Analysis Overview
SHA256
42b0a525bbffc7d06c5aa9ff806f7537364aaf1c26e22ded33152336b3ad2354
Threat Level: Known bad
The file Penis (2).zip was found to be: Known bad.
Malicious Activity Summary
Agenttesla family
StormKitty payload
Stormkitty family
Contains code to disable Windows Defender
AgentTesla
AgentTesla payload
AgentTesla payload
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Drops file in System32 directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-05 19:32
Signatures
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Agenttesla family
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-05 19:32
Reported
2024-07-05 19:37
Platform
win11-20240704-en
Max time kernel
264s
Max time network
267s
Command Line
Signatures
AgentTesla
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\lodctr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2608496357-2693146533-2740208290-1000\{7BE1B32E-07D2-47AB-8576-94A55F022424} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Penis (2).zip"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdd70d3cb8,0x7ffdd70d3cc8,0x7ffdd70d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,1626199419767480543,15446286570004153711,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,1626199419767480543,15446286570004153711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,1626199419767480543,15446286570004153711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1626199419767480543,15446286570004153711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1626199419767480543,15446286570004153711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1626199419767480543,15446286570004153711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,1626199419767480543,15446286570004153711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdd70d3cb8,0x7ffdd70d3cc8,0x7ffdd70d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2747959316943072422,3199148441532449613,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2747959316943072422,3199148441532449613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,2747959316943072422,3199148441532449613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2747959316943072422,3199148441532449613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2747959316943072422,3199148441532449613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2747959316943072422,3199148441532449613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\XWorm V5.2\Fixer.bat" "
C:\Windows\system32\lodctr.exe
lodctr /r
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\XWorm V5.2\Fixer.bat"
C:\Windows\system32\lodctr.exe
lodctr /r
C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdd70d3cb8,0x7ffdd70d3cc8,0x7ffdd70d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2947382032780645768,11986997208695485639,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,2947382032780645768,11986997208695485639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,2947382032780645768,11986997208695485639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2947382032780645768,11986997208695485639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2947382032780645768,11986997208695485639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2947382032780645768,11986997208695485639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdd70d3cb8,0x7ffdd70d3cc8,0x7ffdd70d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2947382032780645768,11986997208695485639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2947382032780645768,11986997208695485639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdd70d3cb8,0x7ffdd70d3cc8,0x7ffdd70d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,14599919521083972872,1526882386064826346,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,14599919521083972872,1526882386064826346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,14599919521083972872,1526882386064826346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,14599919521083972872,1526882386064826346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,14599919521083972872,1526882386064826346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,14599919521083972872,1526882386064826346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,14599919521083972872,1526882386064826346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\XWorm V5.2\Readme.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdd70d3cb8,0x7ffdd70d3cc8,0x7ffdd70d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,7863229837576650369,14366285693036662999,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2020 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,7863229837576650369,14366285693036662999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,7863229837576650369,14366285693036662999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7863229837576650369,14366285693036662999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7863229837576650369,14366285693036662999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7863229837576650369,14366285693036662999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,7863229837576650369,14366285693036662999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\XWorm V5.2\Fixer.bat" "
