Analysis Overview
SHA256
b09487ea9dc5e977f6a82ac84bc160b390aee483ac3746180217872a0f535027
Threat Level: Known bad
The file XWorm V5.2 password.zip was found to be: Known bad.
Malicious Activity Summary
Stormkitty family
Contains code to disable Windows Defender
StormKitty payload
AgentTesla payload
Agenttesla family
AgentTesla
AgentTesla payload
Obfuscated with Agile.Net obfuscator
Loads dropped DLL
Malformed data in PDF
Unsigned PE
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-02 19:14
Signatures
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Agenttesla family
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Malformed data in PDF
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-02 19:14
Reported
2024-05-02 19:31
Platform
win11-20240419-en
Max time kernel
594s
Max time network
547s
Command Line
Signatures
AgentTesla
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password.zip"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe
"C:\Users\Admin\Documents\XWorm V5.2 password\XWorm V5.2 password\XWorm V5.2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe79e43cb8,0x7ffe79e43cc8,0x7ffe79e43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe79e43cb8,0x7ffe79e43cc8,0x7ffe79e43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe79e43cb8,0x7ffe79e43cc8,0x7ffe79e43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe79e43cb8,0x7ffe79e43cc8,0x7ffe79e43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13660036653322199921,6374902690959875140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe79e43cb8,0x7ffe79e43cc8,0x7ffe79e43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6738151366904426660,17777628356411639303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5112 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 34.111.35.152:443 | cdn4.cdn-telegram.org | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | telegram.org | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
Files
memory/1488-0-0x00007FFE5E353000-0x00007FFE5E355000-memory.dmp
memory/1488-1-0x000001C955000000-0x000001C955C38000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
| MD5 | 2f1a50031dcf5c87d92e8b2491fdcea6 |
| SHA1 | 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f |
| SHA256 | 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed |
| SHA512 | 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8 |
memory/1488-9-0x00007FFE5E350000-0x00007FFE5EE12000-memory.dmp
memory/1488-10-0x000001C9710A0000-0x000001C971C8C000-memory.dmp
memory/1488-11-0x000001C971FD0000-0x000001C9721C4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8b53ef336be1e3589ad68ef93bbe3a7 |
| SHA1 | dec5c310225cab7d871fe036a6ed0e7fc323cf56 |
| SHA256 | fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1 |
| SHA512 | a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537 |
\??\pipe\LOCAL\crashpad_688_VEKNAXLGYHXCXEZM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6e498afe43878690d3c18fab2dd375a5 |
| SHA1 | b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd |
| SHA256 | beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78 |
| SHA512 | 3bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84b641ffb2603ad8a0ae88bb513f4e5b |
| SHA1 | 253f6a8d1e455f569aebe1a72480cb1db532a4a1 |
| SHA256 | da068fa52854aab123e5b159910b85136134b83f39fcb23fc2beae627f2e36ad |
