHA1
97db64e918aa93a7d9731c14bfb1add1908d457b

SHA256
24dfd4811c50400451d854997934657f1e1b1d0fdd9fe7acce09811c20d35e5a

SHA512
e36e901fc4b63d74d3190e1f9aebba1bf11142ec744ea0460cf081f5b805ba68f862a657f15192fe83e21cd819dba2bca617597c5162de5519d1a22b4a30749d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
40a193a71544ec7af7031b78e2c81570

SHA1
b2442381689b800a6f80888b5896be98f73c1d6f

SHA256
dffc1c9b382fa781aad5c205e816d951ed3a690a10201feb77069d2c047b85ef

SHA512
47cfc0048ffc184ada0893176c5b93624db4d170b191132ebe97276232626d2a5e6a9dc1047460586c4ef4695b75c7854fcf45826e6eb982abee2f82874e60b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
025b6db4b8d5f379841ec0af6798ba14

SHA1
cbae500072791cf668a8284a94aadc1bbf2f9400

SHA256
e8c4ef6e06550182aeb11e65058d612a5749c03ef7ed459f995f9ba128f3c1ad

SHA512
d8c1057d18c794c75eba26ab778467d2283820e846f2c8f4e80b13a07ec026b7527a74915833a9f7b4f380d5ada36e8ccbc5eae770c8eb0d943e1ce08ab17ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e292e84b15ce97b6e91e2eccfcb1b37c

SHA1
5893b601b647ae131e2097d2f6234c695247e496

SHA256
3803ec061b2bd77bbb0d7ce55128d7930e1132a6014f164f1190e8554a9b2959

SHA512
8fec06b8840178eda5e243c0734c0269a68704b15b01eaf7dd62b0fb69cfb31d02ec4f4cacc6c36c30818e2c039b0c3dad7be86d27852a4efab58f004be1f680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a91f5e5206c1ed06cc19363dceb7c9f7

SHA1
83986e4dd01b66db048e8039015eba68d43adff5

SHA256
9ff78b62b3d2c656d225b35e62548a48dd58f121c6c3d1da5370ded64686fda4

SHA512
752ea232c45ef06a833815752e49f221a897c5cfa7a4d62151b44e91b5df0948997d8ff2e90d3a6672cb1fafb19c60dd1a7870699108d64370b3d57eb2e33367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d7bff60f7895123a301893b8981dd58b

SHA1
0bfe32892672939605650fa7df89d9bc164bb642

SHA256
c392b864d4d9ef684e58f0bcfc1c8ddfa23ec9759f1eb6f69c511e1ab4768ac5

SHA512
ea5d15ae04075d288fba246ee96839377442c329b970540e3187d3f82b5ecd1118d6c9deceb4450f6e30c9715fda40b584534a82ebd0ce6ea13b629082c97591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1bb5073c28a574bedeb140a7831c585e

SHA1
0eff46d756fbc9872e01ecfc3b013bee8c031e86

SHA256
2451e2448f433fe0671acd99cda0a57f8bc0d1ca52b0095f9c4ff0c2fce8a14f

SHA512
02d244666e642127c9b71d099cd028c63b13e88293dd617d8c9e872e607f210803735b13627106eb40b20be35cdbc4635dee5f06502e5d1bf30d17e912e29de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
64fd8dffd0b90fb36080d2c358616d47

SHA1
8659cdf590494ff0a07ebbdf4722f7057799eacb

SHA256
77ef9b81ff8879b5433c9dceaf8a2312209e1a4bdfd71c66ac103704514d07dd

SHA512
42ec62d848c595cf2d4a32dee9cb6d94659dc0595dcb982791487a88674bcfca2dcc2f3f54760f1b64f165a5f10021f321f459bfd811dc956413fdfdae3fd693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c7f4e865a8eb14f92901d87596f30e42

