Malware Analysis Report

2025-05-28 16:50

Sample ID 250117-r3kedsskax
Target https://github.com/SmokeLoader/XWorm-V5.3/releases/tag/XWorm
Tags
agilenet discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://github.com/SmokeLoader/XWorm-V5.3/releases/tag/XWorm was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet discovery

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Loads dropped DLL

Drops file in Program Files directory

Browser Information Discovery

Enumerates physical storage devices

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Volume Shadow Copy WMI provider

Suspicious behavior: EnumeratesProcesses

Opens file in notepad (likely ransom note)

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Modifies registry class

Suspicious use of SendNotifyMessage

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-17 14:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-17 14:43

Reported

2025-01-17 14:45

Platform

win10ltsc2021-20250113-en

Max time kernel

150s

Max time network

134s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/SmokeLoader/XWorm-V5.3/releases/tag/XWorm

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\b9109e64-ef6c-4efd-b653-d1b05c519a03.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250117144319.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3982764349-3037452555-3708423086-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1408 wrote to memory of 2736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 2736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/SmokeLoader/XWorm-V5.3/releases/tag/XWorm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff87ac046f8,0x7ff87ac04708,0x7ff87ac04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7c57d5460,0x7ff7c57d5470,0x7ff7c57d5480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6204 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1401646383399026886,13376156682717229079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\" -ad -an -ai#7zMap100:108:7zEvent11881

C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe

"C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ff87ac046f8,0x7ff87ac04708,0x7ff87ac04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16270079831982038251,8361915650468426658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,16270079831982038251,8361915650468426658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,16270079831982038251,8361915650468426658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16270079831982038251,8361915650468426658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16270079831982038251,8361915650468426658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16270079831982038251,8361915650468426658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16270079831982038251,8361915650468426658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16270079831982038251,8361915650468426658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16270079831982038251,8361915650468426658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x120,0x124,0x7ff87ac046f8,0x7ff87ac04708,0x7ff87ac04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5268281899431690734,16886418294740717895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,5268281899431690734,16886418294740717895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,5268281899431690734,16886418294740717895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5268281899431690734,16886418294740717895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5268281899431690734,16886418294740717895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5268281899431690734,16886418294740717895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1

C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe

"C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x150,0x154,0x158,0x12c,0x15c,0x7ff87ac046f8,0x7ff87ac04708,0x7ff87ac04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4330820711889650223,17076851733356613582,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,4330820711889650223,17076851733356613582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,4330820711889650223,17076851733356613582,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4330820711889650223,17076851733356613582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4330820711889650223,17076851733356613582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4330820711889650223,17076851733356613582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ff87ac046f8,0x7ff87ac04708,0x7ff87ac04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11909792268178983140,6530085007386687821,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11909792268178983140,6530085007386687821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2584 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11909792268178983140,6530085007386687821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11909792268178983140,6530085007386687821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11909792268178983140,6530085007386687821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11909792268178983140,6530085007386687821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\Fixer.bat

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\Readme.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 218.158.40.23.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.35.26:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.61.93:443 checkappexec.microsoft.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 t.me udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 telegram.org udp
US 8.8.8.8:53 cdn4.cdn-telegram.org udp
US 34.111.35.152:443 cdn4.cdn-telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 152.35.111.34.in-addr.arpa udp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1ab523be0df47b9c44c0863d39e9402e
SHA1 a41f981235db6719a25988be3f650f0dd44c5803
SHA256 65223a518625d4525c42fa0a46e7bc62cfbc9f4eed6570a7c10f639ccbb907ac
SHA512 865d0e948b80b911c029f4782d31bed455d6ae405823db137fe5582674f556312db9182f04417f876a4c04326183d97759abe5b114230a939417c9fe87449e6c