| SHA512 | 38ad2838190a8696697d3c0701b89df76cdf2d913f48167541856ef0de4197a8f1779f1c97e7ab3d630d8c1aa3833cc11132a6be91b3cc9cba8cdb82701a7078 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b49201ce139d04a648bd818eb75c9ca6 |
| SHA1 | 8643148e5fe6808f6d7d41ca7cac800bbddec6a0 |
| SHA256 | 4672c5278249b123127f84ae78ebc2e65e0cd8593500826d42ee1a50131646d8 |
| SHA512 | 464daba51349ac6d4455243f14921ccee818676dd9af2d1417d25dbeb991e0b3af79838d7121ae232c20ef168d85a42ba84482457c6aa031f7551692064d064b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 241b9c25c7189696175183f08cb8a6cb |
| SHA1 | e3bf5541a186ddf240eb01b659178bb4a20d0842 |
| SHA256 | 70dfde791e18d066f9611a1da048ea62844cb55d0d78585d340da069cd13f973 |
| SHA512 | 3286063d6e56b6aabb70be3b9f0db2fa508d465076a2cde962e9b328c77fafe6769c70a76c075a869227ef3e95457b28982fa50f2d286768905f192c2c0d7d24 |
memory/1488-101-0x00007FFE5E353000-0x00007FFE5E355000-memory.dmp
memory/1488-102-0x00007FFE5E350000-0x00007FFE5EE12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 745f94b7ce1b0e1258a91d08b35a9d8f |
| SHA1 | dfd63747f5fbe6ec6fb2a9ed48e58ce99ab0f46a |
| SHA256 | 0d65e305254e0dd0703edff50f16a12ae870480ff11e2faf10dd7ea442c48d08 |
| SHA512 | e0ea79ea75293fd64a05db946e0e892d718a1aac82033a7516eb2372b2cb4afc511e38920e1f5f5cbecf5cd3009717468b4cdd27163bb0d8e8c23ac79793cca0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a9c5eb5305e2c228baed713790df125c |
| SHA1 | 20165297029e484ee15dbdec1d1686629546687c |
| SHA256 | b67877f426a6c229a36746c79552ff359fa11dec20596a2e39bfa422890bb2a6 |
| SHA512 | 16e3eb4ff917354e9f1d623d8e46f1a37c7f64e80c367cc3cea125beac6e37c1b488b5d40f0f30dadd7d7cb4b4c231f1085b7cb47735b46e2af1eabda2e1eae0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 4c255731cbf559fe8bbf5e153ffc215f |
| SHA1 | 837262c5d71e54d1c834a01d489fe9181bbaca12 |
| SHA256 | 287d47abb4af3a340290b18ff132be5522beb5a5b5cb259f035c891ee223493a |
| SHA512 | 3c3f45935e1d6b145cbf9ea48a809e45d5828c8c20c51d733d3386e3aca592a98f85f5ec6f53655e1b930a8423a0752268e52f47af4bd4c89fa131b423e2883c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 14e39be019da848a73da7658165674cb |
| SHA1 | e016473c4189a8cc3dbff754a48b3e42d68af25a |
| SHA256 | 39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd |
| SHA512 | 828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e2b31180edcb82aad9577be594247cb |
| SHA1 | 4e9d75f50baa53b4981bd5e7bb1880513dfb0c43 |
| SHA256 | 83ba6170e054eeb344e183a4587793441435004eb2a01b04d441f34204a7a170 |
| SHA512 | 7b7ccc063a4133748387953773ce29b91eb68a4465c4b8a4760c2b96534ae47a2ce13a3a33dd1058b3e9f82499afc035a8c548b85ed162d1d0ef91c5ac07dd7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2b6e03e1d1e0cb5e9eae632698333195 |
| SHA1 | fbc374c4d1d3ad73c48f56316e8a88b7e5099490 |
| SHA256 | 80c707c32e1f31feccefa261ede4a06c7ca86c2015ece6b7fa1b6d38b28dbd68 |
| SHA512 | efabd11ea070c6efe92fae97dd6b0877f7822ba12f9e378995f1345ef1b087ce64016b9dd98d3c385c9291d716eafe6fb6cf83b2fbff9385913af3e52791f76d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a97ad.TMP
| MD5 | 1de60e630569039a48d3888cfb21385f |
| SHA1 | fccbde96a3a0ffac8e5b08c612f3122869c5ae12 |
| SHA256 | 5d236514e54c81610dc7cf525254863e4d097845c8da45471248649df1a2e373 |
| SHA512 | 486a2e357bfe4f809fee534b2b5edabbf4f91ebb7f8d1e574c31edf815fed43966eb7512b8bc0bef799f8dd4fdbd40d50e7ff99a1eea68cd86412cf1ab196eda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 572e517676fb7a49e2412e577f290b83 |
