Analysis Overview
Threat Level: Known bad
The file https://gofile.io/d/3JWa0b was found to be: Known bad.
Malicious Activity Summary
AgentTesla
AgentTesla payload
Executes dropped EXE
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-30 12:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-30 12:47
Reported
2024-08-30 13:05
Platform
win10v2004-20240802-en
Max time kernel
1049s
Max time network
965s
Command Line
Signatures
AgentTesla
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\XWorm V5.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\XWorm V5.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\XWorm V5.1.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\XWorm V5.1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\XWorm V5.1.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/3JWa0b
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,6117060745227817778,4621486610449569096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm+v5.1-5.2\" -ad -an -ai#7zMap6153:88:7zEvent9827
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm+v5.1-5.2\" -ad -an -ai#7zMap27095:88:7zEvent3531
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm+v5.1-5.2\" -ad -an -ai#7zMap12625:88:7zEvent30060
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm+v5.1-5.2\" -ad -an -ai#7zMap17603:88:7zEvent30724
C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\XWorm V5.1.exe
"C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\XWorm V5.1.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,14110015758631363402,13970238306177659420,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2696 /prefetch:2
C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWorm V5.2.exe
"C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWorm V5.2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,4020583610792118323,12219565402513586880,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,4020583610792118323,12219565402513586880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,4020583610792118323,12219565402513586880,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,4020583610792118323,12219565402513586880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,4020583610792118323,12219565402513586880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,4020583610792118323,12219565402513586880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,7685712035911115008,8029323925392249701,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,7685712035911115008,8029323925392249701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,7685712035911115008,8029323925392249701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7685712035911115008,8029323925392249701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7685712035911115008,8029323925392249701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7685712035911115008,8029323925392249701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x50c
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cold7.gofile.io | udp |
| US | 136.175.8.109:443 | cold7.gofile.io | tcp |
| US | 136.175.8.109:443 | cold7.gofile.io | tcp |
| US | 8.8.8.8:53 | 109.8.175.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | telegram.org | udp |
| US | 8.8.8.8:53 | cdn4.cdn-telegram.org | udp |
| US | 34.111.35.152:443 | cdn4.cdn-telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | 152.35.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b9569e123772ae290f9bac07e0d31748 |
| SHA1 | 5806ed9b301d4178a959b26d7b7ccf2c0abc6741 |
| SHA256 | 20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b |
| SHA512 | cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795 |
\??\pipe\LOCAL\crashpad_4392_HSQJCLTDFAYXGWIB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eeaa8087eba2f63f31e599f6a7b46ef4 |
| SHA1 | f639519deee0766a39cfe258d2ac48e3a9d5ac03 |
| SHA256 | 50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9 |