\??\pipe\LOCAL\crashpad_1408_ASZIGIAGXICINQNN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b16630717cf81f638bae67ab57f5e76
SHA1 5767a40e7011584c074743df3ddca48d05c833aa
SHA256 687f4722fac01dbddcee3ad0b9bb4c5483d21a83538b049818fb3ea9f2b52cfd
SHA512 3718b25f887b0112db461060ee647ad4240bad91d82816e48659e15b9f1c94b4a637665ac258b025fdb6b3ae0349bc26802e4b6d8215846ebc01777ed5a6f771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0dce5dfc41da9702653d2a982c4ec72a
SHA1 2b5fa873732c14e5d28a4014eaa527d659a616da
SHA256 d32a83fb13d60def6fa3a812674ff535510b9291af9a17e773d3e60f637f4e65
SHA512 2b331f57a4fbe06d7b86d83ddf72e1bd210fee2622efe6271621461ab0dacbedf51b5f631f3b764d4ced75de34260db5a55867f440b6b79d1844c1af1dc9df55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 d590b705436b349074c9730516c56716
SHA1 545dae2c594f8dd63eebc19fabd55900b7a001cd
SHA256 da4e0974a427913f72174b1fa4fc560396d987ed41ed691409916cb42d914413
SHA512 e11e7aa45fe3b931bbdf7956379dc61f845e19a087eac8e5ebe4783c5ca3d2a602016271e8f1ea4bd2ef9dacca444b93f1fcab0373921246e2ed7350f48cb9d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 208a73a2c2b37bd699a70c17e7f214a7
SHA1 83632fd0908af4acdbaf9f51f5445eb5af70e293
SHA256 fc3f41d93ab73a36da52e7cae67ab4aa833c8f4c7ac7f8cff39bfa5ea0fbd8ff
SHA512 009800270263d81e7f670387c0be0a4d96153a51b446da9d82959210a94ed2bad48c984c9fb5ac755096f2024ceb867a740a8394c499252db55b6dcf5ecd65a7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 2fcfd6dc52a0300ba15708de82ff64b5
SHA1 75feff30cec9cc8c29fd50c79512ea8a16bf16f2
SHA256 a09b4344b7c373ca06126e718ed88b0bf735b9e392ea02ed7ed64d6f422591a6
SHA512 bc7c531b8cb1cf59dff3a7152008a2e39d7e74afa63707e4a8b9e1cae2091d34f81917b913b6d1c6b244ca2a80d3adc6d6e27cb97a2b15f332dfd2d3b697ea89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b6794359792d17f2f99cd84c06988a5
SHA1 87a69650ec671c65627914a020d47960cfff0e73
SHA256 8f15b98ea1604f92d759738f9df267da42b6cc68c65d69f63132a94c340b8674
SHA512 3ae6db69322d537e2624dd58e386ff41eecea445b33b310c38dfedf20850e797f91c3d9b651863e24c15396a38285b8e1d66ad3f446d2fee1d15c8f75040f204

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9d4e9af5284cd965c34fd936847e764c
SHA1 a4931f95501620f9bb1bac6488e6c23ba55f6963
SHA256 18684e24d79441db1467bab7ea79d53c0d4d5ad184830c2bacf656d6fee771fd
SHA512 0d8feae88397243f0cebc0c7be8a81b4e26d016e2cbcf5b4d6116beefee28811e450f9ac04cfa95eb1a6a227f52ed4b1e59c11530ee59f8f709d33343bcf9de5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 99315c72c0078122aea1e2e0e41a26e8
SHA1 1d04494fd6fd5bc394405c02e23f8df323394d4a
SHA256 2dcf01b803332137a3a4925f7fc2878c3c6b8be4be77ef359e7f658811446b97
SHA512 7a5404b86f6b5cdddcc12fb9c0f23f4264049ae784faf0be2ff16277eddc09759bcd4f62a6652c87f956255de49f12b12c32dbb5dd228cb99574a963c26ab605

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 565de294368b7211da1fbe6ac0ca3598
SHA1 f2a4b9f2652268703a66d9a7d4a8a207ff421800
SHA256 c9cd2a718db17d1d6856f48a1dd3a57b0cdba4548b0a00f344a19b46d074145f
SHA512 c397ad69682b91ab589dee8298479e73964bf15a24f7d8d80fcffa6ef8dc0407341b45ab24c3c25fc50e18cbb475a4bc8fdd3756ed8ac0c14cca826e7ac6a8f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e918.TMP

MD5 989859e9d0cdb38fe3f6229e9b273690
SHA1 2c08aabacc3882a2a4464249cf6ef829d7b29f7c
SHA256 ba271f1e1f73d257d988aada3b5f46256061d4bff84c538a03ec07859266ff20
SHA512 af45cdb327c932863c3a028e1dbfcdafc4c992db38d9b2f1c841f08c7bb045b8db30e01ca9a31c776f0b158ea8b207c792fded3b1ae9759585a61e6734bb6f4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d2311a69e97f15952689e2f3b346d7af
SHA1 88cda3d912c31d71f5801b0e90322fa2d293534c
SHA256 af62117aac544b7228e2c1fc5fad9436ca9c6ca6df83aa9a038f0b40a13d595d
SHA512 1011993896790d66b4d8aa9cb49cbdc6eb9793b470676faded01cd3284e7ebe561caa46d7d516472770514aec11876557aa4cc2d6681e02c7b0813fd3235e9fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 c046a11b61b9ec57b4a9266643d58cc3
SHA1 80b83dac189c6d99c62daa46cea8fbc24eb73e61
SHA256 cd2793f63765f79b7f36f3e10240ac186227b9f44c540df291995952446f637a
SHA512 12fb95ec3bcfac97c605019a365b287a96fc73701486d634ae28b65958071fecb9950aabeea28983b91d3aee9e2ddf6e8cfb07dc566f7a839d508b6575610db3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3da894db549e1da4d76df54f9fb24a08
SHA1 94778f2c46b6545c1bb731b81b5495a5b86e84c6
SHA256 1c7fa3d0569b4b7c6fb264d2b05a7f2d191dbcefae62cc7096fa1c90b74282f3
SHA512 85e152ef6677ca73ab8d6e28f458d3739258581d13490d12491b163e73f4725b058f06a8d4b1dab9636935d436c5dbe2f8056e9158ce57b7f2e609e77ccdeba7