| SHA1 | 27848c71e1fc24ae1162bd47657f4815e84a48a9 |
| SHA256 | f941dd2d7afb77b435a16f2ac4411d5d2972be162be66c663157e7d4b3487cfb |
| SHA512 | cbf8b71581b6ebd167d6330d49b17e7225cadd386cf4da7afcfbd26259ed848d8b373736da9ef6487c88b02ed88335661f535552d40d05c317fce7060d95f956 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68eae0c7c25a336d2c473df8c1bb2283 |
| SHA1 | b43341be04107026b645f35d7696eac0e2ae062f |
| SHA256 | 042bc40eaa5cee4bf54fd6f2b27f8daa67c9c2fe011e52a21c3dc977c303de70 |
| SHA512 | a720e95ba76124175310f5e1acb277d5a16f4768e856214a5229c3bb274623f63b5fac609ef11086a3ac6117d18c6323fc8fc8d7909c3f5bc6031ab213ba4f1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e47f071f6e35a7c41a379f9f6fcbf7e2 |
| SHA1 | cdf6904dbdd4fe746de4d7d2eed9c113655b893a |
| SHA256 | 455b356684df2db4cdfc5c1a1236ecfed67e062eb98680ec51eeededb6226096 |
| SHA512 | a0df7e176f27152079895976ebe943f10b310c384bc65023595597afa598f7e557147e598b05d4b818eb6cc125a7f5b51ecb2b17036dcbf80bbbd57402b1d0fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9f735743e40bd55660536bea3068652 |
| SHA1 | ad757b3d8a5c91264a33edde9cfc4ea207a9019e |
| SHA256 | 727de0f5158afb4885c2719169c9923937cb1817da826a778e12c43ebe8a6fd6 |
| SHA512 | c66f0c16ada32c6b9375465c0dca300abb1c938eca65b8fa1f8c7d663c410481c63d7393bc19c8539c2d14a2e213cd96959846669f160afb71cb65db33ebbf68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 282b7ecd3c3b8021c181c4c4590851ad |
| SHA1 | 0cd8ca5454d91579ceec81376c4ef55e8ef35d00 |
| SHA256 | e2b6a8666e301d4db5e2e594b124da6df841ea40eba12c7cf16093f222499401 |
| SHA512 | afcb679916f5cb415c6c7e5101d05e72370c9f877fef877b041bc13e7f1ef9bb2ddd90d6a05b420fe17f279240c6cad0b5730ea8a4e3ac48a880d3903cbe367c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 69639f709e57ddc1ab22b57245dfe0fa |
| SHA1 | d26612c1af88d727b986c83b2a42344c715602f6 |
| SHA256 | 0fab920f15e991e8c9bdc7f4a367121693b674ca3d6c39a484b32824b5cb35bf |
| SHA512 | d9afc57ee87e0f9390058329188d740611bb53a0beb394236d8665db081863485047929b43870ad13e928a45423ae6f91b8cae6d58e610bb4ecf20636e9724a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 3a00919e59669f95acd51752d3b4980b |
| SHA1 | a88fb5db93e6b8d0f4bb44d5056d4e4a7008a501 |
| SHA256 | d36ac2b6b719c5e43f5aa88f2c31be70a95ca77ed0fad67c5e63efda017ff266 |
| SHA512 | bd57f2f1239971cefc1bedca68520f2f610f515f811f5f1d4eba44ff318b27715c8d31199824e5102e4b594a22091da046189a52c1862e9372d391f5724a87ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | d790b765a051c9868bdd59a7bbb45fd2 |
| SHA1 | 5989cb87a3ad191560f2ae893f1779f16c9c49b4 |
| SHA256 | ed1e74f6b3e2fcc7dab9efca25198a178801437252c24d05002fb2bbe98f38a7 |
| SHA512 | 32d5d6b462c9001dc5de666707db6f4b93a8ab49df4ee0e272902cc446d167d2fd270aa85ed4d5e1d9e2f428332037b36806b3c464de7e1b9bcb3ecb10a3d376 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 5da793cb6810f459003871543f7d5b7b |
| SHA1 | 5fc5c9bf1974c75428a5b351358ab4d387a936ac |
| SHA256 | 63a60888678d0274dbaeaf088a5bb7c725ca24311bb43cf3179542cc3d0b13c9 |
| SHA512 | 5d302cf55ddde61aad316ac0fde3a0defdfa9409a1b1c773a0a018a2070d089a2d2ca073bd0d863a800a003f61f57176ae8c1649e766046db37ee051711b16c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 892122e11760b3cca0a9b263c6aa3736 |
| SHA1 | 8c8fb682ea78311dc1b0d50fffb35146b55f1f10 |
| SHA256 | cc82c4337cdadc24530d6d335043d3d23b157a980a6754abec5b17991616ad16 |