| SHA512 | eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 097fbf839ffd909119b0ab729ba46dde |
| SHA1 | 82923e43b396f08a7c2ad88b5ca1db3473db3d21 |
| SHA256 | fdef5ae9c67096fb67f3d52fa33cef37bfe100eef0535772fad81f8ba19edac9 |
| SHA512 | fd706d254a10d4f4754a490b9314942fa694c420d973b03ff646e75c680cfb6bc3165185145178b304cffb3b131d3cbbea8bed70f66d75621df0e9835b79436e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ce793b8d7bbd86f1c2404427dcc9dfd8 |
| SHA1 | 65473e0ae8ed5214ccebcc66cb882913faf58eb1 |
| SHA256 | e3af3b3ea77426d79d5c32b4fbc23f46608c3c5ca0959406df7d056f59e33182 |
| SHA512 | ff409b9dcdff40563defcee224ed3e9d0a51db00489ae8632d0b043a3a5c906c95fa4ca5cafe1a0edbdd50265bcbdaa0c05d81dfefeefa23294924a3679f3810 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7852bcacf97b0c8c18860f300c9afe9a |
| SHA1 | adaa994ac09f3b6ce52c1ffcf35f438309074f80 |
| SHA256 | 8d0c0b1b2cad1bec7c5da1713227913ea42b9d73043a0a3dbee60dd2d15416c5 |
| SHA512 | e8c17cf260c7c6a0ed7f9187b50dd582a0884caab3ea9e5d0683066f1086f624551db52a69cc77a53d319133cb01b3d193e1bdaea4c0b5e7258ebd0b8cfe197a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4f4a2bb4431a7fa669e612484a9af08b |
| SHA1 | dc69d805608a7fdcc75f27b872040afb8df05c2e |
| SHA256 | 927455a4a4729740cc58b0d7462e59bf77b4bcbaf75912e48cc7d637ca9da191 |
| SHA512 | 6c562649141ffb4f2eb7639e0f62d111b40cb3d18143485ebbd214aaa0ebd29b60088e10c32d49fd5d96a030ebabe0c1999736a114673e188f97c174e75d6bac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ce64cdb53f2f2d73a730938f37f5736 |
| SHA1 | 567b40c3603a663e8bbea73d59098bb9b0984612 |
| SHA256 | bf4d4a37a57abfb9de1ea4a5a2c450fc2a6b04e50fbc08dcd883a94e82f1ad85 |
| SHA512 | 8f497d82015992c1faba59d82809eba8f8e4169d4be67711f49ddff0fba2eb17cc5d23cee68d8690edf49bd923fc6c81f6fcde55940429570e03fe6182a877e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 91ed9f28b3f1668a88faf6f08fea9282 |
| SHA1 | 3ea823aadd90fabb31dd0a70823162134adad3ea |
| SHA256 | 536d9fe29b2cee3d73b10145cc5a693af2f88a11e3c52b0d966403ab6244f3e5 |
| SHA512 | f7ebda5b53bea0902cab86a578c1c449bccd43fcfc98573a03e4b8e92d577df9c5f25b1aae56184c331028da3086d76b3d66ce8594ebff5ef8bfea85e604288c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1454c90440d232d67302f3ff061ddebb |
| SHA1 | ad859f94a86816fb6fd7fe603ac10ee93896a0b7 |
| SHA256 | 5cfe38be825a226049478c6ae85a16cabf8a5c7b732e1260a6b59442717dfa38 |
| SHA512 | 46c247bebdbddc12d129331f04e6e881aec5bc55aebf82b61433dda7ba1e5d6868e7aad13a1e460e1887ab904e604c09d2551955c2d52ecb10520f216eadcb1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7daa3a96bbb00e2fc776147d5c4cfe8f |
| SHA1 | d71aed3e0c03ca917b5058fda2a9a4a463e95395 |
| SHA256 | 7bd08e957efa4c8c3af2091ad532d39ee3f9480ebc7d0dfbe762aa8311c5beff |
| SHA512 | bb1064e428d23694374acbab4b8cb4419c2d85913c1085a75a4d8ac1861195ef05cb51286d2ce3af3b18dbec517d278d85f69f622ae678d9fb63949a4aa453e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 31faa8489b5c6524fb1620b53a0ecc3d |
| SHA1 | c4c7d737e44abca37fbd209cd9a59e6e3e9d7ea3 |
| SHA256 | ff9e0418f42f85bdd01f9e787d4a5f8bd2942f9bd0b6d463e39b4906c9253668 |
| SHA512 | 7707e0e83781606ee1aa21874052857c69f07a5cacf223fe3fed8e8eea14f8248a2a8054dd2400f195986aef43660150b92a9c7b09a62a5b4e902d1b8e8756ea |
C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\Icons\icon (15).ico
| MD5 | e3143e8c70427a56dac73a808cba0c79 |
| SHA1 | 63556c7ad9e778d5bd9092f834b5cc751e419d16 |
| SHA256 | b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188 |
| SHA512 | 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc |
C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.2\XWormLoader 5.2 x32.exe.config
| MD5 | 15c8c4ba1aa574c0c00fd45bb9cce1ab |
| SHA1 | 0dad65a3d4e9080fa29c42aa485c6102d2fa8bc8 |
| SHA256 | f82338e8e9c746b5d95cd2ccc7bf94dd5de2b9b8982fffddf2118e475de50e15 |
| SHA512 | 52baac63399340427b94bfdeb7a42186d5359ce439c3d775497f347089edfbf72a6637b23bb008ab55b8d4dd3b79a7b2eb7c7ef922ea23d0716d5c3536b359d4 |