C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin.7z

MD5 187b25b9e02c2b5d01a70d9d1855dd7c
SHA1 d0c7d39012ad0507239a3b060ea42cc13b22eb65
SHA256 f26803b764a54a90852b7fd274d5ced7a8a58f1715d3ab4b96900ad4f9dd0410
SHA512 bea5cec59d0ebee26a71c78dc38da47a25ea7932d119868caf82b5e4bbbcecd8969abea80ad41b65352f264ced33c457a041c0d9f321c272a8f913802ee254ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 586ebdc1182497245902f825610bb301
SHA1 7a868bc340205fdca9e9c68fa86a4463c16154c4
SHA256 060f4b1144f7a26873391a8dd3bad51518160c98d3c19cddc063c8e37d404fed
SHA512 7e76f09aaf93e6510f39112ac46faac6d1c68be9781725fc1a845460801e6a713639125f897df8bcbd25492b1ed5a5e1fb9e870d5d7dab7181e268329d137ac8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b981d6edeaa55a2acb50ce8353575446
SHA1 5c68f13ac3a8fadb422466809c86b9fc4236cc59
SHA256 882559a814c890795c990cdf85c3b57dc6b0294ca73b8968e9f033170346642b
SHA512 b271df5334bc75f539e228f9d46d2b7110b5fc889863072a198e056475184b489b66d848ac229278d0f1f8d05b5339a47c2624d661314f17edbb14e6c0e03c6b

C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\Icons\icon (15).ico

MD5 e3143e8c70427a56dac73a808cba0c79
SHA1 63556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256 b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA512 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe

MD5 897201dc6254281404ab74aa27790a71
SHA1 9409ddf7e72b7869f4d689c88f9bbc1bc241a56e
SHA256 f41828bd13a3a85fdf7a1d688b21ce33d2015c3c5f46b4d92ab6ea8ea019e03a
SHA512 2673cd7b927ffc22f3a4b4fbfcb1b4f576c416d67168e486e6d79fdd132129c9e244e36d7b7883a4a1ed51e993cc4384bf24f2fa3129584f2bd43fd16042de20

C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\XWorm V5.2.exe.config

MD5 66f09a3993dcae94acfe39d45b553f58
SHA1 9d09f8e22d464f7021d7f713269b8169aed98682
SHA256 7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7
SHA512 c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

memory/4392-526-0x000002D4ADEC0000-0x000002D4AEC9E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RFZzY\RFZzY.dll

MD5 2f1a50031dcf5c87d92e8b2491fdcea6
SHA1 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA256 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA512 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 65c3b64240b9eb6ee2486b54ab248f25
SHA1 f022ed1553009970213b7408d183705e0ce1404e
SHA256 d9a170b5b60946029382a261ac9904a6e3a64fe6841d383555fd962c863b81b9
SHA512 e27d7bd1b65e1253b7d2ee8c76c1c1649a374289174aa32234898a8a6afbb23004a6c86c744b8c0b0a5fc37eff78ab2efcd0e8f9a2392940ce768e4f979ea6c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 99396cc38e3373bc68bc0ee991d9e5cf
SHA1 d6ae26e380d5716a9f0e700731e2ff943f1f6d0f
SHA256 084161e85c0b65cfd18e8b47e762d9f4308077fb3d251fd41e1dcbf5a1308ed8
SHA512 80a3d3ad68eb24f90966ed1c73dbe19f724c9df6881a8aad54d2a8e1c51f6065f855b49305859aa1b55afb006756db87ae9a173df1bbf80048f05dae44c6e3f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe588fd7.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1b92794633aaa7d8ca83e408ef516a36
SHA1 4ae0678d6cf8abedb3e9819fc9d7d715d3f72bb6
SHA256 0ff76dc871bd6e59abe386781ef988b4c8d734bca726a4d1eb556d3d78f1e7e0
SHA512 698bb4adf1932dd48fbffb344b0053b9dc753b97a92d88a26341e0c3b0fa2e03481c5193bd2b4a1caaa2aa2f00e41eae73c53aaadc1ac6bb8be17d0f229a61bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 c229d88ad4ddf7d9c29d635f27a6fae8
SHA1 475301d56b04075ffe14df17d8f43aa71c5b1d1b
SHA256 e40456eb8123f0a5978c5315f4a6ad12a471c6005c03943162717135cb728e89
SHA512 54f2df296e375379befe61e834a31315b99512752aa71ac3b33d2cd112f5f303a9014e3d080f3ad6c25870953482cb1675aa7e424c8c1fc2635602a2734c8bbe

memory/4392-677-0x000002D4CA220000-0x000002D4CAE0C000-memory.dmp

C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\Guna.UI2.dll

MD5 bcc0fe2b28edd2da651388f84599059b
SHA1 44d7756708aafa08730ca9dbdc01091790940a4f
SHA256 c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef
SHA512 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

memory/4392-679-0x000002D4CBA10000-0x000002D4CBC04000-memory.dmp

C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin\XWorm V5.3 Optimized Bin\GeoIP.dat

