fe6371034d55bb7583081b03f4aec7274f8340cfea4740325cb52e1c6ac77f6d

Resubmissions

25-09-2024 13:50

240925-q5l6bssapb 10

24-09-2024 19:49

240924-yj5pjssarl 10

24-09-2024 19:44

240924-yf3e1s1hkr 10

Analysis

max time kernel
106s
max time network
205s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25-09-2024 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm/XWorm V5.1/XWorm V5.1.exe
Size

9.3MB
MD5

540a501c683c91729e712fe83cf4e92f
SHA1

d426473f486cd7b46ec8d3bae4a3f9b42f780f89
SHA256

567ac8995973807a1288847d357dd8014118f07194a4db64cccaeab5871d54e1
SHA512

25aa06429cc1272c1932e543d41563905964ef2b7dad9e6b0a13aee8c6fff5a4a9e9f4ba023435d265ddb36cdfebaca8efadfd8e9a3918747e29a2764e09a2a6
SSDEEP

196608:fHMCjsbDbqTw0l1s3PIump2n7lpQutrONgFETLU6Jz8p:fHaXYDXs3PIo7wutrMYEB

Score

7^/10

agilenet discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

XWorm V5.1.exe

pid process

2076 XWorm V5.1.exe

pid	process
2076	XWorm V5.1.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral4/memory/2076-1-0x00000142B1200000-0x00000142B1B52000-memory.dmp	agile_net

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exeXWorm V5.1.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWorm V5.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWorm V5.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWorm V5.1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid process

4912 msedge.exe
4912 msedge.exe
3136 msedge.exe
3136 msedge.exe
3432 msedge.exe
3432 msedge.exe
2812 msedge.exe
2812 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

msedge.exemsedge.exe

pid process

3136 msedge.exe
3136 msedge.exe
2812 msedge.exe
2812 msedge.exe
2812 msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

pid	process
4912	msedge.exe
4912	msedge.exe
3136	msedge.exe
3136	msedge.exe
3432	msedge.exe
3432	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

2788 MiniSearchHost.exe

pid	process
2788	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

XWorm V5.1.exemsedge.exe

description	pid	process	target process
PID 2076 wrote to memory of 3136	2076	XWorm V5.1.exe	msedge.exe
PID 2076 wrote to memory of 3136	2076	XWorm V5.1.exe	msedge.exe
PID 3136 wrote to memory of 1324	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1324	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 1752	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 4912	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 4912	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe
PID 3136 wrote to memory of 768	3136	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\XWorm V5.1.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\XWorm V5.1.exe"
1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8dc463cb8,0x7ff8dc463cc8,0x7ff8dc463cd8
    3⤵
    PID:1324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,16657014073999408654,17697699516860868101,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
    3⤵
    PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,16657014073999408654,17697699516860868101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,16657014073999408654,17697699516860868101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
    3⤵
    PID:768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16657014073999408654,17697699516860868101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:1256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16657014073999408654,17697699516860868101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ff8dc463cb8,0x7ff8dc463cc8,0x7ff8dc463cd8
    3⤵
    PID:2836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,15975945907284615636,10028166045119410369,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
    3⤵
    PID:412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,15975945907284615636,10028166045119410369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,15975945907284615636,10028166045119410369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
    3⤵
    PID:4928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15975945907284615636,10028166045119410369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:3332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15975945907284615636,10028166045119410369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:3196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15975945907284615636,10028166045119410369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
    3⤵
    PID:672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2512

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16384fcfda5cd1c7612d72d9a15ac6e1

SHA1
d52b4e0e0aa7c738d9379f7274f7d753d3da68b1

SHA256
a59c5bb8ac5068c8a92d56c87dd60f93fc9894111d24f4a1f9f78039cd403cde

SHA512
bfeaea2e298dd4b7be0b68a18e3aff3ecb02329154795ef228d64aed4d5e8027179ec526a3353e1fc9dc8da57863f1c5ea836902e5ae5b0c74f460b648faa63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb0f4ae5d65be851d313f3ecb0980bcb

SHA1
248c99427b54d8fa86707c39d92540276b9ed2de

SHA256
0f70fc24e9118bea6ffc5c36e63610096bd4ba658feb8e93e8cd3a3dfc16ff76

SHA512
7195c890ef94269c545f1122b6dc9ee6fa2b3951c45fe0bace9c3c0710ee23974290c3cafe07faec586e0012e991b66f0b0aa84680032c425d8885ad1b16e17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
fe06639f7652d54a701fcad556f108b5

