Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

10

Resubmissions

28/02/2025, 15:56

250228-tdkd7ssj19 10

27/02/2025, 00:02

250227-abmxrsymv7 10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/02/2025, 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.io/d/dmXlFM

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:19297

6.tcp.eu.ngrok.io:19297
Attributes
  • Install_directory

    %Userprofile%

  • install_file

    XClient.exe

Signatures

  • Detect Xworm Payload 2 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Downloads MZ/PE file 1 IoCs
  • Executes dropped EXE 6 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 58 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/dmXlFM
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:528
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ebbe46f8,0x7ff8ebbe4708,0x7ff8ebbe4718
      2⤵
        PID:2912
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:3780
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Downloads MZ/PE file
          • Suspicious behavior: EnumeratesProcesses
          PID:848
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
          2⤵
            PID:1068
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
            2⤵
              PID:1496
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
              2⤵
                PID:4740
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
                2⤵
                  PID:1600
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
                  2⤵
                    PID:3956
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4984
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                    2⤵
                      PID:3548
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                      2⤵
                        PID:3292
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5596 /prefetch:8
                        2⤵
                          PID:2388
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
                          2⤵
                            PID:3908
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6004 /prefetch:8
                            2⤵
                              PID:4080
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4784 /prefetch:8
                              2⤵
                                PID:2340
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                                2⤵
                                  PID:4508
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
                                  2⤵
                                    PID:3548
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
                                    2⤵
                                      PID:3768
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                                      2⤵
                                        PID:3088
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:5312
                                      • C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe
                                        "C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe"
                                        2⤵
                                        • Executes dropped EXE
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:5436
                                      • C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe
                                        "C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe"
                                        2⤵
                                        • Executes dropped EXE
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:5808
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
                                        2⤵
                                          PID:5764
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
                                          2⤵
                                            PID:6028
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
                                            2⤵
                                              PID:4080
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
                                              2⤵
                                                PID:5880
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
                                                2⤵
                                                  PID:2388
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
                                                  2⤵
                                                    PID:1944
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6932 /prefetch:2
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4668
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7000 /prefetch:8
                                                    2⤵
                                                      PID:4388
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8
                                                      2⤵
                                                      • Modifies registry class
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5360
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1164985118225775761,10087177936325546763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
                                                      2⤵
                                                        PID:380
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:1572
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:3184
                                                        • C:\Windows\System32\rundll32.exe
                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                          1⤵
                                                            PID:5300
                                                          • C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe
                                                            "C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:5392
                                                          • C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe
                                                            "C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:5868
                                                          • C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe
                                                            "C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:5256
                                                          • C:\Windows\system32\taskmgr.exe
                                                            "C:\Windows\system32\taskmgr.exe" /4
                                                            1⤵
                                                            • Checks SCSI registry key(s)
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            • Suspicious use of FindShellTrayWindow
                                                            • Suspicious use of SendNotifyMessage
                                                            PID:5396
                                                          • C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe
                                                            "C:\Users\Admin\Downloads\Synapse X Cracked by XP ZONE (1).exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:4076

                                                          Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                            Filesize

                                                            152B

                                                            MD5

                                                            6738f4e2490ee5070d850bf03bf3efa5

                                                            SHA1

                                                            fbc49d2dd145369e8861532e6ebf0bd56a0fe67c

                                                            SHA256

                                                            ca80bbae3c392e46d730a53d0ee4cfecbbe45c264ad3b3c7ee287252c21eaeab

                                                            SHA512

                                                            2939edf5e6c34c9ea669a129a4a5a410fbbd29cd504dc8e007e9b3b3c7fbb9bea8c14d6177ac375d0c481995774a02d210328569231cb01db07b59452333b22b

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                            Filesize

                                                            152B

                                                            MD5

                                                            93be3a1bf9c257eaf83babf49b0b5e01

                                                            SHA1

                                                            d55c01e95c2e6a87a5ece8cc1d466cc98a520e2a

                                                            SHA256

                                                            8786fd66f4602e6ed3fa5248bd597b3f362ffa458f85207eaa154beb55522348

                                                            SHA512

                                                            885b09dd3072921f375eedb5f0575561adc89700ecfbe999bc3e5ea1d7cb45e19d85c5e420f2c0a12b428742e1110e66f4ceecbe5a6badddd36cc9e0aff48e52

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                            Filesize

                                                            90KB

                                                            MD5

                                                            089155bd7fe0036d253cb868ccc05c7c

                                                            SHA1

                                                            21ef7fc422c7746e743178706d4425687af5653c

                                                            SHA256

                                                            ac2499041f86963a7a87a112d832ff8a4ef970b611c0925fc21b141649c74572

                                                            SHA512

                                                            af687cb980644ae889615e85a198fe8e62c3b154e4d94d98c8dce0f7e10c60773a99020aeecadd1c939f338508541bab0672ebd65d8ac2a0116aff89ff92ce5e