MD5 8ef41798df108ce9bd41382c9721b1c9
SHA1 1e6227635a12039f4d380531b032bf773f0e6de0
SHA256 bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740
SHA512 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 50a139aba944ca85ab4a0c154b01bc63
SHA1 e5b50e94fbafe168b3ece75fd6b750565c54f5df
SHA256 2653e90df1430a4f72648a6244c4477cdad72b6cdf600915ff6901239d3ff470
SHA512 cb041355dec7d56f1e1d3461aeba3ff54ab02bfb5249920e7cfcf669a4ccf72b66c0126abf867059c2886f0b2d0ca8764aff65a97e610b6ef33ef94b992333ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c8f58b755b220f4a634551a5797b3b8f
SHA1 09435372e22f454d940cab49884a779408871286
SHA256 bb05bdcde2b95d1f66a3e8870bfe2102995868c3d3bec48a0eff191810d0e38d
SHA512 6d92dd277fa36a0a6f1ea5d7f6569342bda164c27636ba645e69f205f16561fa754f16c5b1030abadf120fa1288cfee51a0ce267406df2721af7a6e17311b933

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

MD5 f222079e71469c4d129b335b7c91355e
SHA1 0056c3003874efef229a5875742559c8c59887dc
SHA256 e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512 e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

MD5 6698422bea0359f6d385a4d059c47301
SHA1 b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA256 2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512 d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

MD5 3a05eaea94307f8c57bac69c3df64e59
SHA1 9b852b902b72b9d5f7b9158e306e1a2c5f6112c8
SHA256 a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e
SHA512 6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

MD5 6a3a60a3f78299444aacaa89710a64b6
SHA1 2a052bf5cf54f980475085eef459d94c3ce5ef55
SHA256 61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f
SHA512 c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

MD5 e9c502db957cdb977e7f5745b34c32e6
SHA1 dbd72b0d3f46fa35a9fe2527c25271aec08e3933
SHA256 5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4
SHA512 b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

MD5 52e2839549e67ce774547c9f07740500
SHA1 b172e16d7756483df0ca0a8d4f7640dd5d557201
SHA256 f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32
SHA512 d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 da6da6248bb05403e0d05de63dadc6eb
SHA1 b8a42bc42ec8aed39dc930adb971e87d606bf24e
SHA256 0628c2e7456977f0ea17f65344c4ae0e79ddb2e2e7eef1b889e6533076f8935d
SHA512 1b390b90c841f60f805510ee642be2ab66a9d152eaf51ecf2f061e39285e7f94957f7501a732744583a00ca308fae976768faf5d20a9f9d1658d42cd4fb12918

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 c64c4276e70417bedbf12efbbe5c4cd3
SHA1 dc046e3547b142008531e6f676728e7d41e681ba
SHA256 fb20eb854ae41541f61568f9dfbb61af5c33fa03fd649360fb2ef4e6273bc050
SHA512 1a214db43d3ccab5e995b1078eefb613b3c8587bed1db69a32fcf914c6cbd0cbdaa20d5328a43aff1961a0db0d05e6a9a0d0611e10ea27aaf02fe755d3384605

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 35f6cdff62214c0b334b3387642a6d40
SHA1 cff9085556ede5d3b463b10272822bbd506886e4
SHA256 ec6e39ff5f7166c164a310ca620f067c9690a11ad0d025894d45ace92d3bb545
SHA512 a613fac87b88a53dc081573a286e91dc13175e27bb95ed7fcd3a4845908ec485eff8f1df3486881a44e5ea79636e6a232e2ab4d3f0d6ad0272f39152a0305dfc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 ada1182348330fb75262400746250ecc
SHA1 53d2c7973468516fd3e6e2e04f23697b6eea758e
SHA256 d69566e1a5ff6b0647f39612a7c9a9b67e79c9037624f94f8cd1ef1b94003a49
SHA512 a058a86983c55ff2bcd82372137a91df75d985bb85ce334883b0f948dc617c72a0745d40571380b34e3fb3968cfc97c5fdf607ffa1a89aed7e774dcafb1e742c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13381598657206792

MD5 c64e40c600b12a1d9ef20b116e3b78c0
SHA1 43b44d6705f9c6b3f8061c2e07623273059e7608
SHA256 a46e19c0eaeb84db61049fc14f95f377612759d6a7f8b38a3d87704c9d6f9bb3
SHA512 e17fa103ece92cd9fe00369f4f4ca7dadaed1761e7b808287f5bce94d97cb2a9136aa6f67687cab30a2a9cc007f0fad57695d6c6961643e6336d5a0b392e3eeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 321971e1f4408ee3b47b0482348d438d
SHA1 a7154ec604ade27083112a3b18cf1cab6b91f46f
SHA256 cfa683a364bc849081d32e6661e4ad2c911eb626133afcafd84c003b8fc54a1e
SHA512 015e2e774a9ed0fe11e2c06fcfc61c5aae1b71d4b45c0236480cf84c1c1894b195bcf783cacce8d3cc857ba15b07dc247d3aeaed94443c54f7b4b6df16e2427b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 4faa604b0a34956c898d2f3ad20f2f60
SHA1 f226b89e211c3c615d43d407f2d7667a1de5b348
SHA256 263e1a359aec7ac15257aba940dd9c2bef86e79d3b09a03a010d0cecd3f1e822
SHA512 1f38be7ab64b1a1b6aab5b63fea159d8d4601430609f654fad320c5882016a51c68ebd778882e3f950606dffc6305dc1d111f164c588fd783e47ec95ac4f4152