C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\XWorm V5.1.exe
| MD5 | 540a501c683c91729e712fe83cf4e92f |
| SHA1 | d426473f486cd7b46ec8d3bae4a3f9b42f780f89 |
| SHA256 | 567ac8995973807a1288847d357dd8014118f07194a4db64cccaeab5871d54e1 |
| SHA512 | 25aa06429cc1272c1932e543d41563905964ef2b7dad9e6b0a13aee8c6fff5a4a9e9f4ba023435d265ddb36cdfebaca8efadfd8e9a3918747e29a2764e09a2a6 |
C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\XWorm V5.1.exe.config
| MD5 | 66f09a3993dcae94acfe39d45b553f58 |
| SHA1 | 9d09f8e22d464f7021d7f713269b8169aed98682 |
| SHA256 | 7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7 |
| SHA512 | c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed |
memory/4496-595-0x000001A593B90000-0x000001A5944E2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eakSv\eakSv.dll
| MD5 | 2f1a50031dcf5c87d92e8b2491fdcea6 |
| SHA1 | 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f |
| SHA256 | 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed |
| SHA512 | 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8 |
memory/4496-603-0x000001A5AF0A0000-0x000001A5AFC50000-memory.dmp
C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\Guna.UI2.dll
| MD5 | bcc0fe2b28edd2da651388f84599059b |
| SHA1 | 44d7756708aafa08730ca9dbdc01091790940a4f |
| SHA256 | c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef |
| SHA512 | 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8 |
memory/4496-605-0x000001A5B0020000-0x000001A5B0214000-memory.dmp
C:\Users\Admin\Downloads\XWorm+v5.1-5.2\XWorm\XWorm V5.1\GeoIP.dat
| MD5 | 8ef41798df108ce9bd41382c9721b1c9 |
| SHA1 | 1e6227635a12039f4d380531b032bf773f0e6de0 |
| SHA256 | bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740 |
| SHA512 | 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 646f0bd64ee1617c3f718bc49683b5d1 |
| SHA1 | c741146021701e98702d56f07c0487d3a3b387f9 |
| SHA256 | 42541d16c833118aeedea1bbb88654e957dbce1b5c64a0432285856cfdcd04c7 |
| SHA512 | 81dacef0781255647ebc77df1ec07e45c3297474046674ed0d8b06b68141a23cc63b8215b3cbc4c973aecf5d2f461dfbe77e2f68b8a25323e1c395879f48f8b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 5748a21b983862e597eef1665c5b2f2b |
| SHA1 | 70975d2e9131e50fb68c81191db0cb395df1b697 |
| SHA256 | ceab1ad0b13e21047a5653c2a2d448c3f2678d76497d3f84302611c9e161c9e6 |
| SHA512 | 1e46126ddadba45ac461c94502ed477ce56939fa3f97ff50ceef91c4304d33150a70a832186b861a611d86e1392965ef3d01251b0c69903ce3e4bff1549ce196 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 5beb396bfa9ad1806e4693634de865cf |
| SHA1 | 368ec38362475a3b6287e6f525d6068649942821 |
| SHA256 | 547c57d5da7d806aadebacdbeb0a1e328d6962798ee50d7493b808003de744fc |
| SHA512 | d9e435cad1cbc74632e4fe14934248972f4060482e5728d778395570f4fd84cd9e13850cd30ecebfa267785c27678f7791491f759a321b081b5b315a95d5983c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 9355d399f59f3aa0bbddf666284ccd74 |
| SHA1 | 63caf19423ab769f0c3d86b6f5fe81de4b92698d |
| SHA256 | 8ab49993e3c65350efce7bbb8977c058be5c09f3763c0f8fd52243ac9218eecd |
| SHA512 | a6a793e627c2f2fce36ae5e8fcfa4e66db6ed680051bad6a1360aed12608359aadb28320b94ab38325da41a88922de845d38454fe79f7967daa09e20ac7c56a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 863477010b6bd6f6145aa56c2ac49ed7 |
| SHA1 | f10716b893e93c3f35e5393c00ef092dd26a0ceb |
| SHA256 | 3058cb728a2b4dfa4590575482a6064f26aabe621cb206ab5291e111cf6ac997 |
| SHA512 | 11fa2384a4ebc9881a1572a28aff56a7ff7696d4bd96b7d375cebe22c219073bad071aa5be51596fef4a79f0ffd5d0fe5c64cb1777157629f23e07dcb9b117af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 4395f09426db53984536060684ef4f8e |
| SHA1 | 327612214c1a678b0fe02c32d2b2a542beab6396 |
| SHA256 | 9484101322bfb966dadfd9ed3015d8c6d172c4976bbc286f241a21c20cf64c2c |
| SHA512 | 1f8854008c930f7d7707a830bfc1df48309b3cfefcbec1ba095245cd103df25d6f9d584cfa4e7f1aa903c9daf6e7b73fe19d612220a23931fad69e296c1eca9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 7114e1d48cd3dc0bb7d7dccad9201e90 |
