agenttesla | hxxps://mega[.]nz/file/7EsmSABT#r26h76Nk42gRls0lhVP7XjdLU-VPCIEMi2agoqm6uKI

Analysis

max time kernel
123s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/7EsmSABT#r26h76Nk42gRls0lhVP7XjdLU-VPCIEMi2agoqm6uKI

Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1232-309-0x00000278B54F0000-0x00000278B56E4000-memory.dmp	family_agenttesla

Loads dropped DLL 2 IoCs

Processes:

XWorm V5.2.exeXWormLoader 5.2 x64.exe

pid process

1232 XWorm V5.2.exe
3784 XWormLoader 5.2 x64.exe

pid	process
1232	XWorm V5.2.exe
3784	XWormLoader 5.2 x64.exe

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/1232-300-0x00000278983F0000-0x00000278991CE000-memory.dmp	agile_net
behavioral1/memory/3784-320-0x000002DBD2CD0000-0x000002DBD3AAE000-memory.dmp	agile_net

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exeXWorm V5.2.exeXWormLoader 5.2 x64.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWorm V5.2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWorm V5.2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWormLoader 5.2 x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWormLoader 5.2 x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWormLoader 5.2 x64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWorm V5.2.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exeXWormLoader 5.2 x64.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
2760	msedge.exe
2760	msedge.exe
4656	msedge.exe
4656	msedge.exe
5548	identity_helper.exe
5548	identity_helper.exe
4832	msedge.exe
4832	msedge.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
3784	XWormLoader 5.2 x64.exe
376	msedge.exe
376	msedge.exe
1136	msedge.exe
1136	msedge.exe
4448	identity_helper.exe
4448	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXEXWorm V5.2.exeXWormLoader 5.2 x64.exe

description	pid	process
Token: 33	3592	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3592	AUDIODG.EXE
Token: SeDebugPrivilege	1232	XWorm V5.2.exe
Token: SeDebugPrivilege	3784	XWormLoader 5.2 x64.exe

Suspicious use of FindShellTrayWindow 61 IoCs

Processes:

msedge.exeXWormLoader 5.2 x64.exemsedge.exe

pid	process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
3784	XWormLoader 5.2 x64.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of SendNotifyMessage 49 IoCs

Processes:

msedge.exeXWormLoader 5.2 x64.exemsedge.exe

pid	process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
3784	XWormLoader 5.2 x64.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4656 wrote to memory of 3136	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3136	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3208	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2760	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2760	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 5300	4656	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/7EsmSABT#r26h76Nk42gRls0lhVP7XjdLU-VPCIEMi2agoqm6uKI
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab50846f8,0x7ffab5084708,0x7ffab5084718
2⤵
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
2⤵
PID:5300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:3128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
2⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5180 /prefetch:8
2⤵
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
2⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
2⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
2⤵
PID:2744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
2⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5920 /prefetch:8
2⤵
PID:6132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
2⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,8600669754927731382,18038055062803172151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404 0x46c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3592

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3204

C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe"
1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:1232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffab50846f8,0x7ffab5084708,0x7ffab5084718
3⤵
PID:2588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
3⤵
PID:5292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
3⤵
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
3⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
3⤵
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
3⤵
PID:5424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
3⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
3⤵
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
3⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
3⤵
PID:4300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
3⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
3⤵
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11198256544045942532,11571095166077925479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
3⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
2⤵
PID:6132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffab50846f8,0x7ffab5084708,0x7ffab5084718
3⤵
PID:5116

C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe"
1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3784

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2668

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4ae2b16fec57d3f97841d79ee469efd2

SHA1
9a92169a23200ca5fe3bd09f38fa9fcc386c66b4

SHA256
71b360814a137f3e7a779a299ab6c658e7124ea3d5d1eb279137d07c456df2a8

SHA512
5bebc878fb9164fd6fe1b863a3ccb42279e0332b36c8d50ea2081e45571a89effc1b1a7a8de14d6feb56213acf941d277f831cae9f7590a1e7439cedbea520a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f9fa6b9af638f3b75cd3818688825f89