SHA1
10afbc27cc625126fcb91c3fc8ddaaea13045cc9

SHA256
70e7408538b3aa2ba65c29b4a340c2cf6248878be2e5d4abace11c7654393cd1

SHA512
569a8c65ea4b35c84f6546521770f71deb969df68266f6301a2f00c46cb4bf98e8fb088d56b6cdf3bc9f784a42afebafc49d7386c6410cfcfea25e2f9cf615fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
9b03a83b37d5ec903ec6efc7c9fad6a8

SHA1
ecbe307176debad10b00d4cb7a61d7bb0f0e77b9

SHA256
149ab8a1591db0fd1b6c23314e23ce6aa9bbdec143702bb83f21ece1a3e8e139

SHA512
337de7d32aaa6f7747032767d881d942a6d79ac09bac18385965c6d243f8277c287f4bb944606cabcc17a5c741507134051ca862381d3679052f8a5cf2bb705b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
72B

MD5
33da936e5bedb95cc12e6dfe211f51e4

SHA1
2de99303aaae8797f3ec2ec95c43442339b1cd15

SHA256
66704581d67524b90f77503b8bd8d7ae740fd9cd20b790c2619e41892391cd22

SHA512
8d91b8cd4f91659c5c1b93a93373f7f0a67f61b27a53aaf613509bdd6f9abf5f5857469986b473d135dd7b57c3db41b5d27b915655e984f77ef2b31b6ef8f176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
1b0d93c921667989b437817af64c4557

SHA1
147e929eb7bdf603e1bf045f25a5efe08d277a67

SHA256
0e64ee1e1cb7d2798f68270d0b8d4dfa492b5f31bdb1c7615de0b01af65969dc

SHA512
8d80889382db8ffda387ff6954a48836c1ba9e3d9669c1554291989e30845cc1f645a49867666f4a1536cb35538ae8b9196b5671dab996333df9662057dbe917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
442B

MD5
9bc418f640ba05b1eaed0b1bad49c8d7

SHA1
76d85a7bf48494e4f7f4066fd9b857810f8d4a73

SHA256
f6507d18ce3545b6cff4404ee353367bf552219dce625c8588a9b80345dd2232

SHA512
aad4b98dd56ff637ead8012257be12c47917631d0deea625726ea80634d7093d0d241a8107fb57b91a812d628f69417bc52f24e2a5e714261564428ffb7f2153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d8d76e609ec63a533857c8288c87aa2

SHA1
78526a0f47f42920b8b2ae04044e81dddf7b0e64

SHA256
ffee9556767742680b13170ada445804d1c2f0e231642baf45ea103852a68ab1

SHA512
7b670a2d049b0caac547ac2c485822051e8e197c7e03d67fcde5f4ad58a322d051308f268855730eb4b2bba09bbd9f7fbf271f91bdd5c63c15832954b5e8248a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd6fc0e05e65eeec21b1bb8aa7007be6

SHA1
df0496ea0c32b2af6f90e27d992433e3ba4c34f5

SHA256
c65609adeabaceada44cb6bf9cfe7772e79c33e5155e47fbe6c82b3bf337bfde

SHA512
9ec1bd77b17d883155723f162ffa1e0a3c20b087e0ed90e0a4de5739a029ae73385087987832f0c954b748ca81bb5a27002afeaeec79166b958a93c3284b64ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
584e119fc6aa4d6c79e2eab50ba7d871

SHA1
baf974a2a3b34869ae3bbc7fe062219eb780a3f7

SHA256
a84610abd1d1dff91381856bb97d017beffd550535a6032f0720e89531f4e5ba

SHA512
d37ebead46ea28f3cd730d2f34ec8e3716cf35335dd94f39415ec2598bd0ccae71c42d31c39af5a5a8316f4d5f89b6c6ddd949e899678316f60fde9fe0b52d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eaafeb49a2c7065ac410ebc13f3448d8

SHA1
0957506c33bcd22720f08fe5ab361f43fc19f95b

SHA256
5e2a95414cf17296a74e3673c9c95eb451a1c626f2524a46642802beba96a0fb

SHA512
b6c893528cd108383d400a93c0068de72022b4db3b48e2c4008b1cc984ec054718e540c0a8da3de4088e03574a9129235f6b663bb6ccfc8a303b6cd954daf396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
a7f84bf01d6b4aeef2ef9cdbc7659f12