C:\Windows\system32\lodctr.exe
lodctr /r
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\XWorm V5.2\Fixer.bat"
C:\Windows\system32\lodctr.exe
lodctr /r
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdd70d3cb8,0x7ffdd70d3cc8,0x7ffdd70d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1988 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdd70d3cb8,0x7ffdd70d3cc8,0x7ffdd70d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdd70d3cb8,0x7ffdd70d3cc8,0x7ffdd70d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,3647986519762218156,11681642921101240966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 34.111.35.152:443 | cdn4.cdn-telegram.org | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.35.111.34.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| IE | 52.111.236.23:443 | tcp | |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 149.154.167.99:443 | t.me | tcp |
| GB | 92.123.142.107:443 | www.bing.com | tcp |
| GB | 92.123.142.177:443 | th.bing.com | tcp |
| GB | 92.123.142.114:443 | www.bing.com | tcp |
| GB | 92.123.142.114:443 | www.bing.com | tcp |
| GB | 92.123.142.177:443 | th.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| GB | 92.123.142.177:443 | th.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 34.111.108.175:443 | cdn5.cdn-telegram.org | tcp |
Files
memory/3076-0-0x00007FFDD60B3000-0x00007FFDD60B5000-memory.dmp
memory/3076-1-0x000002AD73080000-0x000002AD73CB8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
| MD5 | 2f1a50031dcf5c87d92e8b2491fdcea6 |
| SHA1 | 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f |
| SHA256 | 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed |
| SHA512 | 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8 |
memory/3076-9-0x00007FFDD60B0000-0x00007FFDD6B72000-memory.dmp
memory/3076-10-0x000002AD77160000-0x000002AD77D4C000-memory.dmp
memory/3076-11-0x000002AD780B0000-0x000002AD782A4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dd3589b97978441d244d4e821fd239da |
| SHA1 | 63286c2b1fc75939d6ad4e1176901b5c7dc58143 |
| SHA256 | 6ddace977f58c209176969a77634f8a7cdcaf6f1a550cdbc056674b2b538a5f9 |
| SHA512 | 6a6a16c168445ee2511c363b31faae8bdd851259ccbdcdd8e93584dc076e1bd688891e5804479a1313019428387207b7a2ba23fe854c53ac86467c730c25b4c2 |
\??\pipe\LOCAL\crashpad_3384_QCMJJPSVNCPQEJJF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | be6d8a5227798b38c33128c43f9febf0 |
| SHA1 | b5db7c6a1593f45c75ebb6a81e57628d11fcb892 |
| SHA256 | 7eaf875fc88b9d5125a56f088e3f676d1762503427fb6b94dbe0eaef71c23234 |
| SHA512 | e34ec91b098f08c06754d1e873acfa7773e696dcd2f7be1b2cfe83962944cdbc59703511341d95ed8e5e0aea8f28c9d7b7b497cec719e7a771e6b5e5f6c28368 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8051deb3f2bbc5af6fbdcf602fa23b8f |
| SHA1 | e79c67883557a913e62232548582b05005d10545 |
| SHA256 | df1dba27fe113215e9f93706a2ce06bebd5a8b4005d2b98914c6b814088b498b |
| SHA512 | 8015ee28b4e1f1e2b718317c64f9328dc1a5063f0dc16490dac510d5deae889ee5ec13dd742cd8b3312ab7bfa72df0257493b036358abb9e9991d2681d5a6965 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\df8169cb-174c-41c8-ba25-9a83c3011448.tmp
| MD5 | 0b31a4328649a557033814a094ab24a7 |
| SHA1 | 0d6082737209cae00d281f09080b96691c21ec0a |
| SHA256 | 70f7f42df954b1903ad201f0f882200a2f3ba44c25f8c3c9cd6921b9ca60951d |
| SHA512 | d78dbc2c82ef059b5ed1023a72ddced45d61d2fea6e3f78cfe71da400623a4ea513db9ccfaa3c85997130912d4f3fcbcd442ea25486084e7bc203c982bf8c007 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3656ed281f266e1c4c506507e65ea0d2 |
| SHA1 | 1bd9b3f040c4b9f75c5b65210466845f06bdccaa |
| SHA256 | 0c2575d83165dd60bc90387b1c0193a89451d2857eb5c6ac6f570072782de839 |
| SHA512 | 9270209275de40491a309e6976a41bbb84d1da24f872a23f538e79230b61fb09a7ecb162a84caf41dc74c2a6be84853e5418d20d99b83dc4a8f2c94d1285fc64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e637c5aa360ba8637c5d0dcaa81d2a90 |
| SHA1 | 9a9c597cf79006ed4b7ea9407c1813845d26e8ef |
| SHA256 | 1551ff1a9134eedee8c815a18caf0f41edf2e55c0083b811907757d6d96e504c |
| SHA512 | db528bd71cc7e339e51aecc2fde147d94e9129eb3c0b62d169b8c2130f9ecfa7eef5feb250adb6b18cbbf78dd38a892f6b3fe9a413ccfb9565d22571378b5f94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a2f73cb7a85b97881dd1fba09d5da765 |
| SHA1 | 8f1847b4ee955f2c2f7041d36053123128f73f9d |
| SHA256 | 1d23e60e4e6f8f1d282d02d3960147f767f51e7655f14239fedf4c9b7dafdee0 |
| SHA512 | 1a88fa51a4b664d31318964a8e0050ae315c07a100f9b6c57a07b5bcb90b9859f755182cde5b32849464347e0d17aa1d689db6963cc4c5d127d6ace89832220d |
memory/3076-134-0x00007FFDD60B3000-0x00007FFDD60B5000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37ac21fca934c8d931c84ed178a368a4 |