SHA1
667d7cf91b28a278e24c67694a94d35b28198d53

SHA256
d5d94937cb05e9f416ba5e2b30d8e02b807f8e13d18e653c5c8fe7d462afb37b

SHA512
b0c1f5b6e8ae1c3e114302bf2f292bfdefd14da3b1fa30e39613f718e7b7ae658c3bba1f6203f31f23ba92b57bc35b8b5831379305cb7044ae666545bcb238ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
31d70ea9ef2ec3500c7678bba9099841

SHA1
96be22d9f2391dc9f9e9dcb9cdf985f746397248

SHA256
cee055b133c8ffd435a19895dd74afcf6f599909428daf6cf23c121d16f59042

SHA512
6835f378fa12078f61d8509449aa8b4ecdac962a5a23b1fb011e675bce3cc2b3191ba93f772edcfa7f4aa7f9658fa2e533ba7a321020edd8ccc5ba5c6b9ddfe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
59711bf1c642cf2896d32b04ab955d83

SHA1
459a2eada81b46af64ede8214a044220ef050927

SHA256
b22dd8d9a5ab10e573ce527f685997cd2681bff7ac46fe1b3a6525f5ad3f1711

SHA512
b123325c05ad6b230e4bb22ce1eccca9cdb3f2b4cb6aa0ade75565d886b838dd97a24f76b524c6762fe5ea33ff0c55c1dc89b611407a6fef7b5596536fdb7bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
925369193c367f6eb8434e3b3c44f087

SHA1
2ae9dca8d4184535d7ae47749e4b34c8e223f73c

SHA256
74f05fb85a712bda58fee2b2e800500a2d240f0945cdf8436d126eff4adf54c4

SHA512
b85e2eac42e01651b621192802850b812da1ff06a5d0f3c07ec13732be6839ec893130b29c74d851e724b619f2b185dbe050b750faa4305b0629533a70c2456c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
89abedde54273080f915db1139333153

SHA1
f115fd9f306119205d446e67579faf7554021e94

SHA256
ce4b08589c9f4f89efc076afd21769b783287026a12fc81addbe25a29f880fc8

SHA512
d3597894632360faf4bff010a3dedc9df2f1c95ffbf2d0ea3a84720ee6a84eb583f57f717ccde5a1879dbd86ef78a13eb7de3f277450fe8690877c2cb013a570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
95137414157fb0a8876e585afcfd8979

SHA1
6f77c352603e70af7d71447d396824caf44a65e7

SHA256
d2575308fa7f1c8434957d076b65412dfd6fdc5e322cfd749b4e7305f54823c1

SHA512
d1a1b7d0e598b1f579175bc638f82dd52bab632866997d1d6b2d3801052fe36843cdf3d157db65dc90ecfd4e7c73089cb15fd17316001797f809c93e2f3a3be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
97edacf0f06a909728dcb4c0a9302aa0

SHA1
95aa9e346db64e7e5a48621419ed6a35d6159c5e

SHA256
3006f4199012bb7ded578780690af822d4444ec6498f3540468ae9056f352f64

SHA512
9457e9d0c8bd6ba6e12e90e6e2348fa40ff797235180b99671f205dac2dfdc4e295b6936c19051ec54ce9c6d291fca28c3085e84e1effe09587f6e1e22e10773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
de489312f44dc719d270dea665ae2dce

SHA1
9e4fa513b92df2bf47155b9e139a885bdeaf5e78

SHA256
a4b7a522d857688e4e0ba6f4fd6b3a0162ebd170cbd6d5e2c00884b5f61dc4c8

SHA512
5849782adb31f09258c47eafa8dac4d4739e5a83e08074d528a2bc3a58b43aff2ac495529b7b025db164f5d57e017705d328175b2ab007a80698ba9ae75b3dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
5069c942be1d69444bb5467ca7d6269f

SHA1
8fb53a9a02a92b40d2dfcac5d3516cb676da25ad

SHA256
ad68a9ad8184adbcac20f010b90160255cf0bbb2444c0e6f1b3cf2cb0d804d03

SHA512
f1abed61b8fb67abfabc9d2209d07f0dd55938598d7bb7cd01b2a74c09a9c7477065595226ab03ca6b81d596c518980c9d16ddc10e4c1b94185b3fc3adaaf50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
79212ae59ecd589ba1ca07bee98384bc