| SHA1 | 0ec7fc7b47038222dd4a8ddc6d5f7bb2b0a4cf24 |
| SHA256 | be725d372e660df874a3773dd31211ecb84592e6e21aa384ecec14f0bf597255 |
| SHA512 | c41ffb88589742565d19f76e4a95d809645b88018e20c78a83be8c14de6136eac340aae01b9649c30abd9fa1c0bc8c5e990177dde77193b507a42f5db6e187a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 4f0ee1333f73190775ed0492553067dc |
| SHA1 | df3cb0bb6f50ec2906e4dc873f6dd4559d4452a1 |
| SHA256 | a511c1928007af288d60f834785045da2ef16ef4d0a0f5c273c27dcbf7e41739 |
| SHA512 | 083b373232becf1bcb373f635af65292ef8a431d6183a04e740219de4b868d8954898770efd7ec26689f6493c5bf854d7bdeb73a7caa6902e7545baa5226bf86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9a35e10619e92fe055bc1ed9a2767107 |
| SHA1 | 9abb6520603eb621d39a8fef96bbc008a8df4f27 |
| SHA256 | 5906159de73933d3b5d0ca64cf4ee4504c71b4ece33c175886ab559f423df815 |
| SHA512 | 782cd307d3ab9aafb39bc1434a096a13ec898ff5b09478c60f6728f321cbb21a8c1dbd681b507cab5e632baa5ea4e2c31b99715c7ab1402dd27efc94bed72cd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 94c0c3e84d87e2aae6f332bfc1a49fc1 |
| SHA1 | 305054e0893010bfea0700b0592c8e4fb473170e |
| SHA256 | 20ddd45d6a4b967e2d926fa261690448b775626cfe57d2df37e43d9cb75d8404 |
| SHA512 | 0d6825e88c4c591dc5f3547434f37e93c3c67c9180ac395df2f1d5ec00c9471316256524dba025f5c9d5ee147a4937f00e6aee964bd7812cc64a5ef6730fa21e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369495690422955
| MD5 | 8353bbcf5b6c1921e58725efe2592c49 |
| SHA1 | 4507bb7ac98d113f573179d1a75704bb24fd6869 |
| SHA256 | 2d3a31b3980b4c6c0fa226487124b4ddf7fcb2298a08894276a21518d9966a28 |
| SHA512 | 7468dd11d83223099f293fd4868219d3e7fbaf417c80175903ec6b71e9f1e9ab41f27392e1f7fb3c33293021e720f193943f79cde3243f84c751ce807eef5e5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | ffbcfdda2f720487f501663d319a6a7b |
| SHA1 | 01f0b032239174f7c64f1074d533dea87833a444 |
| SHA256 | 759e84c0d27c995c37f79f18149590f65420940d6bdcc62080759d303f59233c |
| SHA512 | 0e9dc9594b79c9c7cd1c929b4bc613f5b5fb4bddb05e2b6ea2ba0a873d24a420f532fcd1efcd8c4992ed2d5737a9e9d1de1c6550afd59209760667c9bce0a79d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | a5d19a49973d5d65fc8e31edb3039b95 |
| SHA1 | d7b7d403bff46ea225660d351808f846c2480d76 |
| SHA256 | 26286314872b16bb45c641bfda01bea1da34ce5ebc3f655f1b1675ba16ad48f4 |
| SHA512 | a666b0d08dff4b3d581ad1a965a3b66af8bfbfb9ec2d9b002f7ed6dfbdeab3980dcda5b8d046a033a05a7d7aa9f2c0fe83a59a070471cf7bf46a787bd239e93b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 9ca22182370fc53d7084798984ed533c |
| SHA1 | d86ff5627be1a14ce9443503b63b55cf45ed9a8b |
| SHA256 | 5c5e100ed4ad6d38c9c63aedf0b2785622dd9222cdf00162c365463f6235d56c |
| SHA512 | 355d84370188769c9d529be9b746d89f99a1fa095efabf779065bd959834dc4f86d79e3cc667ab0401881cc686df8abe52b8c618d07f431ac6ecc1ec31706241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f58ed1d41b8d8afdb674594b6ed21c58 |
| SHA1 | ddbe9784825bdf036d0d65ffbc69c13c33da7a58 |
| SHA256 | f144437b9a3e9595f4b5074eb287242728b258da481dfd45ab3e349d19b392a7 |
| SHA512 | dc101f506c5d83056379599923924edbb8b28eb65cbf4c373ef30421723634114d2685828a15ba010eedf7863793133119906b04759e2dd7e343684e61b58e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | f36a04e9b266bad68fb142da1f179a53 |
| SHA1 | a6f81a483672057d321a39ac90b3ed7f3e5197e4 |
| SHA256 | f8b528ee449750cfcc1fcd1bcc4e98348c0d07a6200cf3f7f15519fbb2395efe |
| SHA512 | 4148fee3a7a92832fb444ca0cfba4e5b29bd61c97147310542b0a97bdbd8b18d57c441b5b8dce91e1f1d0f4d06ead63ce72ee48c2ac38ea184d36e8c7d9a209a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 88f71c2e1be1567f1c791d5ebc0843c9 |
| SHA1 | 0bf2b5fa376d5697563c957d1b254e79ded23984 |
| SHA256 | 6e80b1b651dc912b97303d4a89fb73d0e0de41632830b6fccaa2a81f64338ea2 |
