Analysis Overview
SHA256
c471bf614dcc7041104247415092c5d5e39d6880d94e2269bc0b0cb37bdafae4
Threat Level: Known bad
The file [email protected] was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm family
Xworm
Drops startup file
Sets desktop wallpaper using registry
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-15 12:12
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 12:12
Reported
2024-06-15 12:15
Platform
win11-20240611-en
Max time kernel
147s
Max time network
148s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XBackground.bmp" | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629271907842648" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd8f8bab58,0x7ffd8f8bab68,0x7ffd8f8bab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd8f8bab58,0x7ffd8f8bab68,0x7ffd8f8bab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1960,i,16437661422590089717,1958554696935946532,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1960,i,16437661422590089717,1958554696935946532,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4792 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1572 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2460 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5152 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=1696,i,16049872760011324201,18422141014363360530,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda3fb3cb8,0x7ffda3fb3cc8,0x7ffda3fb3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,12265815507687111241,61021459219832721,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,12265815507687111241,61021459219832721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,12265815507687111241,61021459219832721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12265815507687111241,61021459219832721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12265815507687111241,61021459219832721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,12265815507687111241,61021459219832721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,12265815507687111241,61021459219832721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12265815507687111241,61021459219832721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12265815507687111241,61021459219832721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12265815507687111241,61021459219832721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12265815507687111241,61021459219832721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | modern-educators.gl.at.ply.gg | udp |
| US | 147.185.221.20:23695 | modern-educators.gl.at.ply.gg | tcp |
| US | 147.185.221.20:23695 | modern-educators.gl.at.ply.gg | tcp |
| GB | 51.132.193.104:443 | tcp | |
| GB | 95.101.129.216:443 | tcp | |
| GB | 95.101.129.216:443 | tcp | |
| GB | 95.101.129.216:443 | tcp | |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| US | 104.208.16.92:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| SE | 192.229.221.95:80 | tcp | |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| GB | 64.210.156.16:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ss.phncdn.com | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| US | 104.21.56.52:443 | prvc.io | tcp |