SHA1
a29498220618c9ff82ae40910c12f8a24a2c1dc2

SHA256
d9bcad4c68047afab5a466a47c3f4b7bffb2652bfdf75486615978ed8d9f832d

SHA512
f6b7a52dffb364e821e901b705ccb0191bbde60f6911242f08186c8cbb73360eaabd987d48af2438c0e20a8095a4be8fc59c0cf764d3fb4b7df87cb20aa2262e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
774B

MD5
b6467491b741db1562eb090768b76811

SHA1
e9e8f1cfd5d147b0283c17c8072a01247f4d1348

SHA256
5e316eb8f9ac94794c3dd978956a33f46cb1233f374ea39cb53de6f01eff309b

SHA512
52bbf4f81656b45c42f796251b34e6b80cc72b3b119bc6833c8742b63ae2cf6a1cf961f7b6d4b8d4973e52a50de01c1c78eb5383f33baec9b61de1168968162d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Filesize
28KB

MD5
88b93a1b19af0e418994497c80c89f65

SHA1
00b954e80739650b5509127dee587d354e5381fc

SHA256
5539023d404486c644223658fc1756fb3408d07c2ae8ca5963333e8da9ec98db

SHA512
0beb1ea36744baec675ce4491730a8dab42d05c54e1c5d5c6604f7a33b198c2d2dc568a57cbd56fb295ecc1fd67d17ab1d8c311ec832502aa67070b33a3e2eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
469B

MD5
f362cb27ae0fb0fd6adbc08d8070a0d1

SHA1
aa7ea763d3e2b8117cda88a0d9a1f53258d46758

SHA256
b4086eee14457114d0b2f89b75c2da4d22eb569e010f063b4308810897f30c0e

SHA512
40ce551fda033566a95752a6b328ae71e88c6161ef0c47b93c34b9ffb4875d412546d1a0f20b45d20ffc4b6062fd1ff98004072a938a234c017722448edcc04f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
a236175d65d9802c8cf7238dc6d781ab

SHA1
5ab15fdbdfdccb80860cc538a30a9913c42103c4

SHA256
1e15cc9c2399546b071fd22bb493dc73ba7aea49cd21f3e8ab4b69dd65ecf6f4

SHA512
eff07b1607d34b87839bb6dc1f525b81fb4bbde27749c0e845cfb092da0253e33ff6912c85d7f25d9bc0f46e358428892774b2980413710daf17d640eeda2410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
614B

MD5
91e9d5a022839a9f47c18fe078b2974d

SHA1
0f5c7b4ebb6eb8b534b8705c7b848e2be06f7ced

SHA256
f827a03774dc53b8ba193302bbfec5c1b40f5b78821a06b5a450e0a8178f4fb3

SHA512
1d6d024915410919dba3e45970065c54297d930994331b815ab1d59054bd0cee8a7917f24a8d0083c37dd3b6d63319ff51558c3c9933ed96dbd7e9abb5ef85e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
903fc2f83d5c998eda1740e73caa174b

SHA1
4f6f6517e0a0ed6fca8af81d5201cda27fc1456d

SHA256
a5720a1a0eb930e85277f9b3eb42f7112f34f94acd91d34fe7932ddff93a2e11

SHA512
62fe35bd59125a6a02193ed4e387932c130e30b3db3e3ccd11b8f1ade54aee1983ae6f90bc5e9f4d669eca8ee59cb34579142878aa617f84618f990bada57c49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
ec15eba8ddf45a638cf159324cb23397

SHA1
d92c91a2f2b0c0c5285e10f07467dba78275132d

SHA256
e761d25a962d29cbfe3f3171178a5a40967b45eb28783a6164f6faed2a1048ef

SHA512
3604c80ae010bf47357c2e90243502782a687284b1e1e627c19a9182d0cb4680a1dd7389514182a1ee15f730ab865c1788ef73c9da2d9a47251f5de56300f0ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e59fa9278669d3f44bb1f586f5f62e19