| SHA1 | 9b356ae507e6c4dfdc6fb1fd85963a1becbfff2f |
| SHA256 | 736eca8dbbc23fc86a92a135169316d6acedf5b1a11ec847cb99c59ae23ad446 |
| SHA512 | 43631c7769de3e09da5f5af46114eec36a3a3ab3e1f0b9f758c540ecc9daa4ea8da08314c990e64f1df3f82529553a6b290cfcfb4ff54c1c91619f7d06e0e43f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | e436a31740165ee29b18c645644d7a9f |
| SHA1 | 96e9cd419ff871d0050f4fd06d17cab8faaae11b |
| SHA256 | 53bc55a977adabaab65c499e9f95f80436cbb61e4a086773702e73d6494505f5 |
| SHA512 | 34aee3887bc3bb2982e46a8861d44cfd972f105d8d3fd67b730fd3d76f492172b1707102beadac1697a665356eb03b89bf6a1be6d7f69e8881eed5f6940a5418 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 6c8c69c9c05738cddb917d498b0c6223 |
| SHA1 | ddebc54a1d4c714778ada25674e6c53d9a4db7e9 |
| SHA256 | 49d12e830d501245cfab3e28f1b47f17075f5ef088c7576e80795d206a91bf5e |
| SHA512 | ce7aefa05f39aaf00d59e198cdd1ecc40db732ecd7f2467b31d77c6d265e2696b3bfec2ddf609e6155e429011af75223828fb57db30f9adae34c631a9852a429 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 60e6d8bf6a098b1cf46e8d365c22c06d |
| SHA1 | f68ce11347aeb282fd3054e91859ad7301af9141 |
| SHA256 | 3e43e0b4f695bb8bb1f55f0fb39e9bc89aefd66b3159d941a9209c14039402af |
| SHA512 | 636862bde7efa4215fa6b8e8e51a26058569bdffd74e74fde2011c267af26802a1c2d2afa57ffce3f8a752833c9be080e0f76747be5c0e0f93d26b0c0fdacb75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 31d42d8395bc5bd9376b7359a1728b0b |
| SHA1 | b9ced529b816653113023effd816810d327262c0 |
| SHA256 | 60c79ccfafeaa824838133efc8d5b9babeb8f1427aefae598a8efeb400cbebf0 |
| SHA512 | 1642e32e836925cfb8842579b14441abb8bcf407f468780bf748c2a3481766791a973400d5b5d319299f77383d9c41afcc3b4ae8ef9a19755da337270443e628 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 3080c4ce536231ecc25028a4b4ca0e1b |
| SHA1 | 744d4e716b73cc8abe5adc055caafd109f2389a4 |
| SHA256 | 628e1c8a0a475fa221d08ded94ae2f38dc8e267a8a0df9a554b56f966bd54521 |
| SHA512 | 1b23c121eb6f1838be44f82ccf8ff316604f7a6f7a76c05931347382aba4a3b53f10dfba3b52225c327d1681dc7cf640b7730dd365a3033b0f288b06f9b15348 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364681635682259
| MD5 | f7912d0bc73aa9a31a44173961ae002e |
| SHA1 | 33f0055ec201cf92ce954a329161795f311c198d |
| SHA256 | 11d96da017e7ff0aaba5f1ced0d77ba692280bf49eb64e3198d7865ecf511b60 |
| SHA512 | 8e497addc5df54d37093adf733daba119e7624faf30fcf55379a767c35cfd1aa1c269493634ddf3f435da3c08346210ae45d2315ba087d62928dc2b420c77364 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a94001539c513061379680ee1c898f76 |
| SHA1 | 2aaa8d5aef034eda2a164b4fb4760b96cca84234 |
| SHA256 | a9f7bc94de2eac746ecaf53b9d4017c7d451a88093c3a05242449453238f4999 |
| SHA512 | 1b58352444981f6250000879b25df32b61ce395848e202f66c692897d4d3bb09451321ffc92ffe5944b2c8e573d435dcd12fdd1578ac713985a4f12e24fd4931 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | db2f3ed52d8d28e1c01ed36ca479bcdc |
| SHA1 | 5650cf509d4883a24253cae4d7fef35131bbdcba |
| SHA256 | 9cb33a043402a37d1d921f4d19a92944baf66d85b39f563de3fa2c058bf0569e |
| SHA512 | 5162bd8808faae1dbc092396b8585bc0afdaaa1470562e93e67bfd43d4497c6ff633a0c217aee1c20960523d4559fede444f6612b91c6b70af702400bda1bcc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 06378c8f9d37d86238217f1427b1015f |
| SHA1 | 1d6cfbe4618c6892d6a700e2b7149b06978fa365 |
| SHA256 | f200521099ea856ade18603a6082f598c504a8fd6fdc27e8559ae901a82c492c |
| SHA512 | fd402c044382fbe5be38d762a7360e1307d240bab5c4c92f2df176fd44b8688a8033e5865db60de51851588cd09d2432f34bba2291f74f4f55f38602157287a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 3f2e146c26e89970f133bfad68539474 |
| SHA1 | 7769e51c7fe949f5845a1be8c92c3a3c0d65f725 |
| SHA256 | 025f0be72729895bd34716abfe9dfe68825198e69f791d23c2a018f9e5a9f9a3 |
| SHA512 | 9625a6de252b7e8c36ff2429168dfc73236f59456b44a1ad159af8bcd83ce28d963b1402422c34b3069ed957d946d635c9995ab2ab29d78a556ba4f0884aa332 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 3c3c48e7a4c9b4162aee989fbb5052a9 |
| SHA1 | 462a3978135e74a776fde71e5b58b6f15f654e3d |
| SHA256 | 253be2b22cac494e4fe3af7742efd8b6ca111914f4b3ba836a3eb601a22d3181 |
| SHA512 | 3073471c657eb6b8827915d20156055203ca25b43f8e5eca8205a24d38ee3e6f0170e3b5370c9e45b49a83f7a0e95a20efd8ec13647fcf45ef74296c60d79a6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | a62d3a19ae8455b16223d3ead5300936 |
| SHA1 | c0c3083c7f5f7a6b41f440244a8226f96b300343 |
| SHA256 | c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e |
| SHA512 | f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ade82540e8de02de8cfa7b93dacd8c3 |
| SHA1 | 4eddfab29ea417768bb2e34faa0ed9e767613e1d |
| SHA256 | 791d6188362e9fb9dcb50b0c4853607d6fc42341f0d0a2ef62a6d4e952644a48 |
| SHA512 | 0cc7a3d2371cde3f82622da0f6a1a8642ce9dd37bb8ab3ac8b019e00609442fe304e03f8214a0a87ca9b3d36f79ff67ad01caa4481e899829baf09e55cc591d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | c5eaefb5264d4b030c0bd724b2b7b40e |