| SHA512 | 1e9b20ee9bf8a023d15d5568580f9f4e5c0fcc1693da7cc2ef51fe9fe2d6b1969839253032bc114836ed7dd806df027da5fa0e9dbe555013ef270adfa34092d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | fe5a20b22877c519cc7df9029fa5b808 |
| SHA1 | 7e782860294e595e819050a815f244f483e73d08 |
| SHA256 | a7d45c0f0746d4ba2478b265702b4f54a0aff564102c791a6256cc090bc68303 |
| SHA512 | 54dbed2dfeceaf8eb0d90601a662e5a44a2700e66d6812267db2ce34a0c46de63c467aa092599bb59673330ca1e024695d7cbe49e29fd6bc36d52f25d85b5858 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | de095dfda1b5bfaaaf50d751b3d37dac |
| SHA1 | 7e95ca8d216d00cf028533a1ee390c7a26a37986 |
| SHA256 | 19eca2369f8cc61a54f1f285682bf544b2e18aab2ccf7a6b325890ecc54a2b87 |
| SHA512 | 462f4440043961d39df805d1cbebaa6792a162ad93206333bbb18a8b7654c48f2072d286a73a244d8d95d414798c80d2cb063e2df3518f572d1ee5deec71352b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | e8c04efb91029d15cab78ece786f87ee |
| SHA1 | 09ab4fedbfa08bcef5555379beee0b394161ced6 |
| SHA256 | fee47ed14000b9cad27605e3edd5f27646d1c8d907e5689d1652dc0ab07859a5 |
| SHA512 | 3620a20f0a741dbdcbb49f42cf4de37eedadbbb77460dc1d35e07713e5c831680b685cf554106053da39f67f65c0035249e7ac4097e374861bb960424ae481b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 9c0f938916277854cfc3cef52d3a5da3 |
| SHA1 | 8519f71150bf693314f42f3a78b5148b83459a8f |
| SHA256 | 05a9e2c99fd58d31f25f8281179fab97a21fcc264664747f6571388faaa72f85 |
| SHA512 | 77f796444aa3aff8e77651b7504cb9112543184da18f845644b8c64b6344fa824305194adc1dab6f0a7cd3a4c5fe88f43fd3b5164b69fc8cbfd689e733620bfd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 4a5a993c1518af42c852c58cd5b9ad73 |
| SHA1 | 8590318bd9f024a191618b27ec422f62387fa4b8 |
| SHA256 | 57b039f916392fb85cafe81663c026ba64ef71120299454a846f2099fa6940ab |
| SHA512 | 3a7e1ac2e015894c0b2d5c3a5e66f8b287eeab550c9bf0a83e2e3171c457cff3deecd73b4f39105afaad140ad5ff72a99d23a16283a287a2532edd9a1a62e483 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | ddea5263a6452477e6b20d4e8da99ac0 |
| SHA1 | 305b78c6510443fb08691f95b6b57ec39e760a34 |
| SHA256 | 99cf2c6754bbbd738b63b3bdc045ffa545abd534b37810cd16e09bc0934a8215 |
| SHA512 | 77fd4c6f56b7c3dc4625c6ed4ab85909e59c8a82855c0f2f38f05d4cd421dbd820686eacdabc45d939ba431508ca65be45481cd0ee6f69c7d2db6ba454103fed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 6fb545ce54aa4bbe7f518acb75ad2b63 |
| SHA1 | 16bc653eb2769c057a10f24767fb85eb4caa7ae6 |
| SHA256 | b7aa397ae1dd1a558a197c91ac7bc4a3909ecdcbfbbf690c1e6aa492d14311ee |
| SHA512 | 9b570e8239310a74c4f6e72b2e235e974b38de521d6b32dbbf2a5f80bb0413ce90ff52e6e484e716324e70ba4c8b7b923215441c94979d3710a8a485bae10f38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | ab1f95a18bd1d246b1228cc3a00fdd4c |
| SHA1 | d94a8ac58dbbd27c225eb279f1b9f2a99adecde9 |
| SHA256 | c3564e95aebf888e543c548721503aaba115c738cfceb40b0f38194724127599 |
| SHA512 | 25e2921617f1f9e75c28a3bd080faba32257d6ec7cfa0a09e28cff9215ba1dc6ae11d8a9bfea04f95d0e4326f6fd185f7550b09737aa4dd369514dae4f59d30c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 1ae105682cf9d2ae3d9d4239c08cc54d |
| SHA1 | ecc2309ba271de5d9ecbfb72933f14667059d94d |
| SHA256 | f709fc7130d382d0a302ea4bb4aeeafcaed72aeb3da99b047ee68447ab46e30e |
| SHA512 | d2c918e73ae5428763c8037a260523d8fcbadaad908fa25d42dc03b21fedeb81d8738aa9921a97b08ede5de1109017ce8e599a70ccc318a58068b6db3314e448 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | d4a5116eafe659437b7cb77a8e7af40a |
| SHA1 | adca61bd851a92b30d9ea2368fbe8d04b7674150 |
| SHA256 | e350423b43a46b53a9fb64b6fc75f63746936430bafcec469fc96b9598ff9907 |
| SHA512 | 8b5be021e45e550c70dc1c41b1230e4eba429a81e08651fc9978912ae3ddaf309f0386a1d42ae3857870a2bc95e7bc20fc57eed47a756fd3b2d801b6947085f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 7f7ff60d60bee259b68efceb727265aa |
| SHA1 | cf123d582ae16c58ec1dee8bdb184e0ed702b2b1 |
| SHA256 | 2b3fe68483c17616d634dc65e30637156f95727136835acfd6d4d34c4e6e0ac1 |