SHA1
a01aa13fd88b702c75cf58f2b99eadb044413d07

SHA256
6f1307507f26f8414d65a8507826a64188cf1885bff35637b5617e689a3241ff

SHA512
103926c80e0b5f165914260499ac992c4686c216a6e6f14383943d26dd733aeede6c660f511f1f7f99b18b691a3e1dd434b97095ae7478e23b8c90d57d345bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13371745953131311

Filesize
427B

MD5
d9f7ece54052adfdbf3f5b5bfe3f7b28

SHA1
316564592b3b1f2b8d2e4239998e267c954e9944

SHA256
13777eb3fb7e857783eede91d55ae488218f7b529166f21b426db07343f85f4a

SHA512
edc5c9dba2998e3ea190b9e95c108e5c78c44d04e32cc40e5ab68a652454a3c1e58b9c96b6039e129d6b54ab2e2eb933d0fcdbecda6b619549b5b6b08be65d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13371745955770311

Filesize
717B

MD5
74b2ba7b0cb77cf540ac6f907e97cd91

SHA1
9cd62655d250923b9c98ba46435d2c5f8cb11b41

SHA256
72570706eaf35507dd10b4e60880c69d898e60518de40f85722cf2d0a9cd7b29

SHA512
fff72139c04cb083613a70d700321a707287b2a840b73d7289a8e4bc090bb917cedc46714f39dca15064d573ddf8497c2d4f7f04ad610bb2c7097fbe975709ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
82ec40c9b5fbc5a4e7dde5c622a97558

SHA1
9709e0ddd2d14e163497d880b6c0b8427f0b5549

SHA256
68da52116ba8a8f4f5c8d57a961bb9672558fdd6a3b02cffa8169204d088fa9c

SHA512
1c945b989a985e73d1d7844b622694645e57234d6ea1213b54bb61c3374c2226d4c79aab2a193a85c0d6f4f78f4d7aced5052189444814d311fa83b1b8f63e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
9ced6b0082146ac29bdb36a1ced4b2bc

SHA1
31629aa4827b586f5ec7fd2cbe2eaebb86feaec0

SHA256
391dd96d4a2ef045b5e73dffd7983db19be7e56381495e247d1571624c141418

SHA512
d690954dd3cdd12d1593c668ea29e4463abec27ff5f041a3ca9bae5cd0c783018fb98085d1e35a487435eff0305dc5cd123645cd545117edb2898305059b5d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
b52d75890dcb8e3acf98f9f92ab1e9df

SHA1
1c2ab82eb60c3a1ab8abbecd82db970a48271af5

SHA256
74e46be3d326b8d822eeb33367d70694f3ca50f7dffc81507c960cff2755f91b

SHA512
2aad16ffaaabdc89aba1206127916c1e0f34887f828203323e5163f04cf2c72b36cb2b88dba34713a09e3e14c8095025e6e3054734f49ddc2828f4fad93f8f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
b77c85ce78176345baa7ed4c9fb95756

SHA1
ed988c46d2dec4d5bc73b36197c3ed787cabfccd

SHA256
71299d6c44ca978cecf1aa50d7eb846493554f7057dbbdaa8b009400ddd9128c

SHA512
3f06a21aab1967ca0301e6be17f1bfa470b18d05a61760ecda9842f1966aa21d129c7fb71441cc9cb6289b042a29c54e6596bdeb08fec6025e94ddd849c0b479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b3d0bffc4cc94c87b8e3bbe45764d476

SHA1
2e07a36d4987969dba576f639c18200f92c1c9a1

SHA256
0ee5316eefc004503ca1ec165d83df6bbfda50bfceb093c427e332c74b16332d

SHA512
d34f65eb1a62153e4cb82cebaff3983b64ae32ec45ef31658177a1921b61d6360f73823c239d510ac48abfd956da89d905e1ec186b26827a0992a5e795f1aa60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
2f2cbf250720182cfcf6b23096fba598

SHA1
109472854195dd7b311958a6e67fe9a10fb8bc99

SHA256
fb5ebd6331e4e6727ed86410782ebc270f49125a1ae9633fe62203a190714f6b

SHA512
d75a09082b5493d3f5d17bda8c4bbdc82494562a7d70fffa354f06044653f71cfc2e2da817fc218f930fd705e0c688a95a1e6d6fb0947eb1e2cb8bdf53b4c794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f68b330452134765ea62837eccd0e6ef