| SHA1 | 00c53cc2894d80fa75c69b0aff6f99815ffa926e |
| SHA256 | 0bc1af72da3997acbf8810b5bd68e75b757ceadaf26f69200bc88690b32966c6 |
| SHA512 | 4e0c3dd22624789952cff3401f1b631514f3a2d5bbf87b12254b101a2ec2f2e4d9d6761aceebb37881d7c102abfd88c2453aecacd8d8496e4c9dfebb7a4f2cb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 3fa641867977126c2c7b5c5e1d23969b |
| SHA1 | 9a6850bb77dcd408ac422b6672f6c670970d3809 |
| SHA256 | d15ff53e525e463f13aafb9cd302d3ba7ad42390e6432b526092abd0769a2aa5 |
| SHA512 | 778c288a44e3d39a3176c07f9882ebeed39a0d9a7c3140977c3204d98a3396854870545eb6e1b7432435753306d13fac84b1bd2e535e6452d0dc5ae26dfcf2f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 31253053c30f68d4186dd30a1c0bce83 |
| SHA1 | ad1f575bfaac7014fadb16e75151b20dfbb17144 |
| SHA256 | dd2c17d1b7daf3776db63065fb81f2ca22d68ef714724bebc1222b417b77d86f |
| SHA512 | e642b16179e65198c411b16fd96ff9d909831a3d965996eef9ba2b0713cb73074a3a8a872f9df483c9919dbb9c3b6c8af93ec6e0624c9024a3e079168f108f9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 265771e3ce65537a880ffe1e85f00945 |
| SHA1 | 931e6e391b15a33598fdb8f048ea7616b96fea64 |
| SHA256 | d9fe7fd64fb3348c720312e57a4d0bad30c59522f6183d487e91141008bbec65 |
| SHA512 | ffcd9c5f0a695304ad40f79fd7dbea9a7eaef23d8a034ac9e41c382182a448770b3dde24334e3fc64cace8ffa4f094405bfbedb0833c44b9f6ebbf702211f47b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | ee1b6934ed40924cb98185f10c89c58a |
| SHA1 | ad21635625d170d7e515ba630751a8293ad17361 |
| SHA256 | ee5175dd5e960761b744b38cb78d6b3488db999dbd925a02dc2e70baa03c7913 |
| SHA512 | c18a0cc0f1554f16d0e776039e165e23de4c377159690902a1d7c74cf80ecf78da42d99ce7db364258f06845a3a8124ea3462b10c50b6b2b6a9aa64cfcb541ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 44fba485e839d4f784140f5783a0c5ed |
| SHA1 | 3e2d72fbb4ba9ac194480c2383bf7363611dd199 |
| SHA256 | b3531a90499ad318ad9f6ebbe7a4f23a4f1a3182bcec0546f97b8603a6f1bb9f |
| SHA512 | 0703932530dd14a82d316fbb0ac8e26fe319ac99924833a823abab0e7a6834ecaf4ed37938999e9aa5556ff4c567d22263f2d11bed6a9f531f49069d3099052f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 9c29f64f5607e88e196732fd91c59bbc |
| SHA1 | 89e5807c27caec186098e5cd2df3bf1db437c953 |
| SHA256 | b5eed113cf818ec9f26034ad0649cbfbd3f23d702bcb9bd11c852ef8658f58eb |
| SHA512 | bdacd356b74e6fce1af27dec37c8e52218a35de4ff6277b5c04fced3d287678add8d20941087eb84093f0295cb5d73742cf8140ea1dbe064f02ba8c458f35031 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | dc9b8684e184b9a64afa85c3d9dfbbef |
| SHA1 | ad1400d4d500a9a132540e74dd8fff24ce71d43c |
| SHA256 | eab491eec01a611cf3a22f528e2343c666d40ad2aaa60b3c92a2118601e09415 |
| SHA512 | 1514fe40f8eb4324b2808fdbed42272ce30100a79099a50621a1f3a9167b3234c92c477579ed254fe70bfa3efac78abb962d8780c4812bd0e39a78f2cd6e59d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | d713ba9b8bc6a09281e1c2166405e4fa |
| SHA1 | da30fc10f5f79c7504081778243123394717159a |
| SHA256 | 4d0624fc5f612d174fb0fc97eeee9ce54e75f21606244733cd6bd92bb9f045d4 |
| SHA512 | 4ad4ef2739e1f19c9d23b90d367c7185a65cb3ebd8e716297bb21c8d82352eb15eab2dd969a743db37b0316c680227e50c0fc4a96d814b856c73cab5d9f78dd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efa986235cc38916_0
| MD5 | e39c0c227d0e605a35c018502954b53b |
| SHA1 | 4ca1c2647af36ad96c640f09a9f63264ac6f3a9c |
| SHA256 | 920a6681a05ae03681793148376b72027aaab0bcf01ce8c9081f80adfec654e3 |
| SHA512 | 350fe4d0d6f08577ead06af1124886a9ad1fd1660b8d4eeb932211d6b7235be82f541576717cf8f9ef418012a7a638bbaf84343debe0d7753ebbe4cc216fd610 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | c697f1c52a71e4c947e2d975218239a5 |
| SHA1 | f0a138fc34b60787c3f2a31fd623190df064583a |
| SHA256 | d6963c65690b920b7774e6c2bad834563b09b38e265d39b52123a3efc937f7ca |
| SHA512 | 9c19818106627c28fb05900bc967d6b714813002ce6ef31c1122dcafa88abed85b6f642abe7de312751725dc2614621a2c3808dbcfbd17632f930ab0844f26ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | 2ec494e3841e8ead0d3921f298e1506b |
| SHA1 | ba8d046f7923547a365dad8e77f6ad59406a35b7 |
| SHA256 | a327edaa945e3091546f39ebf0458d1fef0d60ea1221fc0ee291a7b2fa8fe426 |
| SHA512 | 177445ed9255f01de7fe3fd7f32b621f1b4d687032033199881946f6f7bdb3440eb60124d44a7b43be5ec42c9e162e4b0c0815e8db33da5e444a9081962e3281 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | d8da6a590553ba5cac59e96a9eee1097 |
| SHA1 | 0bda84789b7ee91fca7b99e1f17ce11e013ab85d |
| SHA256 | 401b2f706d6b208b03fe10981cf837aeabbccf39d96da03b7ddccb7cd1076ab8 |
| SHA512 | f17bc63345073e7d404249a37fe1d60ef7852c0ef3746ab673de3d3eeb18f9960e5cce1ea3bfc5ad21480a1a0dc1af8d1ff783197f7b8fdd1829324afcf025be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 7b082d4e6ac43b775c3c8a9417abeb19 |
| SHA1 | 781ae581272e4dc47c7e1a7dde4d80c66abf174e |
| SHA256 | 82e5b3e8c849fbd7732bbd355685cc026080ee150e589e19e4e909af330a233a |
| SHA512 | 6a1343a54368a65263d1d8665fd9bf6d12dc853776270014c68f2f3291da09cde5c03755e8e084b6a2f12430e2ffa6e527a4e973b34e67a64a6d94a960e9b011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 14e39be019da848a73da7658165674cb |