SHA1
8218d0a7f1a7d091a76859303553450bf10746bf

SHA256
3c2fa658dac7c369431f11452678bf74491b295c5a6e23a5a2bc491b0d6bd350

SHA512
39e24a69323da1b434f7f604be2705cf799dd851b5cde6f6589294ad7dd5abff4060efaa9b38eb9fb0bc553271900cca982ebf06de947f39264c289c31e14903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
aab8f91bfd0e5cd73b962e45e0300883

SHA1
20398c4fdd849a7a7831fa90eaa98533cb404f4b

SHA256
5f4ae889d66d36269acc39526195100642aa11c786ee67ca33883ae903d80e92

SHA512
7e1f330570918ef671fcee858301330a7fd33e58f30a2e45df05a9e3978ea6e6a111c78e70db284c7ed273d3098103403b5e302c0aaaf7647151b963d372fe20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
26ee544f5ade27749a272a2a3894ab85

SHA1
45d0091006d3d450d90afee5df706303df4fa230

SHA256
6bda4cce850ab90fdc4561cf3fc435a099faff6e197a9920672e882a55b49373

SHA512
d759159ee914a5cea6c74d60c6acbd1ee0e07aabc0862870dc4ec7bb9fd1e5cfdea844df9f7a9681fb3465516b93f8f994817c8d57475806e8790c6316fbe7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c73893bbabaf67f6e6a6425fdaf80737

SHA1
52f2330e2b548aa66bd37c5ecc403bcde55c293a

SHA256
867c15131b11d510b6581e39b68545caa2e634727c2cb641da3dd43ac569eff5

SHA512
66ebeb1282ce97a7864af8203e98ebe9ec83770a09dbcb529a292ccddd71fda04e6b921907dfa016556752e0dd98489930a54fa915a308af2baae90259c9379c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d02c6d489ebdc0b4cf21f43368fa03bb

SHA1
6432f143ec9c0f06758c267e86d26240dd2ebb3b

SHA256
00cfed4b1c7cbc3bf5658f37b9328c3d49f9c28bf798df8b6eb6a7677f2cc9b3

SHA512
17681ee92e8dfd892ae059d2e03a859bf412234b2dc980b16b701cfe2fbeb19aced798fd5620b681d8b02440a28e2784efc8fd6fb3f1cb39cf8d18151beee2a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fbb3a7dc7af1fd11b75b5d142a4ee26e

SHA1
e32dd1b65ac5f79bd2954cfc34029b043f7ec6cf

SHA256
0f3d9698603d0e9033ae65916e4ea1054fbc105b19e44ac6cb5a64aeb43fcfe0

SHA512
a7eb512f74adf3e849e9483b54834a079bc12434788bb4bce1a1c3a48b636202740c04fbafec9e7b8b21e7aae55f0102a4f18c2a34f607c3941ccaea187a23e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
85b6ed786512ab7b80b9ae046d82650b

SHA1
65c930ba6a2f15f77912d02bd4117e06e0dcf766

SHA256
06281662b53c8dd47f0b26017e33baf0bd45983b37ad7cf37ff8e80efcf9193d

SHA512
cd5197307ab8cb75844105d30b3d2be3bdfb582a5c7418faae759b2b5d58f6b794335cb1a59b651d2e6bf52618b087d36b917d1ab9538677bcfa37647f5d1f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7980eb7e6c533ce582e3b465ff2c7028

SHA1
bb184b46b8255ceb0207a960e56d61ac2c742bd6

SHA256
323566fae67a951708e5c23e4ff222d04093698885eb4c836106d0f05aabc2b9

SHA512
7ebad5eb986be50ef967f952b5add0fdcc220be7b83dec4f64c3ba3902497b2a9f53d4434102a5b43cbfab7cfab83c6daa2350c207204e91add2e19fbd9e6b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0a4ed3ebf3d08fe2d82f501126aebc64