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 ac53f799eac28e0d89925ee5d17a6546
SHA1 7ac662a77a2eea52448ed6e619da951a4ee2b702
SHA256 e3819909204d1e99436296302321516b4136bcad09858057ee35a9467d49fa64
SHA512 33141517e756db3cd99d0734b8944bf75b7a7722f8ce52a31b739e3047264da130248d7219075593fc4e6216cfaeebf59659cb5e8b22a2e4749cf31e246347da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 b1271542a61e6c2cb7f59dc5fd564366
SHA1 f8be6dbe5976234b87b2d1fdae9117ae0adb7ce1
SHA256 0958fc53ae6088bf3a174ebb37de431f516f662f66b1962d1865de311c5d30fe
SHA512 ab502af2e4a8a55e4577468625fa0d420a436c477c46b162c0dc6ab0e12667bf5c67247ca356891f5aa0cd50138060fd28d02d41157a6efad91b99bb888737b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 8c93f7e92d17dd349cea168ff511eec6
SHA1 067281b8983bd35d393e179c302d0bb531f2a687
SHA256 f094ddc765ff895f9bb43d8a7984b0bb57f0eb47e6f36402669a03716d67d082
SHA512 5f9930d5a25a7d6850891722ae7c76a031bf1fa2e769b7e170b9350e8c23b3a3abb84bd7dced4ade8d2f6d756577a2aad707e613429bed49d68cb390098f7336

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 9c5b901eed6cb992e86c88e436d2be6a
SHA1 b793d20fb060f2d0f0ce2f3e79f56584af69f6f9
SHA256 544cd68234a9075ca9a14e13ecac0b7b9b4eadd2098081a41b155bb48fb03ee4
SHA512 588206241559d998884c16f38478e760d1d8c22574e802185f0cfece28c5e5838419c1e6fb6c668e42ca683516257201e2dd63dd4c47a7f829de767743094d86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 02899d020d8361f9084f37652458e7d3
SHA1 2197570256484472822afaa43f63cc8df845ba9e
SHA256 a26ee6e72417cee8d9de96444b49b34690d6d45cd77e9a4a6a15eebeb5f5deae
SHA512 16fae6071dd2158f2d2acea647447778d85b06c45de0232f9f67219750111745c55792b3655ad365d5f7a838c578a64e5f64a4b1ea8f56529b20067ffa1f1181

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 859f9ae8260d213c6f476943f5104cb3
SHA1 be03d5b8680f1ebeb98bcbe9a4f8e05d5c8545c7
SHA256 1c67cb840b49ae5e0eb1498b73d7ef3690acf665959878354f237b254e1feb1e
SHA512 63a5a96b35068bf700a15c1bbe096929eabde2b0066da2a9522d6d5f62ac8a1211683d33c2da5d0d1de54af5cf27c23b0fbb6c0dac79eda19b0bdd66ad4e8a41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 c14df533c2df5cbf184acedba0efcb2c
SHA1 d6e2596ff8deb9a84f6809048b271d6a888928d0
SHA256 76e643836388c407a686d7633e293123246ccb478627c51844f9710529f8a546
SHA512 612148ceac1984e5cccffe268b7d2338d59f967ece0aa1893831e55a3ef26acf6f0b611155fdf23d759d32fb84604024b4b2ce9bc966ca05c3859a5ae8abe83a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc18a75a9e62a6fc3eb54fcd44e9c2c1
SHA1 78345c7fc7937fb9e6c22b474911c767e1833e8f
SHA256 3175ecdb353a6e82839e69f8835e74e2a78ceeffdf42f0ee9e9261546dc9a98f
SHA512 fdc1229b59f25a7500e698ce65617fe1d9bb17610ef39d3938c9cc5c93d708839962b85012416714ad08b99a904ccd064f14dde86e213964c5b478fbae65d636

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

MD5 14daaab483872320e079b02498d8d3b9
SHA1 9e4d1ecc6e82b5592a910c32a90af5c466e82c88
SHA256 24791dce31dd3f1f5a8fa5cf7cd1ec7c5400c770f8e3a07be7eb344aa1092851
SHA512 02ee413be0c2a0c711df0335fb1c24618a33727200b35ab48135ac643e89444d23844bd21b8a3ba8a26ed1930354e7068ba997f8f38fb41923b79437a38a8197

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 ca997314db1119ccb285e19da0266fac
SHA1 e329f25b22d1de8eb6d9024f41acabdf0e0f6395
SHA256 cc16e4faca8acfbada02da1a5b967d225f73a21c1d5db8a2673828204f1b6055
SHA512 4742e060afa3a4c5233c23f5540ca0ed69503391257fcee92be38302143ef1e0b7fa648833d6151646c02772cdfc5e267d50bc060429292d32d49dac1647f0a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