| SHA512 | 2fdef8afb6c50497bd5f14f58cdd267b4a22ce4e32a9fc3c402ec31e03681762bc59058ffc929f22fce8bfa5f0ff312f1f32b37d06c67ed2671b9624c6abd015 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | b1963bdca33eb2f813628dfcd8de8c99 |
| SHA1 | 0101500b3a21f93ea3d1980ba2b6df47ff8baac0 |
| SHA256 | ab38d489c7f3f1b47d4f8966fdbafc36dacb6b562d4ab8f8eacb7e54d8e63ad7 |
| SHA512 | 8f9a7d8d918466dbbe11b40f81be5c70e2b5a5df92202b5fc907425f30bfc4384761428347dc2702d6e98c62a2608aca8414c72c4f15da7dbf8e5de490d0dd9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 25ebc1382db718368414213d12cc2ed9 |
| SHA1 | 406ec81e26db01413b2b921c0ee4fdca5b3fda53 |
| SHA256 | c21aad5c01509311fc818e93b159b10e878105ae235f166a361ddaab6c9eb002 |
| SHA512 | c75c9d04b4a5fd317a0473ef711a8d990085b2a770d80765b711f296949462dea3048def0189fd907a17dcf91e5dfe850d824b7e02ed69e846a99356d83a4d37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 3351aadaa54fd8eca3c3905109e336e6 |
| SHA1 | 59731a3d784298528a23dfa6a8844bc376636edb |
| SHA256 | 58e5e82fb3a1aacbd78018b6e24564a589574f5f2f74db309fea0e495070b77e |
| SHA512 | 22015f0afed4c6699ccef7ee7913f9e9f4d9a3010cba0f94368e23ec5db654c5a19102e437afe99d1e282b2cdc24e6116072e37f80583f7be258ec713dea7432 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 1bb24aec0b2ba7f9821706fa10fa8593 |
| SHA1 | 6a1044b5b6b1e8869df7005a09e708b83b0c70db |
| SHA256 | bc290c4a5bbed5286e2ce1f5fca5cfe4d4016be403d20b4aa959f725d15d197f |
| SHA512 | e75dbe3cb7c97ba4ec55807ee0ba34a9649c1d8cee902b49f3527070e496ff574a92e9d2e7eaf1afbe82a3bed3667a7f65c60f424ca45f733383034885ad702a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | bded76f0d682e868ae434b4966eab5d1 |
| SHA1 | 9e34fc08f102d83aebc4803f12c836e7a90c0367 |
| SHA256 | 41b7ccadf103962440bdcafc91021e22f5b750444e837c783d82286333ef8a4e |
| SHA512 | ed4438a89dcdafdf7bb7d09018ed1b5cef20334c15aa68fb0c43ce0d68d6cb8e8f47d575f142256c3af40cdfc027076268eb371474864ed86a48e912b378a195 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 1649f408dc6debde1366112aa54f751c |
| SHA1 | cc5e924c762d35cdcfc4008717615a67bbca1ad6 |
| SHA256 | a596947dddb76c90ebd9f2392759e22261406cd367ca605d973847f7def3e967 |
| SHA512 | cd58b5749e924f2f0d19bdfc754c46811de78ef3ef4ede3076e44a89c7d5a8499e3eaa26fa1d7f625e2ce7a35b1bdb49197824b4214028ff5d73bb6018672e3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0656ced8a71464341093c86e13c3a0af |
| SHA1 | 32ee3f441a1bc312fed5b6eacf7a09ac4e8515f2 |
| SHA256 | b17aabca197fc94ea281da20ecc44f89bbc0229bc1630e69e598e6853ed95fe4 |
| SHA512 | b40382a0afd161c6a76922bb4cdeace2ddbf6716e2b130432dd47e42167a93566a78090d4d7fc862d61bafb7c76ddb1ac4f5ccaadc6b75775eb123061c78e445 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 023d0f00af5f2112059c799605b382a7 |
| SHA1 | ecac15c87e0e151977877553af2b456f94b53b20 |
| SHA256 | 6a36e2ea697e38f89739f59db51d9f857f98cbc76eb2c30bd035f449a8ee233d |
| SHA512 | 189620cf1f0f3f236d99a8116198f12942c51d034c74291d81a40ff553578d242a6354593c5a2ac72757214ffd4148b92fabe2369dd5793c14f39cb911bb4fc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 33e61fb1109e016c1972573dfffe62fa |
| SHA1 | 9ca470ad401765b326fc088e79f8080bbfee6c96 |
| SHA256 | 1682938ff98ffbd1969933e728ed7e5d92cbc4bf0a6e34024895cc9ef59a5070 |
| SHA512 | f681536e718f4f6f10edfc26b32a95b0b78aad694abf39066fe30dad2b90989016ed864eb5951d3c6fdc3b0e1790553400535ab38d67c78dd6f05155625e709d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 499f9a87fde909de3090059c1560cfde |
| SHA1 | 1d396b2ac1dc874c69912fbc973f6c4b0b4525f5 |
| SHA256 | ac0212785c3d83bbd5ab8bf7350205861cae5f0920c632db2f1f8394d4b2531c |
| SHA512 | 880dea368e92f98d528c67001dc5ae39e5a69189aeee71d0c204a324fff547888d4b149492665e62db79c2cac62cb68cb0d81ec014a4eb4d497f6be9e19483e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e022d0dbd8732f76ea8aee02a3897902 |
| SHA1 | 3bd7ae1d2cfcc80bee5bbd2e1cf3e9a507663405 |
| SHA256 | 046c6c4048b4ffa03e768f8dbe5bcc6363ac41e67440d37fbf2526af148b9776 |