SHA1
da17f2a902d8c98bdb50fe177cd6cb929bfd7008

SHA256
d236fdbdb8c83fcba8e3daa2179ac181b6ccd58473b0f14fe5a31a39c0772e8d

SHA512
8d6ce47b811e5a02e16bf0e189dc9a3241ccd26dc67f9d51dace59c27cb755f81226b0f83739f4d0c0969ae5ba65cddc64df8bddca39c981fb926477c1a73958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
044f1db87d87cfee00385bc1c9133f6a

SHA1
e678606e75e81d1261688ec611894651da9fef92

SHA256
5f82aa0d22ad4bf7e63b51a60c14b3bae9216b661109bd5020ba740be024f848

SHA512
f8ef6a6822c1bf09d8deae3a1730ec45c094da1328eb906bd021ece7b71cbe34be8e9938314e4721ed31478dee96a80dac258db081fdb9592298ec74b50adcd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0cd039b7504a5b24d52296b456e4aa67

SHA1
eae448c88320a2cd35e47d01637cdac147c3e249

SHA256
b872ee7281e3c1cbe7cb40d2a4ff280b494027e7574ffcb694e7ed663a84d9ec

SHA512
c81033c9c132f9d83ed3031501a57736c0a0064558dd2ee44250520bca62bd58ca29f5a700bdf9864ce35a76b70699b2b77503e5597cb233837b5f470a5f0f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9be3b2dee97710527dfa43a356ef2d63

SHA1
76395b4b4d26e969749175ed9b27fa16dbeb5c58

SHA256
bf7e454c60183849153c09d0275c8f564c5f0d663393076f5e2c3982ee02f018

SHA512
59fb545de85a8ddd9dcd37912e29d3dab8b13a8be09f64000c31c286fb4b516deea800085981b81cbc4fdf8107e30c772c1b914b973173ab330a91bbfdf3b50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9bc814a9404887a0d8c1a06f27b3b341

SHA1
027e63de2a512fec2299308f851a6138e3d6d7c2

SHA256
02060e2207c6f53493b9bd30fd61b0143c34663c25960a295d1daf1fc8ea6b35

SHA512
45735ec0b443dfd6244e1eb43d643dc72a6f1cad95d188e3f2594005dca87bb38fff45a5ef9fe5e0fd83ee02962931dbf7d4972c87dcaca2f9115358291db4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c9ab975376653f656575f0ff8151c016

SHA1
ec84e07f00785bb7aab6f801dd927f2ca9441b7d

SHA256
865d0e9dedb1a8b96271121c19d69f1fdfdf1b9d3e7fd25d6de9ed90247bec91

SHA512
07858dadc25e2453bbffeebb799e348fc9ae909b58033e7c58d30b8881219503bc06114c9ee4910fbe84aa5863b0a7bf50aeb3c627dc5cf9b1c912b2824dfa95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fdb5aabbd55252be3205b3d0021d9371

SHA1
26720d699ccc04507eb3bfb8a9036e5a4a4aa7f6

SHA256
82c15bf86c80c22f599b1d7134cb357a8a8f1eb67fd8e92a2d4979714617b826

SHA512
fb0fa200960827bac253f8277751d7f7be35f4ace0546d00596ac7365590e3bbb086d2f553585ae1a10fa3dec61763159a637d732c9e10c1a37107752d2a2225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8344a10e9257d09aa4b4cdb54b29961b

SHA1
5ecd5fd128d8ef7f26e6b2e56058379f8d3c1960

SHA256
6ad1308157f82786e71a11e415073383ef82c130376998a9c493232d22d29f72

SHA512
40725442fedae68337094227d024a2be682cdeeab9506f14cf51529c52275bba4f816bfbe06cdff078beae849872601b55e15a497fef089909138c2a124cbdbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582fc5.TMP

