Malware Analysis Report

2024-09-22 23:56

Sample ID 240502-xxxenaeb7w
Target XWorm V5.2 password.zip
SHA256 b09487ea9dc5e977f6a82ac84bc160b390aee483ac3746180217872a0f535027
Tags
pdf agilenet agenttesla stormkitty keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b09487ea9dc5e977f6a82ac84bc160b390aee483ac3746180217872a0f535027

Threat Level: Known bad

The file XWorm V5.2 password.zip was found to be: Known bad.

Malicious Activity Summary

pdf agilenet agenttesla stormkitty keylogger spyware stealer trojan

Stormkitty family

Contains code to disable Windows Defender

StormKitty payload

AgentTesla payload

Agenttesla family

AgentTesla

AgentTesla payload

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Malformed data in PDF

Unsigned PE

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-02 19:14

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Malformed data in PDF

pdf

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-02 19:14

Reported

2024-05-02 19:31

Platform

win11-20240419-en

Max time kernel

594s

Max time network

547s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password.zip"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1488 wrote to memory of 688 N/A C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 688 N/A C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password.zip"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe

"C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe79e43cb8,0x7ffe79e43cc8,0x7ffe79e43cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe79e43cb8,0x7ffe79e43cc8,0x7ffe79e43cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe79e43cb8,0x7ffe79e43cc8,0x7ffe79e43cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe79e43cb8,0x7ffe79e43cc8,0x7ffe79e43cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe79e43cb8,0x7ffe79e43cc8,0x7ffe79e43cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5112 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
US 34.111.35.152:443 cdn4.cdn-telegram.org tcp
NL 149.154.167.99:443 t.me tcp
N/A 224.0.0.251:5353 udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 telegram.org udp
NL 149.154.167.99:443 telegram.org tcp

Files

memory/1488-0-0x00007FFE5E353000-0x00007FFE5E355000-memory.dmp

memory/1488-1-0x000001C955000000-0x000001C955C38000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll

MD5 2f1a50031dcf5c87d92e8b2491fdcea6
SHA1 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA256 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA512 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

memory/1488-9-0x00007FFE5E350000-0x00007FFE5EE12000-memory.dmp

memory/1488-10-0x000001C9710A0000-0x000001C971C8C000-memory.dmp

memory/1488-11-0x000001C971FD0000-0x000001C9721C4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8b53ef336be1e3589ad68ef93bbe3a7
SHA1 dec5c310225cab7d871fe036a6ed0e7fc323cf56
SHA256 fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1
SHA512 a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537

\??\pipe\LOCAL\crashpad_688_VEKNAXLGYHXCXEZM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6e498afe43878690d3c18fab2dd375a5
SHA1 b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd
SHA256 beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78
SHA512 3bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84b641ffb2603ad8a0ae88bb513f4e5b
SHA1 253f6a8d1e455f569aebe1a72480cb1db532a4a1
SHA256 da068fa52854aab123e5b159910b85136134b83f39fcb23fc2beae627f2e36ad
SHA512 38ad2838190a8696697d3c0701b89df76cdf2d913f48167541856ef0de4197a8f1779f1c97e7ab3d630d8c1aa3833cc11132a6be91b3cc9cba8cdb82701a7078

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b49201ce139d04a648bd818eb75c9ca6
SHA1 8643148e5fe6808f6d7d41ca7cac800bbddec6a0
SHA256 4672c5278249b123127f84ae78ebc2e65e0cd8593500826d42ee1a50131646d8
SHA512 464daba51349ac6d4455243f14921ccee818676dd9af2d1417d25dbeb991e0b3af79838d7121ae232c20ef168d85a42ba84482457c6aa031f7551692064d064b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 241b9c25c7189696175183f08cb8a6cb
SHA1 e3bf5541a186ddf240eb01b659178bb4a20d0842
SHA256 70dfde791e18d066f9611a1da048ea62844cb55d0d78585d340da069cd13f973
SHA512 3286063d6e56b6aabb70be3b9f0db2fa508d465076a2cde962e9b328c77fafe6769c70a76c075a869227ef3e95457b28982fa50f2d286768905f192c2c0d7d24