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
                                                            Filesize

                                                            1.7MB

                                                            MD5

                                                            0a15c52faa5db00f34c58fc505fc536d

                                                            SHA1

                                                            f1b51b31512480995a0e595b09b8ba9bdebe56e7

                                                            SHA256

                                                            08ba14ef5cc9e9104bafff2b39ad005f3fceeee97399c841f20c3438c1bc40ab

                                                            SHA512

                                                            8aeafe9d3de2f235949ead3d3f30ac6dda0935c6567ddb7ceebacecfa5663dcb3f154a076a162f7ed0dba390e1170c2e4cf2b4c7ab4b3f0587ff3d7b2b9ec2d3

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
                                                            Filesize

                                                            41KB

                                                            MD5

                                                            e54a8e3ff39023a57b4d70bd012e9a9b

                                                            SHA1

                                                            a1cdc7ca30c559ca8d74a36c77d8de88c7b83141

                                                            SHA256

                                                            5b2082d4e78f090ac854cf92f5b295f6e2d1a3ac9cd2054837868fbc5f56db74

                                                            SHA512

                                                            9758ba53d6515fd1a561b1d524b765e69c9c7c6b9bc593761b21d582d7d74e21ab3ec22a689b6fdd6f91b92df1e527e3f973e8c25219091be70ea96e990df1c0

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
                                                            Filesize

                                                            214KB

                                                            MD5

                                                            d20fef07db1e8a9290802e00d1d65064

                                                            SHA1

                                                            71befda9256ed5b8cd8889f0eeab41c50d66e64e

                                                            SHA256

                                                            f9cb4624d03224bfce50c4c0e484418acd462c249f38b4684e72b27a1f30144d

                                                            SHA512

                                                            ad5b2c8df60027c6dd5104bb8c2357b04eb24d69245c607ff99a6f2a887f929428252ad793d9aaa8c903c7b1e1bf9653cd35f79747d5281e7e3d2c21fa828537

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                            Filesize

                                                            144B

                                                            MD5

                                                            37a53fddf4ffcbf86920e22aac386bda

                                                            SHA1

                                                            6070acdfdd7a5930dffd78d07b8e65d28b95d022

                                                            SHA256

                                                            ea55f70c9232de60f199598d8265e68d112b833116aff9c29244218f85fcb560

                                                            SHA512

                                                            993268292705cd3584bd09d161baa955875835faac1405d46242742ae5c216a62306b05d65f33a5349038b66729f4f2b5a5bfc20debca1f3f5a440f79f7bc78a

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                            Filesize

                                                            392B

                                                            MD5

                                                            4dd3287f37fa761e67f5df9f3050ed2c

                                                            SHA1

                                                            7b84004dcf41c786ba5d6887fa9246956672e772

                                                            SHA256

                                                            2f693a4758ca8e853cb491eb6d2996ab121ac16ab0c047f919d8705988ce4809

                                                            SHA512

                                                            229d47f35e0e6f5f537314bdd0c26b5ddf3c56e4da2ac42a073c9cdb74d1b34b60c5f80ad46b8640af7afa1c4b3550bc6bde787eed6ee46931598c87a4b761ea

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            6KB

                                                            MD5

                                                            b2454d3da586a2f671e623cbfe793cd4

                                                            SHA1

                                                            76c2edabd708c65efbff355cb27371745d8b3d8d

                                                            SHA256

                                                            6f64f498cb66e7b959cb9d8ffcd1b935759085d929862e49e58965cba89d3968

                                                            SHA512

                                                            771638c7491268678be0571d037480a2fae4685d11a67a62c7d2dad39d6019161469de926d4fba8dfd405e7d7973550072a4bbdcc34c56ffe3e79325377c6d45

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            5KB

                                                            MD5

                                                            cbdf699a62e5190f8d542989222f785e

                                                            SHA1

                                                            dfe8ae66a67ba26538b72ec3e3c65ee85116b257

                                                            SHA256

                                                            5bdca3a9a7fd039d8917d40674d3cc590fd54c7744e8201b4e27656bd3f69392

                                                            SHA512

                                                            9c89140abc0c33b14e814407d916cb73af16ae099176d523f197e6e39c648c57fd473fe24aaa1975580651b522f4a32632735ed176ecafac1c86ab44c279fdff