| GB | 64.210.156.20:443 | ss.phncdn.com | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 66.254.114.154:443 | ads.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 64.210.156.1:443 | hw-cdn2.adtng.com | tcp |
| GB | 64.210.156.20:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.1:443 | hw-cdn2.adtng.com | tcp |
| GB | 216.58.201.123:443 | storage.googleapis.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| BE | 108.177.15.157:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
Files
memory/3112-0-0x00007FFD94A73000-0x00007FFD94A75000-memory.dmp
memory/3112-1-0x00000000005D0000-0x00000000005E0000-memory.dmp
memory/3112-6-0x00007FFD94A70000-0x00007FFD95532000-memory.dmp
memory/3112-7-0x0000000001000000-0x000000000100C000-memory.dmp
memory/3112-8-0x00007FFD94A73000-0x00007FFD94A75000-memory.dmp
memory/3112-9-0x00007FFD94A70000-0x00007FFD95532000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 767147a173231a9acb252df47c72fd36 |
| SHA1 | ede4b0ac5e9f0d30966504e769e26014d5ef5afe |
| SHA256 | 560ea47c2a453d4c8d678522d3da389933d5481b5c0db4f23da212a5d2133b3a |
| SHA512 | a3fcbc35c20cb71f3e8fda9345137f207794666c6ca3862670d33db7c8e7b05e0c1c11d0cd591e2e31c4af1309b2fef872b788507e564db3801e8320d1fda7c2 |
\??\pipe\crashpad_2124_TWXCKCOZIWMOCMNS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | f732dbed9289177d15e236d0f8f2ddd3 |
| SHA1 | 53f822af51b014bc3d4b575865d9c3ef0e4debde |
| SHA256 | 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93 |
| SHA512 | b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6dbe6cd72de466042125e776df7bca98 |
| SHA1 | 12cdf0457ae5b1ef669fcd51b43024889c420e03 |
| SHA256 | fd60fa6899ab1d9d970c3c0bd20abc2db03d306902d31f06ca770fae00dd3a48 |
| SHA512 | a3f96f6e21f85494fe2d4a653757f96c74dfdfdf3ca94146beb1df3951a4c04d19c26bce0fabdaf596a4912ea663405d4c5ec63be561824616b80897dbfbf58e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f4fd55224dc3fa66666cfd2da1b8a8d3 |
| SHA1 | aabdc37d439b634b34fd38c4d8322b8198cf85d5 |
| SHA256 | 63c005cc3429b6ef9afe73abdb0c4284c071dc79823c5f6b3cb89c0527a8a38a |
| SHA512 | e3bab5d4f78e4a7e4dd25c665183a05af1cfd5913221898f584233d492abd1741e77fe41582e9fb0972dff8bc686a0342ec65150e98ea73a7ad8186972d81f7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b3dbdb5ed3ce9e8b187f7ff052ed7c0c |
| SHA1 | 5a43a26b7158532bb7738e4130c5982dc40791a9 |
| SHA256 | 6a38670adb0d14c915a035f84d97ce1a2670a9d2b93974b73dfdf24b90a7b003 |
| SHA512 | 8c997a1a627931a4d21b6f709fb8d9934d140a10d8d87b00b7516d2fae0e257e34576b436f85ab7cdd0e4e9a4e515148471fddfc2382b8e8dce5d768eb29b311 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 66c27a8aaca1bec4d103018c26b3b8b1 |
| SHA1 | c3d5145ff3d99d3672dd4c945151cb57c3ea88d8 |
| SHA256 | 3c8d9eb3b9319dadc14b55ab08af148fbb25fee3ba4b815fd38022a1ae50dceb |
| SHA512 | d50d29382621219fa53dab926c54335300f9db9bef805f7b049da976978e6cacde62fed34725d1112f227d0edeb0665cae370ba085e95dd0def62a168a8805b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fea9b167f4074dc5ce27cf90e1284554 |
| SHA1 | 3f72b164875413224bdaed34e6f6b006ce255e96 |
| SHA256 | 23210fa3fedafb7d057b51750c9e0560147c94d6b92c633f449d94b56140f8cb |
| SHA512 | ee522fad87b5dc1025b72c720981ac715aceded5bf6622bb50a9b4ed75566bb14a9d3b12a2a8da1f2577720a44cc067621bc1f3af38e47da0aed76bf8c44e812 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | c4e7ff22930aa5244276ceed5c8229ea |