memory/1488-101-0x00007FFE5E353000-0x00007FFE5E355000-memory.dmp

memory/1488-102-0x00007FFE5E350000-0x00007FFE5EE12000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 745f94b7ce1b0e1258a91d08b35a9d8f
SHA1 dfd63747f5fbe6ec6fb2a9ed48e58ce99ab0f46a
SHA256 0d65e305254e0dd0703edff50f16a12ae870480ff11e2faf10dd7ea442c48d08
SHA512 e0ea79ea75293fd64a05db946e0e892d718a1aac82033a7516eb2372b2cb4afc511e38920e1f5f5cbecf5cd3009717468b4cdd27163bb0d8e8c23ac79793cca0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a9c5eb5305e2c228baed713790df125c
SHA1 20165297029e484ee15dbdec1d1686629546687c
SHA256 b67877f426a6c229a36746c79552ff359fa11dec20596a2e39bfa422890bb2a6
SHA512 16e3eb4ff917354e9f1d623d8e46f1a37c7f64e80c367cc3cea125beac6e37c1b488b5d40f0f30dadd7d7cb4b4c231f1085b7cb47735b46e2af1eabda2e1eae0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 4c255731cbf559fe8bbf5e153ffc215f
SHA1 837262c5d71e54d1c834a01d489fe9181bbaca12
SHA256 287d47abb4af3a340290b18ff132be5522beb5a5b5cb259f035c891ee223493a
SHA512 3c3f45935e1d6b145cbf9ea48a809e45d5828c8c20c51d733d3386e3aca592a98f85f5ec6f53655e1b930a8423a0752268e52f47af4bd4c89fa131b423e2883c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 14e39be019da848a73da7658165674cb
SHA1 e016473c4189a8cc3dbff754a48b3e42d68af25a
SHA256 39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd
SHA512 828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8e2b31180edcb82aad9577be594247cb
SHA1 4e9d75f50baa53b4981bd5e7bb1880513dfb0c43
SHA256 83ba6170e054eeb344e183a4587793441435004eb2a01b04d441f34204a7a170
SHA512 7b7ccc063a4133748387953773ce29b91eb68a4465c4b8a4760c2b96534ae47a2ce13a3a33dd1058b3e9f82499afc035a8c548b85ed162d1d0ef91c5ac07dd7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2b6e03e1d1e0cb5e9eae632698333195
SHA1 fbc374c4d1d3ad73c48f56316e8a88b7e5099490
SHA256 80c707c32e1f31feccefa261ede4a06c7ca86c2015ece6b7fa1b6d38b28dbd68
SHA512 efabd11ea070c6efe92fae97dd6b0877f7822ba12f9e378995f1345ef1b087ce64016b9dd98d3c385c9291d716eafe6fb6cf83b2fbff9385913af3e52791f76d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a97ad.TMP

MD5 1de60e630569039a48d3888cfb21385f
SHA1 fccbde96a3a0ffac8e5b08c612f3122869c5ae12
SHA256 5d236514e54c81610dc7cf525254863e4d097845c8da45471248649df1a2e373
SHA512 486a2e357bfe4f809fee534b2b5edabbf4f91ebb7f8d1e574c31edf815fed43966eb7512b8bc0bef799f8dd4fdbd40d50e7ff99a1eea68cd86412cf1ab196eda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 572e517676fb7a49e2412e577f290b83
SHA1 27848c71e1fc24ae1162bd47657f4815e84a48a9
SHA256 f941dd2d7afb77b435a16f2ac4411d5d2972be162be66c663157e7d4b3487cfb
SHA512 cbf8b71581b6ebd167d6330d49b17e7225cadd386cf4da7afcfbd26259ed848d8b373736da9ef6487c88b02ed88335661f535552d40d05c317fce7060d95f956