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            8KB

                                                            MD5

                                                            f36df7213c24085a7e772020f9d61edd

                                                            SHA1

                                                            cadd2e6c42729da39c9fa024b231f23d9ec93717

                                                            SHA256

                                                            4b1c0add3aa60e21b0b6192674e6de45416904d13ecc83b1c2ab4ef746bf92be

                                                            SHA512

                                                            ddf76d54e54e16642f605a9745ba49ba8e0275115c1a4367749aeb57237289946b36bb3bec3345af96929cd9ed468eab37569f6accf6122f664820f78e13f8ab

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            6KB

                                                            MD5

                                                            b7d19d83f19582584d05477a04058657

                                                            SHA1

                                                            3e55ef0ab63750c201b66cdd1bc91fd5114ce27f

                                                            SHA256

                                                            23531636db35106666b5734e15c87c28ea490fa205c4c94720ef80a6c5db542d

                                                            SHA512

                                                            a2475959937a8f51edbc774ffcf09dc412cc65ac3f2d716abfe4e31aea7bae56968b80bd12d9382ee3f57ada6e70d5bac6f24497402865557f6588d1fe393aa9

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            8KB

                                                            MD5

                                                            665eb43f1226a176c626cc78131b0e54

                                                            SHA1

                                                            ca0e7a408d7dbcd846295692ec9172ceda33a259

                                                            SHA256

                                                            2e3582baaea9f79581650f5be0d3801a43aa81e74cc6cd192e77ae46bf6d83b6

                                                            SHA512

                                                            9547d09f80930e3f04f64a4c34af4ab4e84925d14c644e2ab0842d34142c1890874505a70ab396575cf3ab31633b51ecdd15e2e5895ca1b32431cf80b6b72611

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            6KB

                                                            MD5

                                                            6a8c8e2a074bbf0662a27cf5b77585c5

                                                            SHA1

                                                            59db65d0546099c9e41b242e0f8939b76837970c

                                                            SHA256

                                                            d19aed571af7f0505d4d89ec5852a37cd0fcf4365aa59ac733d40eeaaef98994

                                                            SHA512

                                                            94e6579481a04fcdc1ffa6359703872e65978c20c44bcf2e445bf4b4ada40de125df83bf727d0b4594b583616f8269a66caba27c42c207c408ccd879bc2fb010

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                            Filesize

                                                            72B

                                                            MD5

                                                            477e7eb1be2e0ab8712306981e630a01

                                                            SHA1

                                                            5db65cc0067e43afc1d8826f9930ecf1df86a363

                                                            SHA256

                                                            5796c5510aa73ffcb51840b64b23a3f435b9b5fc1fe236c6ca6079060d34975a

                                                            SHA512

                                                            931d595a3c94a3e4bab43ba6986288ce31e0606d35c240376bfcecf3347f8a6ffe2151a53f5c2aeda6c4ed1deaf9d8120bab955740830887a28785e608df938a

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59b183.TMP
                                                            Filesize

                                                            48B

                                                            MD5

                                                            4aa22933555150ce7d03a04225025707

                                                            SHA1

                                                            38b3c966c8233cf3750e10a6f082cc82478069ea

                                                            SHA256

                                                            69e67bbe6015726b703b490372891572a75ceb95768edc802aaf1fb3bb114e5a

                                                            SHA512

                                                            fa4b24e66ea2a6f80d65c584a3fbda5917446e363d83245e670b44512cca3a75d253a851ce28efbca43785cc686543d0fcdfd4f2c7e5ae53d2818ed90e025fff

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            370B

                                                            MD5

                                                            dc12183023aae62df6b53b287a8324ee

                                                            SHA1

                                                            dc9c5f6eab052cad125ac786b7913098d19a6b64

                                                            SHA256

                                                            fda61b502911a398e571c5c28c9bd1a24a16f1b420cf85eb3544d0df87fe9692

                                                            SHA512

                                                            8934e5ba9d4d8eaae5f7a9f0d7147b8e4b9a92be964a8a22e3a3bb52afcf06de846add40c7c6b36cc0e41b1e4ee27322e7ddc6b58812746d9994dbd1dbb717b0

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            d8cb0ebae84c34ba82ece4938c45ed22

                                                            SHA1

                                                            21c67fa337a2ddc3dd0d0d7f73b9c0379c2ebbfa

                                                            SHA256

                                                            a71fcae0153a5ab0ebbfde0a1da83ffbf3d2f000e4e185897c67cd928b1e5b92

                                                            SHA512

                                                            caad2ae46001a7259fb5c35ffff94cda648c270b8a9734297f82791a4a7a4e805b728ac00bd4c0924abffb0e40f6d6b8ba0843b407ad1efc6e87ee4dacb6510f

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58050c.TMP
                                                            Filesize