| SHA1 | ca59b762821418eec2da0faa1edd0fa1600d3de4 |
| SHA256 | 8de42f555509ef6a8d81dd888bcded8db829d6c6dd651cd8991a592f45e21036 |
| SHA512 | 2c74eeab814d6aadf93deb3f9f45c414af227f9a8ed6113ecbae0ee3c904ddf20d57d9e3fa9fd2c98fbac7320cf29601c67d5bd4bcaa026417938c19ac306625 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8d8a0df0d5ef6dca3c4357f8d92bf9a0 |
| SHA1 | 10d699e54d62ac966c7701ac311de3c56a50873d |
| SHA256 | dc7bda1c13b9d83220e91faf05ed0cad5529abf5895733c44fc6c5a2b1ea1dee |
| SHA512 | a60e080725722383011f58c8ba19d4b071c051fc81a0561bfec1e264f66f74f1ec193f3d86386b2901636468c1139601f56487f7563117b3b889d1d76232dc7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 01da72c8b0051f597d74969a3bde7e8e |
| SHA1 | a94c536e65a26ca5b870bca3987ea613879b0dbe |
| SHA256 | d92b22884d8b6de6c5ca04e68a03e6f7cdf2643a7b2ba79b7fcf7247594c4000 |
| SHA512 | ce874d6c7d87f8f7a69e189c38453cce1c303e956c720b84b17904f6ebe6d6632f125c1faad3a7b527bf1657d18e0e40d42e39935e95e91c57a95da404f0c9d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b03cd7efd875bc2ceec34ad7ca92b52d |
| SHA1 | e73d289b6376de786c2970a9587c6c74cefdeceb |
| SHA256 | e2287c1480717e8726ffb648206e872f4016b9e2431b2ec2361cb4aad5c06ed6 |
| SHA512 | bebb0492109caa687ea402a84b22dc19d1b84e49842c7b03bb3ec806fcb08338977bc6b2501f2c274427f79c745bf2c253b87dafa21e1b57028e4ea073243cb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58bacf.TMP
| MD5 | 423416b2bb615d5020ae4d33526ef5a4 |
| SHA1 | 518602fad38c33190753a6905e6a6b91b0d1a7a6 |
| SHA256 | 243d34dc7729b25621222f600c42d15ec4b9b50358f7853efe40066a8e612ce1 |
| SHA512 | 94cf0d14eb873960099cabb56f5bdda09a6bb341d740ca63465c25579a2ce6adf5e838c9ee111d6a10d87eb372520584e1b4655f9aaf22bfe0f45ae9254bdc06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c16e5c36350870856bdccf35bc940144 |
| SHA1 | e9d5480f154dee21a03eca6ef80498df7373b172 |
| SHA256 | 647e970fefab31dac80512a4fc4bfcff0a5f962c67370c793a14ae79f7fa8d71 |
| SHA512 | 07d34c9cd01227d59911d2e6009c774ac9c5d275e56a84ef7a49e59218a8b164315bb5dc1eac4debd39e90397437137afe608dd4c6e60bfa35519965f1e94176 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 24a51e637b79f7eea92b37228b5917ca |
| SHA1 | 562932c66768f1a46d7943e43119af29f2c04450 |
| SHA256 | f952c896f370f28bcd0358129996f9560115e11f88bcc0c1fe42d4bf13c1beb8 |
| SHA512 | 5a8b4c97ff19a4eb579b913f93db5645c9b7e3ded0e329a9d160745aaf5c730b310ee4de616fbf7fd5212a76a82022f4274bf302f33db545a7c6c6b22876c87e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5a5ad385b71f895adaa7e6aca25bccf1 |
| SHA1 | fc26a23a32035466c5075c7d45cfbe6fc0b7bb88 |
| SHA256 | 00ba45a0d732d851d18fb8dbd6baeed848ae17ed727bb24ee7e8a82a40e9ac56 |
| SHA512 | 400974af406c883bf46bf83f971d5d28a0c71324da97a064ecf170ad94382179c9ab330f4bf12cc819f245e12bd9bdc4eb7f5cb2d108cdbeaa7fa114a2a7db05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 05bf707cd231d13dd787bdc9aaab6647 |
| SHA1 | c31196ceb895be7649295eda7a882001085adb5d |
| SHA256 | 44ca8baaa103c9695c1072d5777338c2a7e980dbff8eb2c1267a56807eb0ec31 |
| SHA512 | 59dd6bde69b83f14eba7e79ab757352480f6d80d0c92585cd837169bf59ba6e34a465a1a9bad3c77ea4ee3f875dc2fe46e44eb07b26e13caf3971ad5a7c54c3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 31139343d35de575a039721a75f6709f |