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 68eae0c7c25a336d2c473df8c1bb2283
SHA1 b43341be04107026b645f35d7696eac0e2ae062f
SHA256 042bc40eaa5cee4bf54fd6f2b27f8daa67c9c2fe011e52a21c3dc977c303de70
SHA512 a720e95ba76124175310f5e1acb277d5a16f4768e856214a5229c3bb274623f63b5fac609ef11086a3ac6117d18c6323fc8fc8d7909c3f5bc6031ab213ba4f1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e47f071f6e35a7c41a379f9f6fcbf7e2
SHA1 cdf6904dbdd4fe746de4d7d2eed9c113655b893a
SHA256 455b356684df2db4cdfc5c1a1236ecfed67e062eb98680ec51eeededb6226096
SHA512 a0df7e176f27152079895976ebe943f10b310c384bc65023595597afa598f7e557147e598b05d4b818eb6cc125a7f5b51ecb2b17036dcbf80bbbd57402b1d0fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9f735743e40bd55660536bea3068652
SHA1 ad757b3d8a5c91264a33edde9cfc4ea207a9019e
SHA256 727de0f5158afb4885c2719169c9923937cb1817da826a778e12c43ebe8a6fd6
SHA512 c66f0c16ada32c6b9375465c0dca300abb1c938eca65b8fa1f8c7d663c410481c63d7393bc19c8539c2d14a2e213cd96959846669f160afb71cb65db33ebbf68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 282b7ecd3c3b8021c181c4c4590851ad
SHA1 0cd8ca5454d91579ceec81376c4ef55e8ef35d00
SHA256 e2b6a8666e301d4db5e2e594b124da6df841ea40eba12c7cf16093f222499401
SHA512 afcb679916f5cb415c6c7e5101d05e72370c9f877fef877b041bc13e7f1ef9bb2ddd90d6a05b420fe17f279240c6cad0b5730ea8a4e3ac48a880d3903cbe367c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 69639f709e57ddc1ab22b57245dfe0fa
SHA1 d26612c1af88d727b986c83b2a42344c715602f6
SHA256 0fab920f15e991e8c9bdc7f4a367121693b674ca3d6c39a484b32824b5cb35bf
SHA512 d9afc57ee87e0f9390058329188d740611bb53a0beb394236d8665db081863485047929b43870ad13e928a45423ae6f91b8cae6d58e610bb4ecf20636e9724a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 3a00919e59669f95acd51752d3b4980b
SHA1 a88fb5db93e6b8d0f4bb44d5056d4e4a7008a501
SHA256 d36ac2b6b719c5e43f5aa88f2c31be70a95ca77ed0fad67c5e63efda017ff266
SHA512 bd57f2f1239971cefc1bedca68520f2f610f515f811f5f1d4eba44ff318b27715c8d31199824e5102e4b594a22091da046189a52c1862e9372d391f5724a87ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 d790b765a051c9868bdd59a7bbb45fd2
SHA1 5989cb87a3ad191560f2ae893f1779f16c9c49b4
SHA256 ed1e74f6b3e2fcc7dab9efca25198a178801437252c24d05002fb2bbe98f38a7
SHA512 32d5d6b462c9001dc5de666707db6f4b93a8ab49df4ee0e272902cc446d167d2fd270aa85ed4d5e1d9e2f428332037b36806b3c464de7e1b9bcb3ecb10a3d376

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 5da793cb6810f459003871543f7d5b7b
SHA1 5fc5c9bf1974c75428a5b351358ab4d387a936ac
SHA256 63a60888678d0274dbaeaf088a5bb7c725ca24311bb43cf3179542cc3d0b13c9
SHA512 5d302cf55ddde61aad316ac0fde3a0defdfa9409a1b1c773a0a018a2070d089a2d2ca073bd0d863a800a003f61f57176ae8c1649e766046db37ee051711b16c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 892122e11760b3cca0a9b263c6aa3736
SHA1 8c8fb682ea78311dc1b0d50fffb35146b55f1f10
SHA256 cc82c4337cdadc24530d6d335043d3d23b157a980a6754abec5b17991616ad16
SHA512 1914d25ffd8a337d31a7de13d6c3dd63d63e5805c3bbfa3c046d23c4c26177413a5657f21e0bd456a03091133864520bb74ec4e12ec581110af16adb7d658244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 3152fee8826ed8be52a7252bfba57b50
SHA1 8a896a1c44923feac0a1aa34ad10ef121c183644
SHA256 6e53469158ea0e4889385840e43b12c06245c0b62429ee3250190cc070605cfb
SHA512 3e4c967b7424a4e83cd58eea508dc8215c499377fbbc3300eb2eb0c3562e0794ea88c88cfd3cf4e0b0bfa76ec7a6f802dd5ddcf217be1f263cce5385d69fa309