MD5 f44dc73f9788d3313e3e25140002587c
SHA1 5aec4edc356bc673cba64ff31148b934a41d44c4
SHA256 2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512 e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e81ae6c0bb28d763fbc9d0e01eaec1f5
SHA1 dd78a211613217f0039479e53cb124f14e5a9a13
SHA256 f3f64b3f05b451b4356a97d7e597991c7764691cb9389dc871f14ca9fcfa4e9b
SHA512 afd8d8e7ed18680bcd414e7f21f397c4b4c1867d1be5feff867f81c0f0874feec508d9699be0c649c89485d7fcf1606cf77aad62296d2c36b06ebb2c6cece94a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 c5f9744f80635ed2360cdb742c1b33fc
SHA1 5b2d415d6e3e6424b251c56c57ceacaf26f1b9cd
SHA256 fecf2ccf9fa483cb34f485132d30cb34b8ab51fdd5337acf629cc6a4ada8e45b
SHA512 437b12d6055faa6a6d948e84ff92237c3b1b09fc3456066143245ae19c146c96d0753d332b5ab8bcce9f2831cdda6ea30b64ab512234edcee41ad6a252bd67d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 67b09b1bffab7cb8015bf76bdf6d4796
SHA1 d353623601b1e20c0f1e4fca363a50bb87aa0341
SHA256 b8978523e88b33ec38f39634cc9c57d85d4280f016732feec9513fab04aba2d6
SHA512 a08834e1a2dbd63e0e349ffbfdee06d3af60e112aa7536724552796011c82142c282bc16e53fdceeb46645a3d119507fb3c6fbf877777d42a14051850e80887d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0630e650a03afa2722ddd0a746cbbbd6
SHA1 d51f5cb56a8a5f2bc3c3a45534236fc1235cad01
SHA256 4dd0a196cdcc1041cd7c3592a99e3e8eb638c72a093f906b2647b0bea76d7d3b
SHA512 913f224fc4eaacfa8e0ecb59c2d9bd1c58ab84662b2f118f1cab96388e9d4e1da1756d7861fe58163ccc9a34845c78013bafaa81617b2afe8c93a803a7ba6a20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d215daa2f23402038d371ef5c1bd0c5
SHA1 cc7e091736913caca5a07396cda1365ca2809091
SHA256 658fdbb90ffd23b16c3cce2e92cb16476331f4976681c3d91988b125882c887a
SHA512 d22fc1790b0f7ef581c9f0df17db81c42bc41e00fa6d66fcdd2a77c49ad488bdee02988d40b0d72d1ac6459a6bebaee7aca43bdb1f006b5973d7dec4ba2faafd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 feb37f4b0c2a395658f261f5dc5ed8fc
SHA1 359acd08833fb5c38e4bcbe685a7af274d8e3805
SHA256 357e0e57a232a50da8e9197466bb4fc61295d5b6b05d93079472d7c3ee4e498b
SHA512 2b631a219358f1c440420e753cbc7333a361d60997c8abd6709a2ae7758a17b4b8cc645ede268f491a54fbd24f8c3205fb3fbd40abc3e7a3d60699a2e9609a7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 79e0b3ab4d7fcb927bc2c0b382d3ecea
SHA1 b70a73cb01ca1bcb6d4e5cf85385db8caa4385fc
SHA256 5387b1f353d606e26a61008849a208024d5fe1464e4823a7dad6b0b831480813
SHA512 dba513bd28b7b36b6d16ac3a0c906f7e5a62864418297e9956b5f7131a7e0588dc29d26dd7bdfb0876beb7d7a81e842767de9222dd1fedd96615c348f42996ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5e1f1166-2ded-40ae-ac1b-a5feaa4562f3.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0f7ab6789f3b5c763bfc58351c780cf1
SHA1 7e2a81fe100643923a03d9d01335c13a1fc11df7
SHA256 edb7bbe0ed169dda775c86ec329305749c5fc8de1bc8e0f157e4b75a27969f0b
SHA512 bebf487efb9fcd81a7ae93fa0d3d7b8fb95817209ab3f9204fd1a535dfbe0de0161b83c553f7445d9db40a32ceb26a8c6b68beb99b2eafb51003432c5602bd1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 598050472afe1792d72e58cd051a0058
SHA1 4b7238719450d34d5fe78605211ccadacaefa6c7
SHA256 a687065cad97c09117cab55527fea7a2ecbe3bacd00c40b6c4caaeceb282b9bb
SHA512 33cabaed450a8bee1cd4af0d368a58321318f45b64d622dc173ce0939e5c561f9ccaabb44175fa8900ea6a5ae1584abbb3e74c04c68135cfc00ba7104e01005d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 940daf519ae7443b476d372400925c22
SHA1 61c825da88c5c56353f655fa27699b5c4c7af1b8
SHA256 5a6c2d2b09cb2f918881ffd22d493faeaf27206287ec84ea8ad4082e1dd5d0ea
SHA512 f109318e1f7f8dbe098386744cbf5bb2a1b970850b6563080aa3878a12bfa52af3fde81d869a5058205228c119cc6798570f139af5611d939e8a6f6473e34a7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f1f1caf2fc80220dec7faff86e1f4c74
SHA1 0933e57dae4378eb66d9d43ed63eb8ac6b355c16
SHA256 9588f1795d8e71ea97722aed7c2eb00bca1b45e3e90d56fdf4037a324a0e618c
SHA512 7951815e7014b4b6983917e280f0ef7f91b2efa62460498b6c2ee835f76c9ca2bbdb40c6d03899552f27fbba0f73d0bdb697fc34c686702ff0187adc9550560b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dcc6c4f5405f1331f3f58b68ba6fa77d
SHA1 2a51d629bb63227c6cf2fd02e478e617a3c4ba5b
SHA256 e972817ebe8ca37dd398dda11e4641c11356182e8485d43fc473dbb51efe8abf
SHA512 2b4fce45fad2d4b0e5d3c627ad2e0684964b1ada81bd02c6b06becd43601c6c0aeac215f0ca966afb6f87b10c91ff226b078ce85bf6c6257552b37fd1352385c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6b063ed0255d87b2b33865230661a97c
SHA1 cfcd6db709ee98ed63b99a3ada13bec844b5d901
SHA256 9c9e35defbfd2338a5b3a597045e0587be6c0a93734bd2a4f5dfd01cc914d8ab
SHA512 5ce3841168a80ac17f52129ab5bf5c29ba46820bb3d5096a84dfdff49fe4be95241cda7fe47019c7ce7802e6e6f7247be47dbb34081728ee395bfd29cfb07d41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 31307ce3b032cb6468040a001ef472fb
SHA1 a8404ecdc0871f45ffd9b2d02add9cddfb62f3bf
SHA256 9594fd2654f9e07006167aba1aa985f1968f5c9831fe6acd03c89e6fbeabc775
SHA512 d0e7f16e717f13fb93b949d291b74751809c08eb4ec4647d7f747d854f8778291e1e63681a3832cc616f8f6c2474124297db62e0390923ad4541ea7ba2ccb768