SHA1
7762afb7371066021624fa7551b861b862dcaa8b

SHA256
cb32f7381a9343f82f902105424f8ea5655d31cf05e824ac243660b62f3c3b33

SHA512
d45e894ffe4af6e4f0634416b53413474c5bc44978fe778b7bb0c24dc3412f9d5d995df462e7b99b78bb5bcea9dd199ebf8282f84ebbb38f2776a7d6a555ee6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3bc9a2d9e97f352eb45c02f296405a47

SHA1
82f0af7dd50e3a16c78a7845be547b11615922e8

SHA256
bdcdb674968127b0452baa5998f2ac8ff0ef66cd08157e711dfd7445c730ef39

SHA512
32dd4705237c38d950e1cd5f88b8e3195359c60d7735ea937ee4f5fad6e40c68744dd6c11683861a2b6a8af9b9e3123dd982511c1fe90eb6b1f2c89d55428072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6e8726406c90b54aca66360ee3b0bc40

SHA1
ac0bd3bded1d300e239bb5133c6fc05abdc38a96

SHA256
90660a8bd2db87108f2d7203963ea3305609d58820bb902e12a9c2db6ecf1139

SHA512
61bee36c7ab16f05df404b9d590aea19f9cb0c72b94af4401ca6d99884119bd09cdb589c90d3c292469ee071163fe9b543ea5c5081ae5994efca0e1b55c05cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
430fa96da3e3b7883f1e1ec702337a3b

SHA1
898ca90940b0c07d0935e97a95b9db96b33742b8

SHA256
8ea04dd9b5bff055446571de4d9b3ee30831df5762280e1f0e58f971db9379d8

SHA512
807b32eb66eeda666f4605030a9700327daf6410575d074b2882e7569ef688d29dbd7b708abd1019a05cdd7557d014ad73afad9d6ceda970736eafa46dbd161b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
Filesize
602B

MD5
1a2cc0dcf01f870c307b0009c3d6c762

SHA1
86187ba39ce98e1a7aba2b4406a20f88997fed11

SHA256
e5c3224bb7e9f00c2c0c62c10cf4a66b469fa455454f9ade2d4f5361f6bf27e4

SHA512
9fbd6a4f1c1f3675a11cff788d09c38cb620778a4bebdfb104694bdce0ef731ecd9ab14c8a03e0d4ed6eb9fe3fe500f0495095e37082627c8adcf1626b384ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
Filesize
297B

MD5
8e37937e7b3cc25198b24d69d10856d1

SHA1
d4e4b2f1cdf714778320ada9fe9cb7f45938fd47

SHA256
ba65a3dc6876135ae30b22cc966feb853f3e27f36f5bcbf2d625ee753b3c60cb

SHA512
225b9c67605d3df9640c30a0fbc6d64a3397fe7efb454afafd945680fe8208f0dd556d1f9f0c2f401f27b8326f036b858d695732ccedadbc63e20aa9f92c8ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
786961b87968c4496a2963dcd105cdcd

SHA1
93ad6246a04a88ff392f08074afb4ab4421dba28

SHA256
549236649b48ee063a4d30307bde7c15e3cd19c7502dd8287620315fe0290ad1

SHA512
66391dfcb41a8e6216c6dcaee953316a1d7607e82679666a2b301f8988f5ded04f7fe4aae4019e9db5d0dfc824cd9035394a557094208f0a374e87656d43cfb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5794ed.TMP
Filesize
48B

MD5
1ab4849fe53cacb15c6a763563007d29

SHA1
9dd41cd32ae4b92ddd1e5897408118e82a160f7e

SHA256
4c3fb544ecef881354287128b4facabdc570561b1d173209b667fc3c8fe0e92a

SHA512
5dd18109a71946ea722a26ea5d41914cf47095668a8bc1c099aff69a5480fb8c598aa9b2e3e9d0c09edcaded6c26ba6f8dd5f353e89caac802901b7f2a0b964b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
545B

MD5
84de67ab65b7b53f16f75169dbbcf20c

SHA1
1764fee42254ad000edd11be1e8e463b9700854a

SHA256
26316d56427338e79087aa05e47bd8152f4cf795cd77e6dcc1bdfd4e38464872

SHA512
146321d8774c9cec8e9b61ee226e48f8ee36702e5ba28af4d9d5921fee378fb854c56836227ecf0d8b54f77787eaa94f1e72c0fb84b486d9112268b97cea2dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
322B