                                                            203B

                                                            MD5

                                                            49ddc48d338677aef326feb5d5ad940c

                                                            SHA1

                                                            6130dbd9395d68f9a0fb9112b047d71dad5f7fc3

                                                            SHA256

                                                            98fa9df3c274489b306c9601c5539f62dc0fa997e5f33cdc8c788b45a2d27ade

                                                            SHA512

                                                            da7c77f6f7af8a9ed5b166be2bf6a3fb9d76239da2b1d15f84dcbd9ee20938b01374a090865071172c1c13ac1dc562e9bfd988f25309b567dacaf7c1319b8be1

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                            Filesize

                                                            16B

                                                            MD5

                                                            6752a1d65b201c13b62ea44016eb221f

                                                            SHA1

                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                            SHA256

                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                            SHA512

                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            11KB

                                                            MD5

                                                            44f83a13a46a7d4934a055640c207103

                                                            SHA1

                                                            31c115718e6898f63c6c79e91520045f88fe3e0c

                                                            SHA256

                                                            aefed64f728da79093d1b86386621ae85889ea672640f7fa5c382846d9cb676f

                                                            SHA512

                                                            f244f19ada8d5d446dac0d6f2d0d4cb35a0ea5adf3468b04774b89466ee688f11eb420523e7ea31bf8713a8365d2f97a05077654ef72f1837025877e3a527b86

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            12KB

                                                            MD5

                                                            81b2087da71bec748af10976f8797a1c

                                                            SHA1

                                                            f365d20bec9fece6adbbcf7b21227e3c51c1c0c1

                                                            SHA256

                                                            cc8162a08588a78886e9f61bafc8fd31d7a202b84a41b374b227618547e2890e

                                                            SHA512

                                                            72c9ebb95bec67df65901bdd671bf01212bae15b4fa21e829a37a4c46daeb75b08996cfa4cc4ef96f8932413ac72cc08ff0f16d08f84334335f80c2669c696fb

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            12KB

                                                            MD5

                                                            f7ebdeb822c7f6d9be216a530cdda77a

                                                            SHA1

                                                            6872c2d3d4840e956e08312320909f203e010f09

                                                            SHA256

                                                            c445d1ab3182ceb9ced20b24cc90347f6883fbff3cd9412a5dc17004197216e9

                                                            SHA512

                                                            acdb4a56b2ddbd94963cea0c6ab345bdc89988efe00bc027284633c2ace032a22b1397f25df2279b5afb0cccd483096930868b729dd09c8709082918f5c3c223

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            10KB

                                                            MD5

                                                            be813bc8de8ef69d10c70d8b7ab89da8

                                                            SHA1

                                                            32889cedc419ee1989852a85d5cbf4d7b3d0ec3c

                                                            SHA256

                                                            0fee34291fa227946e6d05a8fbd79535e7206d19134c9f2c0e82c26d08cad0e5

                                                            SHA512

                                                            cea71421e54dfefcd25b5f8c8bc753c9225eff81512b2f9503f6a1ab3cf7631fbc2adea21963e810edc486f37afdd476243d09dbe7d6f1073340bc54071693df

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            12KB

                                                            MD5

                                                            942fb670a1974f76b8242d530aa35ea6

                                                            SHA1

                                                            05ea51799f31adda11fd70d84f96a4a5a072fe10

                                                            SHA256

                                                            0fab98eab33a6d6d4b52fcc1baee751f3e77088cd3ecef8c681894a945eaf8e5

                                                            SHA512

                                                            fb18e9880c8f3aa95d3b713ce56d8ac5dd5b5b22be93056b94f9b3c393c9269bada2937acecdf4de4e96a0f27f37b05dc1154be0f6c274b5c95e19bf026a4d57

                                                            Download Submit

                                                          • memory/5396-217-0x0000025CFEFF0000-0x0000025CFEFF1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/5396-209-0x0000025CFEFF0000-0x0000025CFEFF1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/5396-214-0x0000025CFEFF0000-0x0000025CFEFF1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/5396-210-0x0000025CFEFF0000-0x0000025CFEFF1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/5396-208-0x0000025CFEFF0000-0x0000025CFEFF1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/5396-215-0x0000025CFEFF0000-0x0000025CFEFF1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/5396-216-0x0000025CFEFF0000-0x0000025CFEFF1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/5396-218-0x0000025CFEFF0000-0x0000025CFEFF1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/5396-219-0x0000025CFEFF0000-0x0000025CFEFF1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/5396-220-0x0000025CFEFF0000-0x0000025CFEFF1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/5436-135-0x0000000000080000-0x000000000009C000-memory.dmp

                                                            Filesize

                                                            112KB

                                                            Download