| SHA512 | 1914d25ffd8a337d31a7de13d6c3dd63d63e5805c3bbfa3c046d23c4c26177413a5657f21e0bd456a03091133864520bb74ec4e12ec581110af16adb7d658244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 3152fee8826ed8be52a7252bfba57b50 |
| SHA1 | 8a896a1c44923feac0a1aa34ad10ef121c183644 |
| SHA256 | 6e53469158ea0e4889385840e43b12c06245c0b62429ee3250190cc070605cfb |
| SHA512 | 3e4c967b7424a4e83cd58eea508dc8215c499377fbbc3300eb2eb0c3562e0794ea88c88cfd3cf4e0b0bfa76ec7a6f802dd5ddcf217be1f263cce5385d69fa309 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | a7cbc3eadc41d39d23324c268d544cbc |
| SHA1 | 9c14c04300fa58e5eb4f70abb7a1bb66692d72a4 |
| SHA256 | 6ed5dae4eba7a9c3c300e175a03d66af11be4d6ff1279aa34f57e3dad4510129 |
| SHA512 | e0aa164410e2a57704054a0b490f462526b427aca04ec391ff7bf881bbc3482c9257b3d57afc0a4d3018f61eeffda3fe061c22c36bd8e27fa3dfa61edb200d1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359151420868956
| MD5 | 0ec0fdcf9c5e6fecffcc5df4bdd87119 |
| SHA1 | aece5aa7df875a4a5c95c6efc6f6d0b3e8ce76a8 |
| SHA256 | e1c88a968bb5ef8f992ac7057d4ee79a5d29adaf4ec36ca6f5452ab5d04cabec |
| SHA512 | 4e14edeaf7041c1c301696d8a07982705f168dd54bcb855c43b30dcde9544718b4e74d39d9e825c83ee47541538ac4a8cb6d264aadcdae7de4e4abe26111861c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 6dc7166292d2a0d5d1e72c7e5bcba6fe |
| SHA1 | 72ff5f0e306a7eaf27d5e854ed7df73502fecde0 |
| SHA256 | da6db10696d87314867681b30f80f7807ec3a436ebd0939bef83a8dc9acafa34 |
| SHA512 | 0c8aac873398536094205f1d4567871014e708cfbffb7e4e553007866df4f01fd4ba127e9c9420b0ff1891e8f1b787d56a4ae62b1dd5ea5bf1b507415fd3a747 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 51b4e7934e7485ecf010edda22744aac |
| SHA1 | 3576745f098308e60180f5e3f3add0427dd9018f |
| SHA256 | 2b4f2ebeb290e589df78db9103f92165e83e0839f824719985b47e672ac2cd2c |
| SHA512 | 3e94c032a6990acc3e5646ce6fea9c1dadbd6a86b717c8364556ecf99f021ca994edd2b495eec1e79fbe83edf85a483f9f39c68ed5a8442920e409eedd2be04c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 80327f7d2c646492f217de0a6e230c73 |
| SHA1 | 088e1cb543abaf09384c8f2ff67a950252a3bd0e |
| SHA256 | d6076d0413931adffca6856ebcf26b2ed5ef71452cc9b80ce9191c549b9da6a9 |
| SHA512 | ee046deacb89890f6134470dca278db9a75893a8b9469ae0a492d7cab99d98b5a99615f730b5191e0d319d264f281887cd4f236dec08557ca007b4eeeec0aada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 9f2e906765366c80c32124e81e2854f2 |
| SHA1 | 8a5d58f02b6880b1963b38e028f7b46ed797b0bd |
| SHA256 | 064a5c6d210f8bfb2a70a1c6722933c4a45272fa5b7ee851f65c931b0b364990 |
| SHA512 | 3159c937cc817ab5dc93f5f7b91de9c9d194a4747446077477401bb7f198da9312af331e124b8ee69932f3b6d9fc123d265514b8c811eac5407ea6998b17234e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9df60cf309656b1753eb4fe15ad7a38e |
| SHA1 | 7250c5b17e181821147c25a100095874e4a21c42 |
| SHA256 | d1d6218c7e6c2dde5fa1d6b0493b683d96807c34ad64c4c1f860057096edf036 |
| SHA512 | 51fd34945daa797642a39737f6346bed88ebedafc088fcd00ff2e3abbe9c6a584856c3ba4ca923aa13b6d257dd01d03e2cddf83818276a19868b33b0d45637e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 99eb4f3410780d4f7c9f432f5cc23f74 |
| SHA1 | 186c87877609c9f2b5f44bbc3f9eece2e096f842 |
| SHA256 | f6644a9bb1515338c075e4566e5a4862e68cec526012120ab1269a36c1f2855a |