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 a7cbc3eadc41d39d23324c268d544cbc
SHA1 9c14c04300fa58e5eb4f70abb7a1bb66692d72a4
SHA256 6ed5dae4eba7a9c3c300e175a03d66af11be4d6ff1279aa34f57e3dad4510129
SHA512 e0aa164410e2a57704054a0b490f462526b427aca04ec391ff7bf881bbc3482c9257b3d57afc0a4d3018f61eeffda3fe061c22c36bd8e27fa3dfa61edb200d1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359151420868956

MD5 0ec0fdcf9c5e6fecffcc5df4bdd87119
SHA1 aece5aa7df875a4a5c95c6efc6f6d0b3e8ce76a8
SHA256 e1c88a968bb5ef8f992ac7057d4ee79a5d29adaf4ec36ca6f5452ab5d04cabec
SHA512 4e14edeaf7041c1c301696d8a07982705f168dd54bcb855c43b30dcde9544718b4e74d39d9e825c83ee47541538ac4a8cb6d264aadcdae7de4e4abe26111861c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 6dc7166292d2a0d5d1e72c7e5bcba6fe
SHA1 72ff5f0e306a7eaf27d5e854ed7df73502fecde0
SHA256 da6db10696d87314867681b30f80f7807ec3a436ebd0939bef83a8dc9acafa34
SHA512 0c8aac873398536094205f1d4567871014e708cfbffb7e4e553007866df4f01fd4ba127e9c9420b0ff1891e8f1b787d56a4ae62b1dd5ea5bf1b507415fd3a747

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 51b4e7934e7485ecf010edda22744aac
SHA1 3576745f098308e60180f5e3f3add0427dd9018f
SHA256 2b4f2ebeb290e589df78db9103f92165e83e0839f824719985b47e672ac2cd2c
SHA512 3e94c032a6990acc3e5646ce6fea9c1dadbd6a86b717c8364556ecf99f021ca994edd2b495eec1e79fbe83edf85a483f9f39c68ed5a8442920e409eedd2be04c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 80327f7d2c646492f217de0a6e230c73
SHA1 088e1cb543abaf09384c8f2ff67a950252a3bd0e
SHA256 d6076d0413931adffca6856ebcf26b2ed5ef71452cc9b80ce9191c549b9da6a9
SHA512 ee046deacb89890f6134470dca278db9a75893a8b9469ae0a492d7cab99d98b5a99615f730b5191e0d319d264f281887cd4f236dec08557ca007b4eeeec0aada