MD5
eafdf6b6306d5198cd688062b12cadf3

SHA1
6f132c25ccc04f568fc6cba856ab9397039ad779

SHA256
f0c603bf945b499ccc95b8fe1139807b95344805f6192a6450a5df6fd3005c9f

SHA512
6d66432001ad07601a3c777b8202bd518b5758624116f638c7869cb6bb5f2c3752734d7bc512da8614c678b50551ed870d5748f5c5b3ef6a014e6d4ae487aa12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362260861229816
Filesize
26KB

MD5
657847646b16cadd73f7d643282e5aef

SHA1
1684d2903fb673cfc06776b26a05f4c497bffa8c

SHA256
667f5743495dc014e37523fafab0f43aa0075798dfd92efa9d9d514deaefbbd6

SHA512
9825c164169a783d55d2ed3da81efd40ebe9877976100b9d77a201ab9c28192e26d70c519e09de86076b83ed7db3d1745fa690443bd4d37afdf6c4d886557919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
210309462d4513ba4c24286a49f710d7

SHA1
b47ab6cee29290149718bf7475b6cdbaf4b50619

SHA256
e8bcd48e21c722b185e422453a9df5ce4bbab352c38fbe3a1af00bebad7aad4d

SHA512
5c9220d9df84e3048b1d63c4e89396f24215ce9cde0f977bc856597596cfd3884f2fedecc0d88534ae2603c9948b1b4b20d6e770111981c5c38d63b2a3b3570b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
26163fa3d94abcc82c83ab1e0e669467

SHA1
686dcdaf4f92c4a7fa039242a2a23e3b93e90775

SHA256
57331e7978f03b1054db72c06144d902492cacdf156ee74621b7fb1c65bc331f

SHA512
5a93fe7d5ebbc63ea0cfb7a52a77dd0eaa8e82238cd23fd915567ff6b183a8d48d7b91271155e8737dabb7b26d557ee63714a9ae092fb731a6f071e6ee25c41c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
75e07f2f0ca89733800be9274edc5a41

SHA1
810bc0ab07b7aa68750606af236f7299e04da5c1

SHA256
5554d54e7c0ec10c75581ab44bd5e5052e06af0fd7ff816fe0b65d8634c3479f

SHA512
4cbd8000d2657bbe97894ce76af5c4cf934feb48e88ad00135898c6fb21e37ff1dcc1f819484eb79c925d59420046f9ad916a51e1c8f9eda8b17cb34b8ed0df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
9413cc44e24a093b7717dc2261856dc3

SHA1
11ec41b769ad6c6075b6467c2497e47a0ca326e8

SHA256
27e2d04e31c64e179e3c90c02c5b9b1819ef3cc17ced5a6647cb496e8a7f95ea

SHA512
012c4580a4b2b17e0afb5e423d1773c825df32a96a1af26eaba7a066debd49d74545e5b7c835baa009f7f4d14e0329e326a4e509805c8c905903a437fd7c4755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
203B

MD5
dae4341316525f86b5c9e0b24b7b2cc9

SHA1
a023bd48ff88595763eaddf700ee7619a1eb0822

SHA256
9e2932b5fd967d8d0095e0c3d613c141ea66a0071afca643f5bf29692a0812ac

SHA512
412a5c6fe7321a63ae219af0e83a42da1435d3ff3149ca580e6c0dc07c4fd67c8a9da46af13a6c9f7c5fbe38c37f4e108ad34cf2d13e2ee32ae85f99802243bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
72340598934b768447fa2d5c62123f2b

SHA1
42ee27d25c8652aa6e352569d29aaf8e59ee5b84

SHA256
d63f1e9f9e261b914bcef167f43a6a1ba82322527856ff3d0657566824424bd0

SHA512
6c5eab3af84cee7afefbc51f3cd3f590a8ba0d94a6732f9c358a79a151ebc180425953cdfe8e1e78c7456f03b7eeb052e6fa0f91e7d27d1f0474061e177784c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
52KB