| SHA1 | e016473c4189a8cc3dbff754a48b3e42d68af25a |
| SHA256 | 39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd |
| SHA512 | 828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | f4017127d1ec466e5eaa9381fb542920 |
| SHA1 | 431fec3f952f5e45c4ff64a992f7a5d91be34460 |
| SHA256 | 21befff8e26723141b552ff1ab105e9a50d448527155100052d087377f22adbd |
| SHA512 | a04a4c40f6fd422ae1cc3f63ef51c221cd5c08cd52352ccb4683abdf3a5e7654d028d227c7fa3736c3baac4d73377743a0fa03e63a5487d6ed8e64e44cde8c01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 36166180b975252e508c6778583ad6cf |
| SHA1 | a1150e742575686ba96d4fcd30905baf59dc8af2 |
| SHA256 | 27ac2d817b74cd6b2011a3c5a85c99f7dcdb02e6dc0e55030f3bd5fb6b5b5fda |
| SHA512 | 901fbbee7c925566ca2d04017f459344fcd1a249f684da13ecb2042298fdf10540108f6539e7ad1465ca3594b26eb09645f5e4e232255d5c86bdce2e6f91bc84 |
memory/3076-196-0x00007FFDD60B0000-0x00007FFDD6B72000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364681635454259
| MD5 | 66f208bc9272a178317c72d77aab21a5 |
| SHA1 | 69d170766e04588fb92674f9b382b3586ed1b4cb |
| SHA256 | c265a70f05ad2458ea02d5d79822d60119a13bb849e6e00c84a0a7549751f791 |
| SHA512 | 4a191646e208b18be81aba1fad728694603fe53c3afa62eb3c4048d82e80d1dad29872c657bff8489f8175da269c6cd3645f998d902918d0699fc3b1537b88ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d37c3a40d1b21be9c47e97dad2d0debd |
| SHA1 | 7d723202f9dd1464d0ce8b7cb225665f668172e5 |
| SHA256 | be9bb40f5d53a1c331ee06952fcfe50b952e20010c56f09656512b00d297d29a |
| SHA512 | bfe19189a6942a93eda8685d86a37c1015de80816c06a4d52d69fd862b0b804e3c5dbeabe187060e5720a8963a9f4644da00ebbbb385e04a505d3ae8b7bcbee5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d086e96a0897125f713b15d86c32d39e |
| SHA1 | 390179f1b1926d6f95c01c9b8062ac3a93c0c104 |
| SHA256 | e68fad7869d102300f74654a039361715c05d018ca60ba51f2f092ed87e5014c |
| SHA512 | c7a77bd75ad3af276d330d90240aa41d932c432bbc12fec85ee6e2a58ffe447e25f69360cd2891ba3a57537ca9286cf4d1a92724a9e83a4a812bcf467f244ae6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 408dc068ee9e98527e656c9a5b01a0da |
| SHA1 | 7f8112e0531f3708446472ce4581576c5ea77ee6 |
| SHA256 | eb8ade0c58e40ceb6acf5a179eb04045c3b80018a6ea885f180c2b45107d5cc3 |
| SHA512 | 2e8bfacae16f71938067de1cd49dd7732faf37eded7bc72c46d4f3137e6fe8859ab721d11f5d2a243015edc37913b24d707cd1bd409f8306feb32020e6774237 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 80af45d9decdffa045678590bbb1084d |
| SHA1 | c64f1eb6a1b54242be4126778cccd60a42613956 |
| SHA256 | 7b3511b29be73f27dd5dbad1baf8729159424e939fb114730a3f3f83b7cc117d |
| SHA512 | b0d62946c10a698a3c4de0f1bb2dd56ad70b640c51b1732fa2f8a5f20ae958ae83a3e920fa1055bb29fadb2fe46cee6b6d61a5c0f774cb477dc18d1b46366143 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | d60c034e16e3209a78af0a0b0147f5ad |
| SHA1 | b83458a72b915a29d12332450cea7aebacc86b58 |
| SHA256 | f2f053cd7f22cba15351bdff719b313ae1f254b3b288d1fce80ee0f9a12e4144 |
| SHA512 | bac98dafaa72773a6acc30479c60bdd4d87460b08d398561863274ee9aac92db148eebaa2edda804cd87a17bed4be1d55f6ec4721b6156d410b7426b091fd895 |
C:\Windows\System32\perfc009.dat
| MD5 | d7d7fd6e4781222b87731bd7cefd6288 |
| SHA1 | 59f857b4a34b48189b9550082c7ce5546ec7592a |
| SHA256 | 8e5fcb1cd62a5ebcd23e2a7d6bd8086875e006bdb6f42472d0dfb1591c86e34f |
| SHA512 | a8fa248991e37c1b5b5a05624e05b35a600528070253a56a4225a2e0db806442eb2401339786e3a86c150b9032834e90c6e29b88161465d964241a09a780d1fe |
C:\Windows\System32\perfh009.dat
| MD5 | 1ad05e460c6fbb5f7b96e059a4ab6cef |
| SHA1 | 1c3e4e455fa0630aaa78a1d19537d5ff787960cf |
| SHA256 | 0ae16c72ca5301b0f817e69a4bac29157369ecfbadc6c13a5a37db5901238c71 |
| SHA512 | c608aa10b547003b25ff63bb1999a5fff0256aadd8b005fdd26569a9828d3591129a0f21c11ec8e5d5f390b11c49f2ef8a6e36375c9e13d547415e0ec97a398f |
C:\Windows\system32\perfc009.dat
| MD5 | 1e60bc5e525063b96078df17fbd3c4e1 |
| SHA1 | bae8eda409cb3e016ddd420c6354aeaac2d267b9 |
| SHA256 | a0894847ca6208cf7e519d8e825458596bbcd78156a453e32872de7592ea20d8 |
| SHA512 | 5758d535e4ce20cc30b9b57fea1811feffb2655ecc6eec69c942defb4b4f8c06e8e37860f85ec7cad26df9d7635ecaf131a68ec4ee291aa36e448c7ef2339652 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWorm V5.2.exe.log
| MD5 | 1be7203acd6229945a1cba0d5e856b7f |
| SHA1 | 14ba215de70394a60f5616267ee855f368b41ff7 |
| SHA256 | 96210dd80524de4c054948d92475cee3574823cd8dc8331db1210bddcd3fafff |
| SHA512 | 33300a8fcd18dde69d84a5892d8ff933e71a69328b1078793e00a32899f39ae38a4f8c75e1df7a56f516ac76dc65d4bd61aa9d9fd3a50be9e5774a94ad26f49b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 14d8954f4d2ca30606cfad2bfb65cdc3 |
| SHA1 | f707648af51001f93ec889845d297b9772e99e56 |
| SHA256 | 7977031bb2385408cb2df33a3fd2e01ad18e63fe2e9fcac43622d8fb0a258e2b |