memory/4680-972-0x0000000000490000-0x00000000004B0000-memory.dmp

memory/4680-973-0x0000029DE7710000-0x0000029DE7752000-memory.dmp

memory/4680-974-0x0000029DE7770000-0x0000029DE7798000-memory.dmp

memory/4680-975-0x0000029DE7990000-0x0000029DE7996000-memory.dmp

memory/4680-977-0x0000029DE9890000-0x0000029DE98E6000-memory.dmp

memory/4680-976-0x0000029DE9830000-0x0000029DE988E000-memory.dmp

memory/4680-978-0x0000029DE76E0000-0x0000029DE76E6000-memory.dmp

memory/4680-979-0x0000029DE76F0000-0x0000029DE76F6000-memory.dmp

memory/4680-980-0x0000029DE9A30000-0x0000029DE9A6C000-memory.dmp

memory/4680-981-0x0000029DE90F0000-0x0000029DE910A000-memory.dmp

memory/4680-982-0x0000029DEA850000-0x0000029DEB62E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b994faac954ac3908be66b399f4f6287
SHA1 cfd6899bd52bd1ecbee522deea602f5135ad63f0
SHA256 2aed861d6cd36ebb262f8c677c0efd5440552ae2df484159b587df2c797e8fe5
SHA512 49cd2f59ea2ad71d0735a19db0ebe63f53ee1ad65a9eb03e3cc274fc8eff75f338e83237ceaaf93f4625b590cb6c5e0d165ca1cb06dd48093d4a41e4b8ac7506

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95cfb9013d7af061791150f55eaf707e
SHA1 6234c18e16ff92ee79f7694fa22711a43a022764
SHA256 ab37719ce4831267e417d5112ac602e1a9a52cd09de382488795fd173800cb63
SHA512 b97f5bc8c93b70a591f33c51eec595d229a32b2b75a5b451a562f9922fe6a294de4130fc37765596cffc111c0d223aeb900e676533ab43fb0ed7d7aadb183639

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 4f93092e4491807431f0c5527906e3a6
SHA1 3f378963d383e3dada8ccd898b18b1e8d092efe1
SHA256 02cd0cbdcc3507a411567106261d10765651520e25217b5b72ca6104536d3471
SHA512 c711ea3c4a44e579e9a8db94001bdaf0bb375d675ce9c0b3ae888618581bdf4cbbc016b10753210e185d6e698419112b0a16cce81269ea3819cc452641c075d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 db66cc6b6a806d57d74d9004431d262d
SHA1 5d5d5a693f6569a5a89158358cc193bf76aac488
SHA256 ad6bc11d58af1e6e84d7c88e94309a565d18a2b3a153e75262bd057b054e74d2
SHA512 e54d972be4fe847e8531a09dd0bb1cf23a8a91ba3d9dafae191f837583c6507acd74d0e87a81cf0ff7eb6f47df0aa9cb69f445f54728b5768a0fa83336a420e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 49f59765616e94dca631e4869a4ee1ea
SHA1 cc84620c49574bd633ec3ef38f4f4637da7e25e5
SHA256 af3918908469978af5d8369d794005b79b5bf1e3f373cdbba68921e67a7ae75a
SHA512 457b2ea6a5bede0578f6ec5ffc5a751b40a452a9182ee8a5a09e0990944da17cfd9557ade32aa14de96d086508a98bc1b765844d88882e028e76274d1374bf75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b9cc8d18597e4c72a13ef078eda62dbf
SHA1 d16ab611aa48139630d6a351170d378cad463017
SHA256 bc6a37c09644560dc536193fbbb01e20d3199597ae7f3473eadc40dadcd1bc94
SHA512 8a4e6214cbd7735bdbc2f602e6df02b48b6f5ece8049e62bdc655c52878f4cce4101146134a010235a06fad723772e01c8e418a6e9840e2c63631c6436a47f5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3af25bcf-2315-4cc0-9820-c946625369a5.tmp