| SHA1 | fe826cc261f1cd01499d9550250d59c4421a16d6 |
| SHA256 | 866c2f4835e4423c7d3ec7fd8b6bf684b993d93e0cc7db3aa600f8250eeeaf84 |
| SHA512 | 6e39d899c39ca599ec11a256191b508e31ee839bb7aac01dde72e050aabb637e35a106e6eaa68bb56abcf9ddb12dcf1f33ab8fdc54c3d951622603f02b5f15c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c28ad47928d68524b6a96c6d64449cc9 |
| SHA1 | f4293ae846a78bf7fcb9d9c01148fc75ad157b9c |
| SHA256 | d493fde5d01b4ed9d92f1e14856426a869993537ff0612529b39a0171eb3e53d |
| SHA512 | 86197eab2b9e7c9d2695bb0502bc947bd7b3e8d6150b8730dc40016704608f7c6623f31eb49c630115a06469088ea14cee50036c59f20646c9f62d99d32cdacd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a14a458be5e6764f7f882f34b0922303 |
| SHA1 | 784ac661d892ce57a6aacbcd60233fb960bdc353 |
| SHA256 | 0eeb06979e3023ce25fbe6878defea869bde864ab64dd6f4e70010ba70122182 |
| SHA512 | fae13265d0b0a1caada6150966eb81b348cb349b19f84b8dce9301fc76b0ae7eeafd9b615384e9362ddfabe1bc77e59ca1237267771609f47bcd38c5542be858 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e28185c883dcdbfcb1a8a3fcd608f809 |
| SHA1 | 1e3a2da1e431b43d1373aa5563b7118af177aaf5 |
| SHA256 | 111d384899c64963094e69c24a1ceba2d53e09b7e00abfe543141b4ad8ba5780 |
| SHA512 | 4ceb0e3927f50aeb409f2636dc228bbf97dc1c245c6103376bb25547704f13559776a94918b403c5b021c3da414f62c66b47f78f0d1e932219f11c6692bc973d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba3f606d11447aba829a702a616f2739 |
| SHA1 | 79c9b8a10fc623d35a8d5739c69fae6fb05bad11 |
| SHA256 | a9aafd673995f280c18eae18c007ed0e5ab6fd2dd113da6b711c6cf2a0aa031f |
| SHA512 | 928aa1d1784c7929a3dfa9718571bcb4daecf5dc15bf0711bb4a4ebdfbe556985f5c2a621f1e7f685a95db1d7f6c82404823adc137c7217823c7b0cbd6a98029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 20dae7ebb6628436c9a4c99f697752c6 |
| SHA1 | 99482e20fba7b3db22de8ebea10e2f73eaa6d1ce |
| SHA256 | 0ef9d0de89c201c55fa7c1da07322986a1f270f2b82acfd68c2b73f93f7bc90b |
| SHA512 | 933a40ab8d67ece788a4d033ec77efa61a1de95524b18ecb89e52ab03bbdecf7f6db36d9e75ae70933ff326c64ddace59cac0b9203c09cd3a24a1cc8c73a50bb |
memory/3112-389-0x000000001B250000-0x000000001B25C000-memory.dmp
C:\Users\Admin\NTUSER.DAT{2fa72cf3-34ca-11ed-acae-cbf1edc82a99}.TMContainer00000000000000000001.regtrans-ms.ENC
| MD5 | b8052f8472e021780132cc95e1d34061 |
| SHA1 | 79e4bf9a437191a717945b78c21e3222b12ee3f8 |
| SHA256 | c2928c8fff61ad2bbee1a2bbae6d78df23fbcfb8a0227f6b85dacfe946f4e715 |
| SHA512 | b2e0275925567aa6771f31646f2ee0774c79aae276f65cadc8b6de80f27a197df17c2bf11227bea96ecc0cd6f2c95c200f9d9da43c51a6f2c0de455cb1efae8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5c4605aed5013f25a162a5054965829c |
| SHA1 | 4cec67cbc5ec1139df172dbc7a51fe38943360cf |
| SHA256 | 5c16c584cda1f348a7030e9cab6e9db9e8e47a283dd19879f8bb6d75e170827f |
| SHA512 | bf2a5602fde0de143f9df334249fef2e36af7abeda389376a20d7613e9ccad59f2ca0447576ac1ed60ecf6ab1526c37e68c4614d79ae15c53e1774d325b4036f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3066a8b5ee69aa68f709bdfbb468b242 |
| SHA1 | a591d71a96bf512bd2cfe17233f368e48790a401 |
| SHA256 | 76f6f3fcef4b1d989542e7c742ff73810c24158ac4e086cbd54f13b430cc4434 |
| SHA512 | ad4d30c7be9466a797943230cb9f2ca98f76bf0f907728a0fa5526de1ed23cd5cf81b130ee402f7b3bb5de1e303b049d2867d98cf2039b5d8cb177d7a410b257 |