| SHA512 | ee3b6ae1778d7178c07f01a3efb20e042d976f5958721672e092f4222f8f320c4ec9812acbefe8de8e587e6328c18985e759a46c46638a93b39feee9eacce6b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d5ac0ef1-1b3d-43d1-8a24-b39eccd6e11b.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b41b5624d6f1e80bf8c320f603128e69 |
| SHA1 | c040b4701172306cf9e7d788a3eed00de516a816 |
| SHA256 | 434629565eb8c756fe11e8cd592f74fcd2ad12d9e94b6723fb510f5df81154e2 |
| SHA512 | b21890a5b8ff41c51963d094adc28dbbda246d235d194c2336395279f3c19eea3c847af852db1d15e29087e69b6c245ab055a1ac2c4d222fcbb92a875673fb08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | dc9766333de288a9fec1b404632188b4 |
| SHA1 | 02b7abe3f2cf09fb545b87c22d50aaa556b796ba |
| SHA256 | 878cca0c31e7c4100e61f7dcea70f29ba74e1f11bd006051ab3181376507aa20 |
| SHA512 | 05d8626b3b40d28066bc8d43c70c31c8d64fefa2b3455668aa83b6da11c83c45df6cf3be2043b5b9a07c53318828875f87db45ab6a0a740f484c163cbb27eaf6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57b4d49b6a529489066b9922a8effbe0 |
| SHA1 | f32bb86cd4585db600b9603286b13c311f5b866d |
| SHA256 | 5a5591da08ea346850e1491a929d5f9b21d9d9698891ee73148fd6ac3eb13d1d |
| SHA512 | 78b7540437dd7cedf909ca579ad97f352ee685674e82fded15c6e1002dab6647b970841c8b85a8b4648322dd717fe0ce938a381c98c9db30e405c2aca0b950fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | c168ca12aaff659ca55987da5208ceb4 |
| SHA1 | a8f22533b341eaa973c9df28ec606572bb28e804 |
| SHA256 | d570e9df38d061c9583289e999501e66f05cc581989ff73b32f404f3b3ad7af2 |
| SHA512 | e3b31b7c61a3d99a34ad8b80dd8ffc8aec6113f34a222fa05bf4386af3d27b2d97ef6b8889e6c42f994a694b332eb56ebe03747aadb358b846e9a7707aa5f4ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | ea0a7119ba7cc7bad71183085fc8c5d2 |
| SHA1 | 812e59cbc3987f4047c4beb67c194c1e2a69a5ad |
| SHA256 | 604040659963ad673ecdfec9cb719e86c1193f9f768a57d81947199ea8654d39 |
| SHA512 | 83a2f4309fde0831a3ad0bab19ce1f9bc20f17b0f932358a323e3c92f089bfb32555a9b490bcc1fc30949501169942e00a0540386942f526d2669a9d5613f817 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 53440626cdd34e0f5511483a695a3082 |
| SHA1 | 30dab69d37b89222f42f1b77399752892460cfe9 |
| SHA256 | 5d2d52a527865aa095e2117c4c763b270f40be87a50f89c4aa090f1dc0c08a0e |
| SHA512 | 078a1f249ffbc0df39bb17a049ef08789fec4c593ebe2d129226f1a64deb085f100bcde445f1f0a21ff9dba3fcb45cd6088336e0bff6e1570b2451b63e0db8a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4fd2624bae661fd6846869cd23d6ab4 |
| SHA1 | 8987fc11120188f513b0b8bb225a076360e38b8e |
| SHA256 | 8cdfd35fdf7dacfc16a9254f1ba024762566bb19b4452496412023f4deb2708c |
| SHA512 | d403d129a2eed4676f74b9364a18b6ba63e9118e4bfaafa884ad5d91e3a038b53065070f831cd2f5e344f93ee95cdebff0751bacd0b38c0cbdcf125ea878fc48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 95789fbaf468fa54bc5d05ef3788ecd2 |
| SHA1 | c4677fa22450fc62647f7abc5784cae4521d24d4 |
| SHA256 | 5fb4a82f4265c013742b257f012fb0b365d8b4b04f321a46095f78645657290a |
| SHA512 | 083452ae122cb3a3bd19e048f79d716743c405af513e959f6c1a73b10b014de21eec0a1a00393c39c0cf304132b96256c19621d774e2fa7f2ebaecacb05c35c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6cd7ba3bcff2346aa6117128ff1003db |
| SHA1 | 3510c3918872c987d7c00818009633ca2b7da94e |
| SHA256 | 96791c41bc5a203450f3e07f406d66bd234f0576f81cc138101eb0b5dbd93db2 |
| SHA512 | 8e075c13721b542d330e0bf3fbc48f9d64a53773be8d876c51e5e9940ba04b9373d15c2e69ca845dc3ef1578aa33709ccc2dc236de9120332e4f32eb2b4f09f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c96c404902a4aa10b46a4648f22c339 |
| SHA1 | b5d3f657375ed930bb020cd1632d0d4ecb888cda |
| SHA256 | acd0cd3e1256efbbf7aa412fb19557ceb6ac3c39a19b717e0053ae3775d6f3a7 |
| SHA512 | ee29f52404f80fca3d68e4da01966397edfa227176a855cfbd4cd425abb1547832e05264f30510fd53c620681f529967999e14c1e2bb7048f3828f4fd8aee7ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d91f162f4a73e0c6ea9ac74543c36bbc |
| SHA1 | 1946382bf0ada735d3988d48cd0a5cf1bc353d39 |
| SHA256 | 560c2072903f5941767b34d2cc5b4c3ec948962ecaf4e0425cf66bf86cbcd66b |
| SHA512 | a4331d8753b2b200be5d760f9fe36d0285db834e881dfe3db27981a72fbad0dfabd632d2fe995788306a91d2df30e96707fa9b5278d5377dc02fc21f804f6f5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae1e274f157258e64d1b7a04de9eb1dd |
| SHA1 | 8da2a75c49eff15843b2fcdde031044bfba89f4a |
| SHA256 | ec2f49e7c2907730b8396b98223945bce33940df6162103323dbb7255f45b49e |
| SHA512 | ba79eab66df211f9d7599fcd9a9d7a9666af318a30415b3af33abde3d4c89b7e41e085e2dc96b76605cda844893e6eef7d789ce583b0c6df9d8321134d3fda2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d186268880af939696dbe94df1758cd2 |
| SHA1 | 0125cf9fedf000bf8b3ef15693b896f57920744c |
| SHA256 | cfc5c2f26b7ff9a1b80c3a9dc4de2ffbad7fbc2d13876f24b7699ac1a2edf2ff |
| SHA512 | 08ac6118457903901c76397d3b7fa16e56b5f6bdc7f23fe4dc56fd5540b42a1dca9adbd97378691f5b33f87df99c17222d44f204cc9fc1c34ed10f6c830537a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 077c7b57a1c4e9afcaff6be2a0518766 |
| SHA1 | ecf68598600b6f0dcddcff3cc2a941b2f80ef755 |
| SHA256 | eac1e88baa64f8cbf027d2ccdf6cd5d3fecd7a62d3dd0592cd7ff4d7fc043c53 |