| SHA512 | 986ed64fa359668606a5e6b7528d9244cd0093097a8f8b701a8108de20d7f7cb09befcbb5653cfe1a0c32813020b5646a278cab9e4d5de2f2e40dd2492037c3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | de5d2571ec1e7348a88348f71c693050 |
| SHA1 | 2e5f476de925143bb67742373bf497167499949d |
| SHA256 | 08cd6f663edba4ea402669f636c5212016adc45b9712412c0948f0245100a044 |
| SHA512 | 24b290cefa885ceb53da7f6f31fa411f4b64db063d75468d7ff625ab60cd745bc4813c68d61df39d5bfa4d3bc1ef47e20f29a4d7e83e55d01ce76d4109918c01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f3d332ef6f28dc073e0f32075d059503 |
| SHA1 | 824b9886eed6b92294f3b0fc5ab50933f4a14919 |
| SHA256 | bf8e481d8ba225feba14238bbe992caa559941a53de2a70fe26997db06983b6f |
| SHA512 | 61859399594493b29453f1c5574ef2e9476ba18c15a661d7b047de11913ce1e21010a80525d535e58372bc0fc16bd1000fa09d8fbfba177d4d19dc99537df93c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 0407b455f23e3655661ba46a574cfca4 |
| SHA1 | 855cb7cc8eac30458b4207614d046cb09ee3a591 |
| SHA256 | ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7 |
| SHA512 | 3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | d27acd784b2874d3dcd4f57fac8da671 |
| SHA1 | f78a476299a423268d865eaf3eb148ab471094d4 |
| SHA256 | 78bbb6508dee0dad4fa94b8dd8f447b8e6f8288eb9a1866675d3d81d77bf4f09 |
| SHA512 | 0ecbb20207163ae00e276aa160f063f2e0e042f9ae709351747c5bf234208d667bb36a4d421fe5ed95411ceb4b103da7ed11473487d03674cb5c28c4ddf9ee76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | c4bfc34fd57928ee6c9e41a7894eabf2 |
| SHA1 | 8bcd06799715959383bac494d475e6bff23fa35c |
| SHA256 | 39fe46fdf9f272d43bb1a60705e53a0e44bcf6df77d0b2de2fba8c6793befd38 |
| SHA512 | 6a233d3b422ad2fa87acd4f95f50c1e8334a06b89ec52429934d31f8c5f0039f63f4263d5a99aef64c2112aa13f7d720c641ffcba7c1b3b2dfa093671f38e9aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 52fddeed838fb588202c5b6768036e84 |
| SHA1 | 720e9d3e439c0ecaa2799bc00ba785eb2787bb2d |
| SHA256 | ac46096a02cc300c518b26add570e5a11854887e28f9ec33dd01725de9b082c7 |
| SHA512 | eb29760d87b583be2f3f2e394600d5d750475b5efda9e917895beb68202830c0462769e383fb918164aa35abe03448bc0d75d06fa93649b53a6b5edff00e10f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 025b7bd5e839b3fae0c80e707155c5de |
| SHA1 | 11e13f9f221a879ad879a5c695209f0f57822146 |
| SHA256 | 76d81cdfd809628d0fa35ab31622dff6fbef3b18baa71c50e644ff92c82bba02 |
| SHA512 | 1424844cee526de58c5ec235bd0a796998f57fb67a23d4039b822ad5b558b31feb5ef3e4b9eded5077bce4f02c5182726a3de5b65c984f7fe976cf509d4b377d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 3fa641867977126c2c7b5c5e1d23969b |
| SHA1 | 9a6850bb77dcd408ac422b6672f6c670970d3809 |
| SHA256 | d15ff53e525e463f13aafb9cd302d3ba7ad42390e6432b526092abd0769a2aa5 |
| SHA512 | 778c288a44e3d39a3176c07f9882ebeed39a0d9a7c3140977c3204d98a3396854870545eb6e1b7432435753306d13fac84b1bd2e535e6452d0dc5ae26dfcf2f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 89643e31b6a33d856d2a780c456bbf2b |
| SHA1 | 7db55076b2d8108a46dad183e8a6d026e9ede15c |
| SHA256 | 971d252606ddd131f5d4c03f5067fd4ef20a6103d8f2f01164f24ea938fd4a8a |
| SHA512 | 42c1a4917c51c465f0bea641e0e753630802594b816525def54fa0eee7b09c03be4522d5c696ba60637223ee000e0eaf2c64c4dfabffb51b37b2fd9b23e544a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 112c528f37a4aeffb257d1b5a73d5ae3 |
| SHA1 | 44cdda5b6ab7184511b545820a3f4db0e3cf28e1 |
| SHA256 | bdcb2f3f89e8d03480cc64aac77d1f965c5dd4e38d325ac2187e2767009b9394 |