MD5
a9ef8e88780e979a54997bba465ad00f

SHA1
4bbf6423aa38a2759ee6aac0da89bba64b9ad01b

SHA256
9accba608736a06bccf75f80d1e97833d9b39e73b07e7e89b235db5f5a5552d2

SHA512
a29163fcfc467541e2ec76e463f3681fa9cca95739713b2c94796e90030b1d8b88f90ea636437c0d561c2b23fa9ca4ab15e7254b24b00bf1472e99b6a1d699f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
2KB

MD5
d504803b75a1dd123a265e86706c4e26

SHA1
f44821dc546915eca0c627ae5c6834095b0ca2b1

SHA256
a3a62975b581d720eea610e3f220a20f8278495e64758031f728897c4a6df10e

SHA512
9a6c6700cfe9eebe8db42ffe95bbd44cfa77ba0eded4d8928c243962c02ca7df9d57851e9eeccc45852f818aca5026e76d53f383bcde099f948b7ae13b9f59ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
322B

MD5
5f615b99435ac674b6b4ad5426cdf23b

SHA1
570510b228d980dbcb9636143e7bf8ad6e971f5b

SHA256
9f9f425590a753ffe4b51554644362b65d295568f2fb416202a116ea466cddb3

SHA512
7425842deaf73c12b1214c0569cf79ae4157c46730e053170defc372e099c90e5ec2641cf79a451fe9c9b7ad7f6d0d99726ebaead588e38c2dcbfd23ff304fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
565B

MD5
66a0a84accbd01708463f5964a108305

SHA1
10fb966a8c32d9b5eeb405c31c83c514ff6d19a9

SHA256
1b15e724b2adee207555de5c88895ecc6e941ae2fe65bc849fcbf70ce010cdbc

SHA512
faf250e7e16a995f10440fa338195db0101c3078274717602b949655345b956f93f027e7f165aacb3dcf9d90d31f2c95078c53a8b1e0a2ae9ad35a7adb7f263d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
340B

MD5
03d66f98762b8a9a27307978d8cf4c30

SHA1
3502fd6eb1262a97c98c53158620a9c38206421f

SHA256
f4e338bc3abd069866aa4adc85c3da266ca3ed743a75f3b09cb027d891765e2c

SHA512
39b0cea7801940fda41dbfdd1852004898e11705e7b9c47830a84a12d444f983f3a31ddfbc9c2889f890a7c55546c6590572c1b761287689da099d4b7684ab59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
abe151808b219fabc47cd65bcaeb9b45

SHA1
b728822ba05216f48c28f0dde2446e8f2f7616ce

SHA256
5de3b02a37db4a5078a4c9b7ea96e9639e4712c88b9b43834e9194717c64deae

SHA512
8b97fbb4ed1da89d79d14c9de16cef16f6b3e7c9ecd6d185772cdd593e5d8ad619a5c56dc33f0233b19e979e408013da1ba1d31e253c720b7283e6746649e632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
33ced4e738ae881377307afa3b954011

SHA1
655562398213de3cc6fb16da45037fe6ef222b73

SHA256
4da027422e9d2a2e08a9d382c1e6746419385bee60765e0c4fe308e60c439084

SHA512
59cd49c78fd542c42579fe0bfc08ac60aa369729c2cb0b8efad658299fbe76ac715e7d93606140c6e21c6df725c9523e663e71d7f2abb29b6e2d9fd6d6ce099a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
6519c075fb435a1599df645d798449ea

SHA1
19b07a989a4d64f1b62a4092f5943b999be2119e

SHA256
9640f45c95330c6af01852c40ab712539a95441ebef6094f5572e685fcebcd08

SHA512
04e52f5b9a7c68da8b174504fde090abbc2fc7e81ceba0c837cca07a336818ebae06631e6ffbf1328c15bb322f1b5edbfeb0d7c5ae25c7094ec4c6a9e7c39137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
536391e397ceaaa28a73a2c08e11f1aa

SHA1
d37b2680dcaf30aafbd8a531dc24afb084b40e4a

SHA256
716844645cd5a51f0317c9691a7d95a506b8e204016f815762af2b2edf3d2833

SHA512
1b6785585de06d70aea1bd9cfd4ad8dce3b9340f39c89b7d46f51e54a5a7eee892a988065e30de3168bcb89ee2b3f8a4694dcc3560b479a2b77faa5914ec7900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
6b04efaff78f7905cee676efafa3a48c