MD5 43031d787e1698847218b4894bd0b760
SHA1 ddcf0448e6de70ba2eba2082683ef7bf98a83380
SHA256 37000feb06b7f4f9a6a927b9fd203c7cedd85ac15a1df887559e317958e7dc14
SHA512 07ee861b86695292115caceda4574537fca14e946e0cd926cd3d5c5f4b36b823a9d6bcf47683381f1ae8941813a78386a5a89d58f5084f56d637d35d8de986e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 be1f2fa0ac903973f71a40dc2b40653f
SHA1 1f3fa3fc75d663954e0e16d150cbc12bad5c138d
SHA256 34365e482f97ca43d0549d46fa4032bde2144a274eca0209b416510c6ac7715d
SHA512 ddf25c78319088363d2b5ec40197b3880764c9ea7a6a42ef3aad2395e9f0fac005fcac2888c5715a7825eba6dab842b660912257f6f79d3012c67a53ecf9bb0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 cbd58f8cfdbaa4d67a1d53451e51b37a
SHA1 e4a6822a5f4fba72ac062614b0ce595412fb847a
SHA256 617b37868f1e67e4c73e27ff665ed2931484d581f38c1db52870c2018737e3dc
SHA512 031567e259878789b0972cae31019ed64c416e946fbd1ca8b50fa3c429afc5299b9a22c6fccedee692b64c95ed41fa2691454c64d5a41e937244c6556c3a1df2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 47f6bd8af70afc82951ad69e5abd96b1
SHA1 0d13559c430664a5af9ba49ffdd368500720ae3e
SHA256 70f9ebde4f378b84b8bac2f93329de0b3be6e94ddf2418ee106ff94d55ba9cf7
SHA512 6a03de607e8f76dd141558cede94614ddac16e90ba36f0c0705c0a11efe3db67b0d8f10b9fd34352380f4d46c399bdc16a5f677589ce4667feeb93d64a992984

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c7ee15fac79db9f34379a5943b4d53f3
SHA1 7304d2f7213fcfca2a6d45a409b4de70a757f288
SHA256 608b717a0bed1cbc604e0f862f2f3590a2319006e8f93263179d0f914042e257
SHA512 3e810993899e4e51104a6f74a2e197405d4998ad5d1c07aca91029a0083259717b2ec186b97e22584308c33e1cbe4118cbee282bab226f7110a4490ff58f38e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed827e7e8a71f9d3391b1f46be81147c
SHA1 db6cfb0bed74341b8cf4b69614c75b5dede14e14
SHA256 643563518db35a84ed194f838c7939023273e247124f914b98d8a70e90947dca
SHA512 48bb3144b685fd14e9e9e5bf4c04afa55bc0586a7fb3e5d998a3b3ea72ab2575f4579254eb43541b18430766eb0f26382edbd17affa53feceaed9ecad49d1f27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 2ff92cc0f3a5c921dc90dbd4cf33b253
SHA1 cc07d036876658e2722d4d1c76f027f1503dbca0
SHA256 98672e8adb5fd4f84303f2f90c3a334d2e6889347bd7ad60d6fa279488f50b1b
SHA512 df08a2c6e713d86d50e598861bd2b1f4cf1dd6128f85be958ddcf830af46b1dedd9561f3fc509b30ded30b72a0329c8595e398854cb03a6f51c3ceefe2587afe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7ffe49dd6b37258251eeb0fd2fe04b9b
SHA1 a2a2c9793c7f5d03dd0f2441e7e37aacea90bedd
SHA256 91085c33e909c8f3bbd268d02ba4baad5dc4f992da9b8691f4b5982a9953c284
SHA512 28bb581d0c174b3b7b07f3f66b0b8d3ae4b005dc19c54ec0012f89e9643e4c113346dc4b95dcf9b91c0a7c38a85d5d7f08876a0cacee0184f61774428c4ad5d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d83a6575aa4f3a19a4151095f1ae0082
SHA1 cac3bb7be49da0e2069bd22a6b524249990c47a8
SHA256 a6717606c0b46aff1ba023eda152cfb4af3c438a8895c252a9697262cabc98bc
SHA512 d85116bfe2b830b4b996b3861c51f82b2d1e7b5028c4af7b80c9b4d84d7a3aa329a3cfbe9f7ad855368c33e8330a28c0cabb281f9d52e9a343d7530df5bcc3e0