Filesize
1KB

MD5
aa7519ddd710c226d6167069f721c72c

SHA1
ebde1c52ac2cfcd0361fc3f58a6291eeffb23356

SHA256
22e3d1fad0faf7356ad1e2f2b39053a71e221be37b0f216712bd7117d826f015

SHA512
5e9ad549e2112ab949b78d30cabb2df6ceba680d8b25b9bc50a579454887e35bfbbfd03da838243ff7eb1cdbb3612dedc0bb63d8ca87a4e98226ebcc32e84661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
378775724196d802c71e2123dd3e172f

SHA1
f32f568d10c6868cc98f54d1f9a2daa85b169e9c

SHA256
a1e20bd3e028da9e379caf06ff030f1149ff421af1f578bb636c130446398a92

SHA512
e8cd27545d54ff1cc9b4ee5b09613466fbe577d91c0b6491bb3a2390b6dd63cf6c1c640eb67898a1198c40545249416a086daa10d762c0838c5921cfe0eae208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d536bb54fda1ea482baa72de7c477517

SHA1
df85c32a5f1703ca1cb174a35ac0253380454087

SHA256
256c176e8c1150d204bc315ac6f5154846c7269670c6ee184fbf5563e8935ea4

SHA512
0f8c4b0d8ca9bd0111ce6476c5da3eb0328ec5ccd07c3ada488f48a2cb7e5420c5171c90db3c5cdd6cbb44dfb91dcaa729f46ea23a71c9eb796acd1106113a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2e213ddd94d822b2fd50389baab07516

SHA1
fc50615a2465ad9281510289096eb7c9ddc9eb58

SHA256
b1e75bba7c8926a87e76f7227b7daf611bddad9a5a62900625c10350467489e2

SHA512
1fa1947a39964e11eab4a8bb144e3377a2d453f68fee6cefe664d9d34b3a147777b0bbf3a0182d7578b9f7798ef68cbe8e12860f0d901d92b7386e0bf052511d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
90b1a8dc5851260ba5778285cf694ec0

SHA1
fd37c72d09fe9f790a8c3dabe0002f0a9a877409

SHA256
c5740579ae2c29dfce9c6c4016fb8d22d24f43446792d57fabeb457e3dd34918

SHA512
21e7106b7b9f228ac42c3b1bedbe15319bf505854ec9d85f6f7bfbc6017f5a8dd14382d6e597ff3948fb2608995c6531532ba0e93e2cc79c037e01905d038155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
656e78c7fc5a7c1f04920713e39ab2b8

SHA1
47ceb883de25a90c00794106fcb2bf35f2aaa662

SHA256
5f85a8b36cc98b0910ec90b5c1270074764c1c6891ea22e1d202c3ae39ebad82

SHA512
c48c42d1ff1b5d97f59afc66a671b8f7940fce6f4d38e8d7857cf998ef4fdf90405c76cd8060f44bebd80eb17b4419c1dc4d6cd92eafdfce34f8e8e440aaff90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
01b7e591a2a146eaba7ffb07a54a39a5

SHA1
bee352750231c0ca3562697e6434b5e0bb9fd38d

SHA256
f303db62269a88f053171247abfecf0fe4db3b0861f374bba3e1c1e9374d9098

SHA512
5cc9af93a3bf061e2776f366b2c87952f16ad77a366e73a139a80d0573f5e5fffca9be05ae007641e8734a3dfc51f6e78191a92385d4f04d51b5fe9b425ef2aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
ae9795843ff54860f7ebb5569f434e83

SHA1
3bdcba3b4e7ea0f191c90d4211395d5a6e3c8cab

SHA256
b46781bfff93fe6a51f19337b2c0f68c940a8a1497f56ffbc5e66688073abfbd

SHA512
6a6c20f0f39710bb93868d61d7222e5082ceb06c07f1fe685a41e96fd52a6b8d8e568d4cd134b2824e416e8b819b7c94ffae2c7b68c7ec25f411c48943cc2357

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rmfvqzaz.djs.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe

Filesize
6.9MB

MD5
37a9fdc56e605d2342da88a6e6182b4b

SHA1
20bc3df33bbbb676d2a3c572cff4c1d58c79055d

SHA256
422ba689937e3748a4b6bd3c5af2dce0211e8a48eb25767e6d1d2192d27f1f58

SHA512
f556805142b77b549845c0fa2206a4cb29d54752dc5650d9db58c1bbe1f7d0fc15ce04551853fb6454873877dbb88bebd15d81b875b405cdcc2fd21a515820d3

Download Submit
C:\Users\Admin\AppData\Roaming\svchost.exe

Filesize
69KB

MD5
f23f6537464f47132cee7632b95daf28

SHA1
1981d5d8ee8e600c613b3c11fdff435172ca725e

SHA256
32824c331cc98500763e67b45e616d9b0f5a63f21b87439d18feaac7b35785cb

SHA512
d58575008b8358c6546f7605d5da27c2fd3578240d679a608c5d15950ce809c0af00dff0b989514a2f3a08e30c697684dcec7695ddbba659e2fa0811280a5a80

Download Submit
C:\Users\Admin\Downloads\XWorm-RAT-V5.6-main.zip

Filesize
977B

MD5
7831c9c454cb18b3a6c47b4d72533251

SHA1
03a34561e9348ea3470542a8b8078dc50800b9e2

SHA256
2ff772787310fed353039648af6fbc2dceeb27b08519f28f702f57afe680a9fb

SHA512
fb81f045e59d0b9583707770722f0df95bf6546d9b2ee30d8d27c4c4b2deaa02876e667d6a0943bc3b659f82b271df7ef88274d71c0b0021ca9b6ea7ba99a629

Download Submit
C:\Users\Admin\Downloads\XWorm-RAT-V5.6-main.zip:Zone.Identifier

Filesize
161B

MD5
bf3bc378ea568f57ab8f59970ff221d0

SHA1
20a95544c0b6d89047192deba224a53d82207111

SHA256
54945d5e1178e20d75602b57e9cee406c494c0342571d11ceb5c9a17af6f47f2

SHA512
b708139ac68eb20987b5e42632d7e23b28f80b6afe3e96f6e57237ddee879932d11c348aa7a57a7674d5d26d285bd07ff1dccc678a86b9e9769ae02476c81634

Download Submit
C:\Windows\System32\perfc009.dat

Filesize
35KB

MD5
7f41bddfccdfe4a298b0bfcf14a20836

SHA1
8acacdd3503c65fb2ddc4fbb9f41811ae8550276

SHA256
446d064235ee69494d5797e01e4039eca0a026c9b801cacf0670334104eedbbb

SHA512
bb984e7660899c293eb3e8c14156cee5237e0cd2b0ada7b03c850f027a08d728fe8774f7a377e911ed54bd788ac5c88fd6e24b41fda6d5020dc6fae0e4980c85

Download Submit
C:\Windows\System32\perfh009.dat

Filesize
297KB

MD5
50362589add3f92e63c918a06d664416

SHA1
e1f96e10fb0f9d3bec9ea89f07f97811ccc78182

SHA256
9a60acb9d0cb67b40154feb3ff45119f122301ee059798c87a02cc0c23e2ffce

SHA512
e21404bc7a5708ab1f4bd1df5baff4302bc31ac894d0940a38b8967b40aac46c2b3e51566d6410e66c4e867e1d8a88489adccf8bdcaec682e9ddabc0dac64468

Download Submit
memory/784-837-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-885-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/784-887-0x00007FF9BCDC0000-0x00007FF9BCE7D000-memory.dmp

Filesize
756KB

Download
memory/784-839-0x00007FF97B4C0000-0x00007FF97B4D0000-memory.dmp

Filesize
64KB

Download
memory/784-821-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/784-824-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/784-825-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-886-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-823-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/784-822-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-827-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-826-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/784-858-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-859-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-860-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-861-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-834-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-882-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/784-836-0x00007FF97B4C0000-0x00007FF97B4D0000-memory.dmp