SHA1
6360f3a14ab65758b238965eb3f22a5b75e609c1

SHA256
fa4785efb2ca71735ad677f5e48dbd52f7f160adf6a199ae8c1aef42e7f2a682

SHA512
f35d125fefcfacab859e4dd0c150143ebe5b59be40eb5b060f83156679a35cc4b7f5b8eb799308fab0e73bcfdeb2f1f11eb61247d9a843c73bfd1f26eba7b7b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a788c6b2265bf588b66197db55b9a800

SHA1
c3e218bcd7bd1ca3307754e78fa96a7f4bb1da21

SHA256
0a6843a75af44aceb324ef4e080da3ba40f993ed17528baa7344b6dfe14cbdc5

SHA512
731bac71af45df7ff3a72708d91ce761872af44c388788935003c0e662224723539e58463b0eb2bfec09b432b601615bac86095b94cf3c2d28658d08444e6c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
432cccb7a11f3ab93990adb374375938

SHA1
67013a6e383d83f0da62f5fc8e97a60240d23427

SHA256
4183ef2db3859bc1e83a586b6e266fdad2573ffdae12a16d03db149b4a496e75

SHA512
ef2a30480d5a924f650f7707b8ee316ff8b643cc14489b88c239995dd7e99b5f828a27d3f951907e4af5c99de536c4f2d60eed874c73101a86a1ca39de452ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RFZzY\RFZzY.dll
Filesize
112KB

MD5
2f1a50031dcf5c87d92e8b2491fdcea6

SHA1
71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

SHA256
47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

SHA512
1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

Download Submit
C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin.zip
Filesize
32.1MB

MD5
b65e7ecf1acb57057ee749a92439cb16

SHA1
40a96f2e5f3b94fe1f1489b6f1b4a20e997fccee

SHA256
6b70f3d3bd8656414dcac9394c9a4199c7025d9c84b527812ab6feee36e8414d

SHA512
af6ee30f9b5830beb3b4b6b9e8e9803fe59c28fd1464d6fb7293d7679589b729333605fef86b116dc4cd01b0a425818897bf4b16796d6f39496b74d96880546e

Download Submit
\??\pipe\LOCAL\crashpad_4656_ANNMAWVUDXLIDEYE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1232-309-0x00000278B54F0000-0x00000278B56E4000-memory.dmp

Filesize
2.0MB

Download
memory/1232-300-0x00000278983F0000-0x00000278991CE000-memory.dmp

Filesize
13.9MB

Download
memory/1232-308-0x00000278B4700000-0x00000278B52EC000-memory.dmp

Filesize
11.9MB

Download
memory/3784-320-0x000002DBD2CD0000-0x000002DBD3AAE000-memory.dmp

Filesize
13.9MB

Download
memory/3784-310-0x00000000006E0000-0x0000000000700000-memory.dmp

Filesize
128KB

Download
memory/3784-311-0x000002DBB7AA0000-0x000002DBB7AE2000-memory.dmp

Filesize
264KB

Download
memory/3784-312-0x000002DBB7B50000-0x000002DBB7B78000-memory.dmp

Filesize
160KB

Download
memory/3784-313-0x000002DBB7B00000-0x000002DBB7B06000-memory.dmp

Filesize
24KB

Download
memory/3784-314-0x000002DBD1C80000-0x000002DBD1CDE000-memory.dmp

Filesize
376KB

Download
memory/3784-315-0x000002DBD1D00000-0x000002DBD1D56000-memory.dmp

Filesize
344KB

Download
memory/3784-316-0x000002DBB7A30000-0x000002DBB7A36000-memory.dmp

Filesize
24KB

Download
memory/3784-317-0x000002DBB7A90000-0x000002DBB7A96000-memory.dmp

Filesize
24KB

Download
memory/3784-318-0x000002DBD1D60000-0x000002DBD1D9C000-memory.dmp

Filesize
240KB

Download
memory/3784-319-0x000002DBD1C20000-0x000002DBD1C3A000-memory.dmp

Filesize
104KB

Download