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 9f2e906765366c80c32124e81e2854f2
SHA1 8a5d58f02b6880b1963b38e028f7b46ed797b0bd
SHA256 064a5c6d210f8bfb2a70a1c6722933c4a45272fa5b7ee851f65c931b0b364990
SHA512 3159c937cc817ab5dc93f5f7b91de9c9d194a4747446077477401bb7f198da9312af331e124b8ee69932f3b6d9fc123d265514b8c811eac5407ea6998b17234e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9df60cf309656b1753eb4fe15ad7a38e
SHA1 7250c5b17e181821147c25a100095874e4a21c42
SHA256 d1d6218c7e6c2dde5fa1d6b0493b683d96807c34ad64c4c1f860057096edf036
SHA512 51fd34945daa797642a39737f6346bed88ebedafc088fcd00ff2e3abbe9c6a584856c3ba4ca923aa13b6d257dd01d03e2cddf83818276a19868b33b0d45637e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 99eb4f3410780d4f7c9f432f5cc23f74
SHA1 186c87877609c9f2b5f44bbc3f9eece2e096f842
SHA256 f6644a9bb1515338c075e4566e5a4862e68cec526012120ab1269a36c1f2855a
SHA512 986ed64fa359668606a5e6b7528d9244cd0093097a8f8b701a8108de20d7f7cb09befcbb5653cfe1a0c32813020b5646a278cab9e4d5de2f2e40dd2492037c3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 de5d2571ec1e7348a88348f71c693050
SHA1 2e5f476de925143bb67742373bf497167499949d
SHA256 08cd6f663edba4ea402669f636c5212016adc45b9712412c0948f0245100a044
SHA512 24b290cefa885ceb53da7f6f31fa411f4b64db063d75468d7ff625ab60cd745bc4813c68d61df39d5bfa4d3bc1ef47e20f29a4d7e83e55d01ce76d4109918c01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f3d332ef6f28dc073e0f32075d059503
SHA1 824b9886eed6b92294f3b0fc5ab50933f4a14919
SHA256 bf8e481d8ba225feba14238bbe992caa559941a53de2a70fe26997db06983b6f
SHA512 61859399594493b29453f1c5574ef2e9476ba18c15a661d7b047de11913ce1e21010a80525d535e58372bc0fc16bd1000fa09d8fbfba177d4d19dc99537df93c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 0407b455f23e3655661ba46a574cfca4
SHA1 855cb7cc8eac30458b4207614d046cb09ee3a591
SHA256 ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7
SHA512 3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 d27acd784b2874d3dcd4f57fac8da671
SHA1 f78a476299a423268d865eaf3eb148ab471094d4
SHA256 78bbb6508dee0dad4fa94b8dd8f447b8e6f8288eb9a1866675d3d81d77bf4f09
SHA512 0ecbb20207163ae00e276aa160f063f2e0e042f9ae709351747c5bf234208d667bb36a4d421fe5ed95411ceb4b103da7ed11473487d03674cb5c28c4ddf9ee76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 c4bfc34fd57928ee6c9e41a7894eabf2
SHA1 8bcd06799715959383bac494d475e6bff23fa35c
SHA256 39fe46fdf9f272d43bb1a60705e53a0e44bcf6df77d0b2de2fba8c6793befd38
SHA512 6a233d3b422ad2fa87acd4f95f50c1e8334a06b89ec52429934d31f8c5f0039f63f4263d5a99aef64c2112aa13f7d720c641ffcba7c1b3b2dfa093671f38e9aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 52fddeed838fb588202c5b6768036e84
SHA1 720e9d3e439c0ecaa2799bc00ba785eb2787bb2d
SHA256 ac46096a02cc300c518b26add570e5a11854887e28f9ec33dd01725de9b082c7
SHA512 eb29760d87b583be2f3f2e394600d5d750475b5efda9e917895beb68202830c0462769e383fb918164aa35abe03448bc0d75d06fa93649b53a6b5edff00e10f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 025b7bd5e839b3fae0c80e707155c5de
SHA1 11e13f9f221a879ad879a5c695209f0f57822146
SHA256 76d81cdfd809628d0fa35ab31622dff6fbef3b18baa71c50e644ff92c82bba02
SHA512 1424844cee526de58c5ec235bd0a796998f57fb67a23d4039b822ad5b558b31feb5ef3e4b9eded5077bce4f02c5182726a3de5b65c984f7fe976cf509d4b377d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 3fa641867977126c2c7b5c5e1d23969b
SHA1 9a6850bb77dcd408ac422b6672f6c670970d3809
SHA256 d15ff53e525e463f13aafb9cd302d3ba7ad42390e6432b526092abd0769a2aa5
SHA512 778c288a44e3d39a3176c07f9882ebeed39a0d9a7c3140977c3204d98a3396854870545eb6e1b7432435753306d13fac84b1bd2e535e6452d0dc5ae26dfcf2f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 89643e31b6a33d856d2a780c456bbf2b
SHA1 7db55076b2d8108a46dad183e8a6d026e9ede15c
SHA256 971d252606ddd131f5d4c03f5067fd4ef20a6103d8f2f01164f24ea938fd4a8a
SHA512 42c1a4917c51c465f0bea641e0e753630802594b816525def54fa0eee7b09c03be4522d5c696ba60637223ee000e0eaf2c64c4dfabffb51b37b2fd9b23e544a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 112c528f37a4aeffb257d1b5a73d5ae3
SHA1 44cdda5b6ab7184511b545820a3f4db0e3cf28e1
SHA256 bdcb2f3f89e8d03480cc64aac77d1f965c5dd4e38d325ac2187e2767009b9394
SHA512 001056bac27b293baae21e1e7a95145be5ffb1c5238fc4524f20e6cadaf0a11e37aa327bed71888003dfc03e234168f785cd435dbc2aaf6cf49f613ca85ea841