Filesize
64KB

Download
memory/784-838-0x00007FF9BCDC0000-0x00007FF9BCE7D000-memory.dmp

Filesize
756KB

Download
memory/784-883-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/784-835-0x00007FF9BCDC0000-0x00007FF9BCE7D000-memory.dmp

Filesize
756KB

Download
memory/784-833-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-832-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-831-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-830-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-884-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/784-829-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/784-828-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/3204-2536-0x0000015EB8C70000-0x0000015EB8C80000-memory.dmp

Filesize
64KB

Download
memory/3204-2540-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/3204-2533-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/3204-2534-0x0000015EB8C70000-0x0000015EB8C80000-memory.dmp

Filesize
64KB

Download
memory/3204-2535-0x0000015EB8C70000-0x0000015EB8C80000-memory.dmp

Filesize
64KB

Download
memory/3536-2556-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/3536-2554-0x00000227A5C60000-0x00000227A5C70000-memory.dmp

Filesize
64KB

Download
memory/3536-2541-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/3536-2542-0x00000227A5C60000-0x00000227A5C70000-memory.dmp

Filesize
64KB

Download
memory/3536-2543-0x00000227A5C60000-0x00000227A5C70000-memory.dmp

Filesize
64KB

Download
memory/3772-2509-0x00000230B9210000-0x00000230B9220000-memory.dmp

Filesize
64KB

Download
memory/3772-2508-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/3772-2524-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/3772-2521-0x00000230B9210000-0x00000230B9220000-memory.dmp

Filesize
64KB

Download
memory/3772-2519-0x00000230B9210000-0x00000230B9220000-memory.dmp

Filesize
64KB

Download
memory/3772-2518-0x00000230B90F0000-0x00000230B9112000-memory.dmp

Filesize
136KB

Download
memory/3832-2479-0x0000000000470000-0x0000000000B7A000-memory.dmp

Filesize
7.0MB

Download
memory/3832-2480-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/3832-2482-0x0000000002C80000-0x0000000002C90000-memory.dmp

Filesize
64KB

Download
memory/3832-2520-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/4776-2571-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/4776-2569-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/4784-2500-0x0000000000220000-0x0000000000916000-memory.dmp

Filesize
7.0MB

Download
memory/4784-2537-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/4784-2503-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/4784-2504-0x000000001D000000-0x000000001DB6A000-memory.dmp

Filesize
11.4MB

Download
memory/4784-2507-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/4784-2552-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/4784-2553-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/4784-2499-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/5876-1789-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/5876-1790-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/5876-1841-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/5876-1842-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/5876-1843-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/5876-1802-0x00007FF9BCDC0000-0x00007FF9BCE7D000-memory.dmp

Filesize
756KB

Download
memory/5876-1801-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/5876-1799-0x00007FF97B4C0000-0x00007FF97B4D0000-memory.dmp

Filesize
64KB

Download
memory/5876-1793-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/5876-1800-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/5876-1783-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/5876-1792-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/5876-1791-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/5876-1784-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/5876-1788-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/5876-1803-0x00007FF97B4C0000-0x00007FF97B4D0000-memory.dmp

Filesize
64KB

Download
memory/5876-1846-0x00007FF9BCDC0000-0x00007FF9BCE7D000-memory.dmp

Filesize
756KB

Download
memory/5876-1785-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/5876-1786-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/5876-1787-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/5876-1844-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/5876-1845-0x00007FF9BDD80000-0x00007FF9BDF89000-memory.dmp

Filesize
2.0MB

Download
memory/5876-1781-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/5876-1782-0x00007FF97DE10000-0x00007FF97DE20000-memory.dmp

Filesize
64KB

Download
memory/6136-2501-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download
memory/6136-2498-0x0000000000180000-0x0000000000198000-memory.dmp

Filesize
96KB

Download
memory/6136-2539-0x00007FF999830000-0x00007FF99A2F2000-memory.dmp

Filesize
10.8MB

Download