| SHA512 | 0201528a82be3d4633ea0fd3f34a4e6e34a79172356d2b4d4464b22a7809a9183b1b28335404b611d0546db8afa35d9a69d2b4b2487e271f6f1a10e8bafaec19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6e0701c0bb2a7cafc9e55b203fe509b0 |
| SHA1 | 67db165d593106dc2d3eee2c619bbadcd711da99 |
| SHA256 | 3aa6fc8ff0fb3d506791a15d6d0f36c12bef04ccd2c33ed17e62d67103dbb943 |
| SHA512 | 00727d3c5f90553ea2c3e492278ecfb2c5f0350db2a4c4946c058773d4722763178cf9730adb6f969895f8e76c21626fb29c4b9f02936a99e09f4f0058aa8af1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9d043c5e89cc95d81fbc3057d9530ae1 |
| SHA1 | 3ffaccf7ca4671986c8cc883563333f87c7a35b2 |
| SHA256 | 746625d9bead7d751deac152badf5658b3751f36ff517c20beffed426a609009 |
| SHA512 | 20bc1e1e3ecad367ff928696f0c52e2d0a99f84f011ba5a9290266ea69c829ff900600638f9f3abcce9094ece86c0f624589ddb60876c6982bd36dae17023d88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 46a1db79922dfaed8e3fae1f0b885e44 |
| SHA1 | a24c7960702bdea8be8c0730c126c9d97e8c1233 |
| SHA256 | 53e99d8291841c92c260f7be43b90a98b56e179c4792b0aa3e5eeeedf63279e8 |
| SHA512 | af96a54590365e1968e7592ea1d84cc75109ef5263b4975c02d67f2c29b1c0fef5cc4a30330c9130bb1a1afe8d37cdffb0d5e2ded2466054a8bea90026a8d61e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 1c9a10bf4d5e736480de44e5b6cd978e |
| SHA1 | f3d055a2f44e843dd6ebc2672abf85e44521b5ba |
| SHA256 | 378366ba2ff1f432fcaba127da204d1115b08262c48bd091a6346418df5f8961 |
| SHA512 | 877f79a758d48b3d5c169d7e873012fd330d82fd5c75131fbb504f58992a053381dd0e12e0ded14585aa5811e6aa6b96e86b4f8a39f256d7b85fa106a8115f4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0781420c37ca0604277d959e7d858c54 |
| SHA1 | 80e525379ba77e6e07d5cc520a4699841c049867 |
| SHA256 | 6dd5ebac48919328dc795a04ef9e189ba731d0a2649be845e6eec6516603273c |
| SHA512 | 2546b8d080bb52600c7d221bea4ced662765a989be6dcc59f0cedf7ee76c0fa731ba98d2f69270a06b3aa55ae3b9cd0ff7423e8860e3aa8a47e3baed9ed61051 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | fb926d443c30088e87831216e947ee89 |
| SHA1 | f307d36dbd7e1312fdd76ceaedf584370ec8041e |
| SHA256 | f82a45e256f7fa63606f8e9e1fba815c306505d25d4ac3232b9a1647b26e2983 |
| SHA512 | 5f61e31612974588860a9d478e635f99b106861378e02f712c39e5363d6c203f9426aeb32db9e26cb16728adbe9959412b38e691d0d572d58a584bb1cf500137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 994520a1cd0c75b13a7041a168d98613 |
| SHA1 | b75d485cb72675357f3a6a889e34c92a3bdc2262 |
| SHA256 | 9e6a4fb856e05253d77df89bfb3950ffe6a26cb6304c08d27e349eb54f3351cd |
| SHA512 | 2b0300e8a7805a2d8ed9382ddce4d5262ce6b41d7b7210faac2a0e3f6eddde305f1021169e06af7994d4347fe4156ec9ba92d18b7db7a0ecffc5a540ec4a5e8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ee89a58c2a5077b74b4de88c97d85d1 |
| SHA1 | 5da2f83b4b3ac54d4947ee87aeaed6c27c92a782 |
| SHA256 | 4e677ab2be6735add2394609d255f867dfc1fc3accf288c005c5d88c2aa0ce1d |
| SHA512 | fd5b84c5649ba0cd2a8c7de0844f54928f709664ecbeadddaaf3341645a50d2b64674397a0061ca8f350b271736246681c616578d7317c24eeee275999b1becb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 94b79e24245184c1fc8a5a76200cc029 |
| SHA1 | fd1da39f8c74b6fa283e2a0e20e69adb61ade335 |
| SHA256 | 4d0722d863c302cf6f4f6611aca3365338e69f4a5cd2bc507655e80d71777c90 |
| SHA512 | 4ae60c9a625ce83e94ef727d941969c404561213d12f36be4e6cf2b5e93736bc0a4f1afa96f3290de4033132e0242e7b1610225453a5f0db126d9d1c066fe124 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9965fb100913028d093730c98985d5de |
| SHA1 | 6d21cf88e399361e1fe9bc135bdca5716b746b95 |
| SHA256 | a70384a29afadade179b3ae52d3bc2dc3625e6c4a483f25c91ad27cca82ef1d4 |
| SHA512 | f38c1c64e217cb5cc80e1731b10a3c89eb77d836548091d31ce7b957876a9b35225aa2618332d2b072244ecd8134f3f8678fc4bbc1d3a47631f56bd83f2cc726 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e0667485fc0ffaeb2032e96d02415fd9 |
| SHA1 | 621ff0556230aaf0b734b84fa6ad5623c0e41147 |
| SHA256 | 1a22851b4627815f367c3cddf555940c37de681c639d61326069c11eb45ce677 |
| SHA512 | 535e378550db45525a95d26aeb12bde6a856e81d5b9aec68df2ab4e7c40a8dcf4d13eb843e87ac3b0ceb94aa6e6fd993ccd14bf22c938a15e7a5927523e6667d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e774d2c821c948d68e67b014a6372cfe |
| SHA1 | 1b5678dd5a89e6d11db1835d0ee202a29becd6e3 |
| SHA256 | fb4bde9564b6502add731cd7ef5d8b83d015b73dc296a099a63974512eb9f1b1 |
| SHA512 | 848a75358eb6293c2bec0f6d19e028256b2e492346efb69bb5273a8b6c7d930accaae0b75229b56c2cf375af0291040210ae993cb3db10d10d618909f5d80104 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8964c48862be7d263c22b8885e8e7dfc |
| SHA1 | 3e47e39894153bc024c6e3282a05c4e51498e502 |
| SHA256 | 0809408cc387c8e800362a219251b3ed922c789b3e1070abe1a6db5548099840 |
| SHA512 | abcf1deb3c3ad05f0174db9b81cb3a85adc39df67b8c2cd1791747675854ee0c8f59affc65cfed08b17ba0144db71014718b9a0455743397488b467b805a1eeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a9612eaae5492158d86b67f86fa77e1f |
| SHA1 | 2e4ea5307a3e61fec3bdd75647fd57e4c790825d |