C:\Users\Admin\Desktop\How To Decrypt My Files.html
| MD5 | d2dbbc3383add4cbd9ba8e1e35872552 |
| SHA1 | 020abbc821b2fe22c4b2a89d413d382e48770b6f |
| SHA256 | 5ca82cbc4d582a4a425ae328ad12fd198095e2854f4f87b27a4b09e91173a3be |
| SHA512 | bb5e1bbf28c10c077644136b98d8d02bfec3b3e49c0829b4d4570b30e0aea0276eb748f749a491587a5e70141a7653be1d03c463a22e44efecde2e5a6c6e5e66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b15e6497-b4a3-4954-9ece-b17b2aa63618.tmp
| MD5 | c6a8e3e6fcc7da6cb8d09a4205afd87f |
| SHA1 | 355b1c92c00053ea49bf7d462b857fb1eeabb7e8 |
| SHA256 | 7efe98f16ce93701f470a8c538a3b5b325b9e6112119f226f9b94f016c859aeb |
| SHA512 | 079dd98fe2bc12d735ccd54cc73eb2aa709f57aa9aa115c8aa2da9437d35ccc72b54241f48433889f363d9e3ed86a4a8a9871d2a6e5355d848b6dfaeb80c65ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4424342618eb22fb2b887b0535c5b19d |
| SHA1 | c665f403f2c307b84cd81c2ad68ae063a165451d |
| SHA256 | b6998173689ecb0472f3b6c82966346d6db908ae3d91186ae429203ff1356c1c |
| SHA512 | 7800c5c36727ec2d784be8befc2cc0b4afe4ba9d2ad145c7b198fc603ada1a9c8e32992d4545d94042275a19c0e81b48e20412726a4adb4732db6ed473120073 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 94bbf7a71e7b0cc714445e0e430e4c58 |
| SHA1 | a6507517da2595a5986931fa897028be0a7995a1 |
| SHA256 | 56e8e226381dd447f2af329516cb6326a2b2e18bdbc2329e3fca89fec68bcc8f |
| SHA512 | 245225292c127f7a886549a91d7cc96f025d12c7c71dc1c3f82b31861c5f60af8e38123672879e3eb7e877c3add36f5b06df97e10a7a34d01f8a062d569f66ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f30be94972266a65333484d6dbb04f35 |
| SHA1 | 1c1af72bd88694ac6c9e45a6a8bfd5ae7e32268b |
| SHA256 | 454dd8fd4718ac573f62f44b09c678958ed648767fc60a9fa01eeeca97a9d98f |
| SHA512 | 4a90a5e867433df1b4b332e5383486599721ad626485a87eb5b0f389263f3362b50aec8618d4fca11a5330ec4b3efae135e38f21dcfd8551ee788f1497ba850d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6da5100d1aa4ab01979fd54a0c88649c |
| SHA1 | 905c45a4858f6bdf0adce324966fcf95bb6097a3 |
| SHA256 | eb9d52494ec407228afaffc8629edbe54354dc422399c3fcf2226e4649b2be12 |
| SHA512 | b145d4a18920961a672a529c3b70e22f8cf5f4c8884370de72623203d5b95c02a22b676515499b5f80e2cb726012480c84d3c78f4af565e0b36b37eb526a70c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 232d8c23ffa90d8a878d4e581d87728c |
| SHA1 | bb45b7b96ce04f647e4fc6a4982ca7293ebb92b0 |
| SHA256 | 2aaa301ddc019999ec80fcc3da2dbdb2c1c1884b9063279aeb4c362d5ae52015 |
| SHA512 | 49f0411d6d85f21b5d00c55f3ee75ec56fc45fd9aac618bedd655419b56854bb46eafdd58eaf87427e3276b99133db1bbe57754a181e5d51f315096891be76a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d8b6c192e0aa0641d560f1e180220b15 |
| SHA1 | 73aad24c4614cd71d741952f4a9126b0cd4bcc5f |
| SHA256 | 43cd5b4ec61e142cd5c609b2a30d0b6e365153aca6355821f22fe2b6a93a2350 |
| SHA512 | e2ad256f8f855ef8dab292dc4421ab2690002d87a845b37a5bd85d0e3bc83a61228895ea7107cd6e25bf3a6bdd8170c53cf559fcb6de13b956d4b865150f1761 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 317d9805b7b084531e5c7c79462d508f |
| SHA1 | a97c8a1e64e6f885c2c66290db6c1bef1b7f1795 |
| SHA256 | ed17c79ff866ae5320fae37fb76fd16d3af4f34b8f961a187929122fad0ab5d2 |
| SHA512 | aed55b21d3a26d1cd869c0ecaff080590e290db9be5168c1c846754cc38b6549ebca599eddb1f659391fa8b087a7196b7dbfc6da31928c6d086ef0c367ce3f69 |