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

MD5 d713ba9b8bc6a09281e1c2166405e4fa
SHA1 da30fc10f5f79c7504081778243123394717159a
SHA256 4d0624fc5f612d174fb0fc97eeee9ce54e75f21606244733cd6bd92bb9f045d4
SHA512 4ad4ef2739e1f19c9d23b90d367c7185a65cb3ebd8e716297bb21c8d82352eb15eab2dd969a743db37b0316c680227e50c0fc4a96d814b856c73cab5d9f78dd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

MD5 2ec494e3841e8ead0d3921f298e1506b
SHA1 ba8d046f7923547a365dad8e77f6ad59406a35b7
SHA256 a327edaa945e3091546f39ebf0458d1fef0d60ea1221fc0ee291a7b2fa8fe426
SHA512 177445ed9255f01de7fe3fd7f32b621f1b4d687032033199881946f6f7bdb3440eb60124d44a7b43be5ec42c9e162e4b0c0815e8db33da5e444a9081962e3281

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 39528f0d3f40da14c4007ff69bf96d1f
SHA1 d261565edd2402a2891991605169514bda0e837d
SHA256 af58aca5d645a50ce69f09e08a2521f821cad886903a3dbdd3a5550f84ec0766
SHA512 0cd69259c20871d5622967e7a101f8aecac1e386915e492b6d4ad8754e395d6154510474fc4c38305be409088bb92fb592c15142264bb7731c1a3802d5d5680f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 465a9712934a383cb3c71cbfd3a15ef1
SHA1 7223d492f889b0ec01165f7652c2fe8ce2e93f53
SHA256 edb44f516faa801e30e85d9c8e9292944941346685b64c9ecc5cb921b5eca96d
SHA512 50991e12cf96634371d7f4c77ce6259256e24436cee3cbe6f48b463154f4ccc3038bef09fb774caae7fce059cda162c339629a915d2e1552ecbf8e838bce8dfc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 5434cd581f6c067b7253923b03d67d29
SHA1 547bc9716a9b60d21d14bf2be17b916b5da7623a
SHA256 41b8aaad21753ce0ea322ac05e529fcb209fd4f09d844735e29a3250469829b9
SHA512 272617051cd1cde1e8e0090fdf2c04a882486d55a31c757acb1a2eff9069852c7c22e408ad8bcec35d40d87718652b1c934220b4b32ac5888f570cf3925f0454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 3f24ddecd200a42c2158db11a4d4037f
SHA1 74fc65345bbbf06b2a3e0b4127673a8ee8f34bb4
SHA256 98db96ceee03f2816492086b8957d688a4eb08c087696d61f8a8ec04cfb0a643
SHA512 4ca4b454f6cdf0e90ed1a932fd7309c571202aee839a2cc2772bb40c33206f355f6e59ddfb7dd5dd8e2518640893d3df9ee96fb90de2f76c43a96db77b447d90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efa986235cc38916_0

MD5 bfa268ab29fed7d25af990ce4d2f7527
SHA1 3aa7994a3ae6026be53b9a7fa39d72ac122f5429
SHA256 285978f43771a419289f3d83ef9760425038a16dcc1159de86876bcdb55ee097
SHA512 0c4393672d0ca5531c1429bc45bbc1065455b888b776afa88178b4eb1f73fe24f7d6171c31795175af61f6c965c81118c0f5ed158118f1d562977b22e8651e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 787531810ae12c1e3ea737ae3efddd9f
SHA1 a099d7c58a3581411ac3d40c16476fd83d5c8c97
SHA256 dae448e980653de2eb0f8ed9dea9145cab87f99f9aa18b186c02bd37261e55d8
SHA512 42ab5bea6af1bf9a3a49d57ddb5f944f2251e855d45c30f65f8215f3103bc30f6e83e23ba8e23d9e7214581d9e684a713309db0e3cc25fc1203eca4b678b12e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 565c8ab94e89a6000a9889f897cda2fe
SHA1 5601d4f8c7cee182213da3682fbaca779a99d584
SHA256 c91e7ea67354972e736615cee182ad420c87e85fafbed10ec46283218a4a4e62
SHA512 695e8155c4270ec9abec0f06950a098c25bcc8b5df71dfeffac380c2ca9d05cbe645344549aa9ff5b01c286dafce14357f826e283c6d4b41c584b77b8d03f3e2