| SHA256 | 57d1b0daa50e6ccc52957c267d64887679fc06674365d888fe79ef105773d480 |
| SHA512 | 1d5db23b170353d171630092706fa478d075ed3c3828f80a5c5cd15a5d7250259dd4ec4b303470bacda7e96c818f2d769203640a11c595552694b0b7d03740e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cdfadc614e0300a86a38d979ed91e177 |
| SHA1 | cd0efa733729e9954fbef8b66bcb4f57203c5b04 |
| SHA256 | 7e3d5a4124c3328dc14906107735e19f3ac809717ef5f60bebe41e89d4286a47 |
| SHA512 | e85155847e8471dba01790ffadda99cbb7eed18a54f7e80da65ede617dd696a6e98352d55de7dc2bfcee9346d6af530fc12436dbe877c1a82682d8a99e78734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 436b2aec9153472b234f2f52fc323900 |
| SHA1 | b0bfd67066d5d0cfe188dcc5b44b2dcf84c5be81 |
| SHA256 | ac4e7f2f5741487c952a076ce6f71f57c782a64d874843436fd0f680e4d57230 |
| SHA512 | d2904033368a7a584779fc44f9336e82f365fc9674e135c22380318d69654fc43d7c7dfc0b31beb6b78e215de6aaa6272f9f85f3badade3f712a7a9f2279a920 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8a1d1081685783ae8996cacebf2fe403 |
| SHA1 | 65bac61341eccd1ad890ae147f403eb449ea9d56 |
| SHA256 | 1f949dd811f838c22b9202055e2e3d8da43bd2f9e95c8a3adc53baa32651a251 |
| SHA512 | f5d55ef9d45ccd6d2d22581d8304b420083c849e1214e78a0d62c74499dea9851be57003738b2fe552bd817a3cb34fe4bd7da3e2d2ce0af4ca547d20047b06a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 3358e831188c51a7d8c6be54efafc248 |
| SHA1 | 4b909f88f7b6d0a633824e354185748474a902a5 |
| SHA256 | c4cd0c2e26c152032764362954c276c86bd51e525a742d1f86b3e4f860f360ff |
| SHA512 | c96a6aae518d99be0c184c70be83a6a21fca3dab82f028567b224d7ac547c5ef40f0553d56f006b53168f9bba1637fdec8cf79175fd03c9c954a16c62a9c935e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 9e3f75f0eac6a6d237054f7b98301754 |
| SHA1 | 80a6cb454163c3c11449e3988ad04d6ad6d2b432 |
| SHA256 | 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf |
| SHA512 | 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 620dd00003f691e6bda9ff44e1fc313f |
| SHA1 | aaf106bb2767308c1056dee17ab2e92b9374fb00 |
| SHA256 | eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586 |
| SHA512 | 3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0af2170340aca1b0ef1322e3e009997b |
| SHA1 | 74356503e900ff12bacea5b6d80a21664b36a2a2 |
| SHA256 | 553129ea1b4e262eeaae0c21f27e4cb57eb9ca1a16a782f1c5f9886ed1e2f923 |
| SHA512 | 07d7bdd3cee506d82ae4c2eca5b7dc9185504903004e2fc3a469825e53855b647805e245cd1305856ca1e11781aec79550ca84fbd05e19f33447c7280355b70a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b58985ecf3446c99ca1cf6df44211543 |
| SHA1 | 20c3a47a134afb17a851d70a1c3d938c81f8cb48 |
| SHA256 | 28a501099269b1aa113fcf2c40bc06d4fdbcab414c809c3cbcfeebc006f75f09 |
| SHA512 | 82f7596e3ea26b56a9aab0d22a415341d63f9e107781aa9152abfdf921faedcbc472ade03bd6b99603bf9ede59624b89be49746b0e98e77565a994d6718b8768 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae6ee8db6097dbc4ad3a3ec1b413fa1e |
| SHA1 | ceb8974e5881f2aa9f0104a5dc1c632c3063e5c4 |
| SHA256 | 063783564df8bfb726b2a53d898d8398ce175cd8e1b0e0c872a3b1becfa2703e |
| SHA512 | 013b5477aaf56b9626bc91dbb8d929657c6947545c0620b8dc9778b9b054f20b3a1460f16efa76bd7f6d6f1d9eeb2bd7ab5e835b9af365dd92c7e3a0c4e0625c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ce7ed7162d7802612a16a402ea803cd2 |
| SHA1 | f9ca1226665cb707286ebf1b03d579f08920b2d3 |
| SHA256 | 40261d79e9be4bbafd2280dc0f131e9b425c6a794c594968798b865cf2f6797f |
| SHA512 | 06fb2d1adbc77971be4283c64c1489b58806e6657aec4634f8e68aee5b3a2c2f7dd36c2362c3313da1893669aa73f22dfcf11a0c846b9e4f100e2e842d9ab3e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 245597e0869463d0bf23ea9b176d404a |
| SHA1 | 070e10058403fa8a14b131718c98c726819b8241 |
| SHA256 | 6e5169e8f0f9fb819d44d4078427046b90cbf7b054f0069fffb2b3bd6c04ac4b |
| SHA512 | 32e0cf0d2b48d73a40c1b6ec258de77532eba0c1c11ea86db7aeb0a07dbe08adfaeb47944658e372c764cd3cdf5208960c5e910eec8f68f4a41c280463b03018 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 36f326c6ea80af36dcd5d578669b4149 |
| SHA1 | f8dc3a1e7d2abfe6d194898ebed383c35f2c7a6b |
| SHA256 | 71e6743623bb0d4c8d8a8abf049d268600c382d88f43faa6531c7a9959ddf0c4 |
| SHA512 | df9acbed87ffa61c6f92f1a10e212a94cb63c5b55fe1f86b478e8f6f62985d5689470bf32cc61229a8f39a3efc87442709d571873f54c106138bf1caf9a6a57b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 86ccd47a464839b09fe7c56d89f2fedb |
| SHA1 | 14076738a7cf864920db97eab7d0751d4bef0d90 |
| SHA256 | 2b1b123e888a8c263499f7fce9bc6d1a74383edacc97cb5dd44f3a7d7e754eef |
| SHA512 | 7860722d3bcdf571fedebaab3a0725b970f74e3f67cfa1817a2b9fa90e5185e8c4ed8e0662441cb46958a1beb5b918e2f953f7bcd4e106d086cb7e42ba9dc80a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 52ad9b6ecd4fc15a3f23253cbbacaf36 |
| SHA1 | d6ed604b03e291cc4f2faf02e9ff62015bb7fdb8 |
| SHA256 | c170894d70ada9829080bcd88637def3d96fee35c0cf86900ef8ed8e25bff29f |
| SHA512 | b28f6e78cedbc7fef5585a628d5765c2ec610366861858ab85d8ee40aa4a5022ab26c3dfa299ee1c85fb3078dcdaecbca03dc536c0ca6883bbab31caa6f0fab1 |