SHA1
2741bd4310fc5111d72a362152b4ffa3c3d149a8

SHA256
9bf3571a248b8ece5560fe4e47322177cfde12288118264718f4ee637872649e

SHA512
14b825c74ee765127b4dc5941c90ebe5c3c4782bbe60b8672acca665dc26bfb661c9d3e4003b31aabb8b4a02b82b09928d985c0a0f9f63e27949bfd7f514a601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
931084863b60843da518f69f28e77159

SHA1
b02d827d787e1b2ad80423eebe443a2c0fc25c09

SHA256
8b18f0403fac9c323fc3c09d50f588201fe620f3ed29f07541fb6154447b553e

SHA512
6073b09c1935f6dee809db04d08b9c20144e236d0b56c4c8c897a3b1044018be3935884873ea721d80d1d63c82a86fa47daef554e2ec44e106b2139a097148df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bc75784612a149af0be62ab7cb8c5b6b

SHA1
8626c4d205f26a69d6103fe10612e0ad32dcab1e

SHA256
6adb05fdd700d25355b67fd8a3075f6347a0066b7f1025bab0b260b18bb5b7c2

SHA512
b1db7a9a40fbc6b0b248e74cadfddfc0892a8475310ee122a0bcfd87d5cf7ec43aafad301f4bd8706849d118a707511d6c6c490c2454d11b428df919b4f62a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
faf6a694a98c2230b7f416110d878607

SHA1
b5637cd373d5095398db6a73dbc2cd4de0bbd77c

SHA256
03a8939d426220cd7b77479fecf7199abdf0153aba74148db5d88b51d76f7859

SHA512
c0a4399a94dca486f6fe71226bd983c8f04d590ef1d1f6fe01466881d74f4808adb78d7f71463a404bf8ecce7ac1d66f0a684578cc802647bc1c5a1c08f7e33e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
8d2b676f1653b4eeeadabac04450000f

SHA1
52f39c2a7c6297c28ac7d6ae9ed14e96cbdafdae

SHA256
13ad517d34db80467b104c4d2887791ce9360c8eff53894b4719b9238d6fd3a4

SHA512
a04771baf334d37a79b268236f40b9fa3fdc8a8e57d1b90f6e98aad45cb959d4fab5b824084008554eb329bac60d4273cab205b01961c39bd4915d0bf59f8c70

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
41ce6cd728e8893a0387cd1d5aaf201d

SHA1
c6c5257c73d52968b03fa7a332f61f050229999c

SHA256
c6ff6212cd4c01ff44605a8339568c3ed2b9dd85c7956873ee9db592e24b654d

SHA512
73c40effe3fa0c521cdd5347e85ac142666a5a7b982d96c80f4c08c079d2f5a8d58c12644af20f27b8480040eb74b28d0696be16fc9566c02bf2d60d08839c27

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
9bef7c41d0bb3a44a18c637e03b43e7e

SHA1
f093796be97df77af8a2595d56816f813d2f6558

SHA256
ffb02e89bbf055faff78823c2dfff35172c48a095d8f698bcdb447a86408ebf8

SHA512
7f543a259b79eb4ac25db95bd1059d746acfc192f3d5ddb44d3a63990a2cd31d6b404c0ec3b659457de58a5bad5254680764eaa6a7f6dc35076971f2542750fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\eakSv\eakSv.dll

Filesize
112KB

MD5
2f1a50031dcf5c87d92e8b2491fdcea6

SHA1
71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

SHA256
47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

SHA512
1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

Download Submit
memory/2076-8-0x00007FF8E1410000-0x00007FF8E1ED2000-memory.dmp

Filesize
10.8MB

Download
memory/2076-0-0x00007FF8E1413000-0x00007FF8E1415000-memory.dmp

Filesize
8KB

Download
memory/2076-13-0x00007FF8E1413000-0x00007FF8E1415000-memory.dmp

Filesize
8KB

Download
memory/2076-11-0x00007FF8E1410000-0x00007FF8E1ED2000-memory.dmp

Filesize
10.8MB

Download
memory/2076-12-0x00007FF8E1410000-0x00007FF8E1ED2000-memory.dmp

Filesize
10.8MB

Download
memory/2076-9-0x00000142CC830000-0x00000142CD3E0000-memory.dmp

Filesize
11.7MB

Download
memory/2076-1-0x00000142B1200000-0x00000142B1B52000-memory.dmp

Filesize
9.3MB

Download
memory/2076-10-0x00000142CD7A0000-0x00000142CD994000-memory.dmp

Filesize
2.0MB

Download
memory/2076-14-0x00007FF8E1410000-0x00007FF8E1ED2000-memory.dmp

Filesize
10.8MB

Download