| SHA512 | 8c9eb968e3d23441fa8904e0271b8d4842e644607572f09cb6a5b7ad0d5124a072b58e16868f9370cc9bd803e7ea09c1930cb7de1d1cca63f219da2929b3de9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7b94a269abbe1cf59ddad1eab69aea46 |
| SHA1 | e4a64fe5c4eb9075a948ab49851ca77916bd6b91 |
| SHA256 | 18ea3ce3e12d76b033980e04afe4c751859d864aa6ef8d04cb5056ba9a8d8920 |
| SHA512 | 29f0fa597d4c4b65dcfcd524c774283806b2db91f141b6b019796e2a689a04576d2bf9437f758555fea41f83f53c19797a70fd7e8c682c0a24e7215d5a710cf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c2eb6eaa2fc525da0a4f00378ec123dd |
| SHA1 | e697969573a5576544731d1b3f7b59b9e93178d9 |
| SHA256 | c391e0d58fc57c4d31ca04bded00edef8ca1896bd9d917196f638ad4b600389a |
| SHA512 | 752df40e7bc07d3a2638f8789b028a8cf60354e9615a182810e8726869bd6de8524bdce0169f0e696d4b64fa5f3f2a658628242c18a96bac2d6e1a31e83c8c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 5a4a9aba26358b5be3f14dbfb0a96058 |
| SHA1 | 549744712b77fae249d5cc530524a06492843542 |
| SHA256 | 7ec337ed176e27269b82608f9e7f1a7f9efda268a01a09f512dd2cfa7621e683 |
| SHA512 | 307a29b0f92268a634168b97318568523b9164143b55a06c539c538caa613210813a00f083a2e7ab670ab643320ee8c7f31a78cc598c228656ea8fb63f5c20eb |
memory/868-860-0x0000016557950000-0x0000016558588000-memory.dmp
memory/868-867-0x0000016573950000-0x000001657453C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f43cadf854f0194c3c795c38fef8f03f |
| SHA1 | 12e23328ccd89cb13c8486ec4a8a295e22f6c25a |
| SHA256 | 3e865e079793509b47dfa42710a6f874b83aae3c2387cdd551b5357ff5468778 |
| SHA512 | cc31b27c200d403b561ea1a73ee2aecd4cfddb009a62587a19b286d8177c95f89ffab2119f3637f38c2b5d50670ece835133edb1c24355a99367a557cb4f5fa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8cd055a2-2c5d-4957-98a2-fcbc3888b990.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c90474c38ba0a42ebda3ab9a1c050b9 |
| SHA1 | 3ed108761437aae1b2fc1907e7eaeac3ab3fcb15 |
| SHA256 | dae46ba5299b555924f7f966c4f635edd976678b4ee9f3a4a9e175ce42e0952f |
| SHA512 | 355beafd77213de6a8e8629498103bb97fa298fd4f9e3485bb566e9a5f7bc508ff3567f85ee9304c471004b6ff0cd437a28866bd75f6e1bb1a15f059e0b32a8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c41728e5a0203e72ca06b469ead1a2ec |
| SHA1 | 0bc8b753260b19edcd3ffe2d0e27bcce6e2132e2 |
| SHA256 | 8e9f9593e77998cf32c0adf7b8a11e84f1ba442c1cb401568d37a3e18a97f4a1 |
| SHA512 | ccab2996f082c7d145dfb8c8f8fb9cd4adcea54450ba8314c84e059469a08a72096fb0197bdc323dc8e903f791076c8a260c1430b5bad88f9aa6eb1572b56f6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0cdd51dd679969390aee9c9ae34130d1 |
| SHA1 | 39465b396ef586b8e0f234d9f3525949195541cf |
| SHA256 | 9974cf057bbfe87f819000c8315f1c75f23d37c411959552ab9d79e2aa29863d |
| SHA512 | 96614b5381a13f2fe813a79d6a781cf31722511bf145465e714d0b4c4e93c3b8d65626a70e44bde8cc819d8ee02f587ef3dc41fc8967fae436d28e3c465b9e28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4f326e1649f463c9219958ab35d2955 |
| SHA1 | dcc6b5be50826a06b2f7db3a5134b7f6c157d869 |
| SHA256 | 01b1a08436de09b71c07dd7708283f4e53dd8b9d90d3ccd1bb8e529a353f8c2b |
| SHA512 | 44dfdc5d21121b649e6fac21efe41b4b5bf2f8eb3301d653b16a5307edd16cbf0990ed95f263d19b99759ed29aa014fbef19fed8c822349dfec4f2647c00a57a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 57c54250569917882bb773572efc8ff3 |
| SHA1 | 6dc965ae1e50969e93c293a24d9cea55916d3f8c |
| SHA256 | 8a962b8c4fe215fd3d3578dd7ef37211091f1f57920d26b5b0b9630112017f94 |
| SHA512 | d8408d2ad1fc8e9d9137f2bf6e983194dcd698e15cc81900c7ba41a9debb86e93e4119d6921fb6da0c18d0291116c291cfd326e39cd916875b8c631b88c1e0bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2f206768b433c0ce26fb9e6fbabe484b |
| SHA1 | 2ff1ba92cb52463508510e00d782e186a4e7fcc2 |
| SHA256 | 6d0115a78fdbda8c9faea2ccee1151514722f8f45e62f3bb1bc34af647f55da9 |
| SHA512 | 397d3b0a378807e47ed4a2e3a0d12dea0ddd3f68cf16cd6365802bad285efe547bab83db5b675464db741995d308ca7e18674936561d33dadf70e9fb42147e72 |