| SHA512 | 001056bac27b293baae21e1e7a95145be5ffb1c5238fc4524f20e6cadaf0a11e37aa327bed71888003dfc03e234168f785cd435dbc2aaf6cf49f613ca85ea841 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | d713ba9b8bc6a09281e1c2166405e4fa |
| SHA1 | da30fc10f5f79c7504081778243123394717159a |
| SHA256 | 4d0624fc5f612d174fb0fc97eeee9ce54e75f21606244733cd6bd92bb9f045d4 |
| SHA512 | 4ad4ef2739e1f19c9d23b90d367c7185a65cb3ebd8e716297bb21c8d82352eb15eab2dd969a743db37b0316c680227e50c0fc4a96d814b856c73cab5d9f78dd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | 2ec494e3841e8ead0d3921f298e1506b |
| SHA1 | ba8d046f7923547a365dad8e77f6ad59406a35b7 |
| SHA256 | a327edaa945e3091546f39ebf0458d1fef0d60ea1221fc0ee291a7b2fa8fe426 |
| SHA512 | 177445ed9255f01de7fe3fd7f32b621f1b4d687032033199881946f6f7bdb3440eb60124d44a7b43be5ec42c9e162e4b0c0815e8db33da5e444a9081962e3281 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 39528f0d3f40da14c4007ff69bf96d1f |
| SHA1 | d261565edd2402a2891991605169514bda0e837d |
| SHA256 | af58aca5d645a50ce69f09e08a2521f821cad886903a3dbdd3a5550f84ec0766 |
| SHA512 | 0cd69259c20871d5622967e7a101f8aecac1e386915e492b6d4ad8754e395d6154510474fc4c38305be409088bb92fb592c15142264bb7731c1a3802d5d5680f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 465a9712934a383cb3c71cbfd3a15ef1 |
| SHA1 | 7223d492f889b0ec01165f7652c2fe8ce2e93f53 |
| SHA256 | edb44f516faa801e30e85d9c8e9292944941346685b64c9ecc5cb921b5eca96d |
| SHA512 | 50991e12cf96634371d7f4c77ce6259256e24436cee3cbe6f48b463154f4ccc3038bef09fb774caae7fce059cda162c339629a915d2e1552ecbf8e838bce8dfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 5434cd581f6c067b7253923b03d67d29 |
| SHA1 | 547bc9716a9b60d21d14bf2be17b916b5da7623a |
| SHA256 | 41b8aaad21753ce0ea322ac05e529fcb209fd4f09d844735e29a3250469829b9 |
| SHA512 | 272617051cd1cde1e8e0090fdf2c04a882486d55a31c757acb1a2eff9069852c7c22e408ad8bcec35d40d87718652b1c934220b4b32ac5888f570cf3925f0454 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 3f24ddecd200a42c2158db11a4d4037f |
| SHA1 | 74fc65345bbbf06b2a3e0b4127673a8ee8f34bb4 |
| SHA256 | 98db96ceee03f2816492086b8957d688a4eb08c087696d61f8a8ec04cfb0a643 |
| SHA512 | 4ca4b454f6cdf0e90ed1a932fd7309c571202aee839a2cc2772bb40c33206f355f6e59ddfb7dd5dd8e2518640893d3df9ee96fb90de2f76c43a96db77b447d90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efa986235cc38916_0
| MD5 | bfa268ab29fed7d25af990ce4d2f7527 |
| SHA1 | 3aa7994a3ae6026be53b9a7fa39d72ac122f5429 |
| SHA256 | 285978f43771a419289f3d83ef9760425038a16dcc1159de86876bcdb55ee097 |
| SHA512 | 0c4393672d0ca5531c1429bc45bbc1065455b888b776afa88178b4eb1f73fe24f7d6171c31795175af61f6c965c81118c0f5ed158118f1d562977b22e8651e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 787531810ae12c1e3ea737ae3efddd9f |
| SHA1 | a099d7c58a3581411ac3d40c16476fd83d5c8c97 |
| SHA256 | dae448e980653de2eb0f8ed9dea9145cab87f99f9aa18b186c02bd37261e55d8 |
| SHA512 | 42ab5bea6af1bf9a3a49d57ddb5f944f2251e855d45c30f65f8215f3103bc30f6e83e23ba8e23d9e7214581d9e684a713309db0e3cc25fc1203eca4b678b12e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 565c8ab94e89a6000a9889f897cda2fe |
| SHA1 | 5601d4f8c7cee182213da3682fbaca779a99d584 |
| SHA256 | c91e7ea67354972e736615cee182ad420c87e85fafbed10ec46283218a4a4e62 |
| SHA512 | 695e8155c4270ec9abec0f06950a098c25bcc8b5df71dfeffac380c2ca9d05cbe645344549aa9ff5b01c286dafce14357f826e283c6d4b41c584b77b8d03f3e2 |