memory/4496-981-0x0000000000940000-0x0000000000960000-memory.dmp
memory/4496-982-0x000001DFBC820000-0x000001DFBC862000-memory.dmp
memory/4496-984-0x000001DFBC980000-0x000001DFBC986000-memory.dmp
memory/4496-983-0x000001DFBC9D0000-0x000001DFBC9F8000-memory.dmp
memory/4496-985-0x000001DFBCA60000-0x000001DFBCABE000-memory.dmp
memory/4496-986-0x000001DFBCB20000-0x000001DFBCB76000-memory.dmp
memory/4496-987-0x000001DFA4020000-0x000001DFA4026000-memory.dmp
memory/4496-988-0x000001DFA4030000-0x000001DFA4036000-memory.dmp
memory/4496-989-0x000001DFBCAC0000-0x000001DFBCAFC000-memory.dmp
memory/4496-990-0x000001DFBCA00000-0x000001DFBCA1A000-memory.dmp
memory/4496-991-0x000001DFBD7C0000-0x000001DFBE3F8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6ee77096f3c34224bc57bbc11a3614ab |
| SHA1 | 3701a682043057b377c48d4f3a98370890a9bb5b |
| SHA256 | 79308edbfb7a247b7591abeec2182aac1affcd6bb0ef1a12d11f563490e9ccb2 |
| SHA512 | 1938a0ff4707b5b7238bf80da8bd1d094bc7328158d64d0ff4f148a7e3c09ef6d687bf925f8b134d6547ae1e39f584edfd34512822a5c9da48759fbadfbae2be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6002f6e6c9c462d18c0547c9c692e2e0 |
| SHA1 | 24677bcaa95c249de62a9a1ecb7cc0fcb6fb1a3a |
| SHA256 | b9448c4e8478ea41f0651bb66a0241e91c52acb4c833e1c7c664bcf854872574 |
| SHA512 | 7d34cb0743105b96adb1d3d97a857341012dfa1adbb59eb0654c5ac887f852380185f449745d6cd8eb57d6f6f6253ab24d75e43b1905e902f8201d7a8892720e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0fb607a59dfed34fd4345ff260fde3d6 |
| SHA1 | 9c84c811709033f17e6d19761f543483a12fe8e8 |
| SHA256 | 3050f7f5d47d1adff941f1520adfd69b6e2e896192c5880317c83c83a2981c10 |
| SHA512 | 9575663739f340ec65750d003e5ca860501cfdcd5e104377f7c9ac7390aded09f161be21feeddbf2467ab7781de57a796faf80efb154edd11d123eef54f1a1a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | b7d4fbfdc4118ad8a3b738fcf71c4667 |
| SHA1 | 477f849d82fe67ef85bd0c63018fdf2e71ddaacc |
| SHA256 | c169dc01d4e9c76481c5e1eaebc38a50363cba0e5cf7c77acc14e810e11945b3 |
| SHA512 | ffc469326159344245331cfab7e414cd0b0e1de87ceab9cf54a388a4e29068eb0cfe28422b5ba2f4463161c0e1b889def3383a28ff280ad4aacf7bbe4fcfcc4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d544fedb3e6d61d82682beb3aa51fe05 |
| SHA1 | 2c94e9598899a86f40f4ec61f7120b252fe10e4a |
| SHA256 | 70cd64f98e89d47e64f978cea1ebc9bd175ee1801f6dbfc211b6419253caa824 |
| SHA512 | d7d51e84897b2a857aea6bee5d080de0e37c573873f824b52fad2712f702d4e3b9728088374e183569f9059fd04802482e65b0923aec17685eaddeb4d708f527 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 166d2add01f59fbe6ba00a274b747460 |
| SHA1 | f05c489326d61792122d78f5a6f5c014aa1d92be |
| SHA256 | f1a17511a34804adad3ae9c3c724ff1577579365ce26eafdde7dca789d955dc9 |
| SHA512 | 4f6703e5b9f624161e182e1c9f5a1501dc8f9058e89c066c14e45f76c20e7ee37b88079ca59113de8bb08144af2cc26f1eabc425b29be1857fa35f5aa2c6a3cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1a6a3d212a7ed93e1026de7d5759e078 |
| SHA1 | e08830520c316a1710466d6ee46911ac041686ee |
| SHA256 | 147c26faa3950a97419709de3270ddb277841d4f96ee01eed3d6af4a052c72b0 |
| SHA512 | 6a6b8261da031a6d1fe0255c22667b584fe751ce849bc4f14f1ecddb0cc323f8bc33d64337871c95f75bdff4cd9a0340c1faec1b23a1c19c436d39ecca063d83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 0a40e2d33de4692813026102eac01dc3 |
| SHA1 | 16802224827e408537edbe933c8de8ab4fb631df |
| SHA256 | 4e5aa6ea5c74b61b33754e9773d8eaba29218dbee338725424207d77cbfd225a |
| SHA512 | 9d2877eae8b3c482c1e5dfa276162d6108d3722177c162331c9fb215623d072a3674ec02ad89ac1d0daed15fc0103bbb515870a6f63a0b7d0c03ca8e0beb343f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | e0cb0822af3b1f1200c480965ccdf7e6 |
| SHA1 | c74b68da4055f68acc9dc2d337a5c0ef8317154d |
| SHA256 | ec371d6b26e76911c985873871474628021f491a3b13b3b632864ffa67e95247 |
| SHA512 | 79e591042f3ff5eacebe317c55ad25fc7bcbd2f589c55b271ef8a3d9843dc497fbcccf60f98d3f01ceb03f28eda13f1d7f322a4fbc3b5c26c5966e5ac41b5b48 |