Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20250217-en -
resource tags
arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system -
submitted
28/02/2025, 22:27
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
xworm
194.59.30.29:7000
-
install_file
USB.exe
-
telegram
https://api.telegram.org/bot7536152436:AAGG2hVlR16lwWms-OeRk5OXZ6BXJtq73lM/sendMessage?chat_id=7773294550
Signatures
-
Detect Xworm Payload 2 IoCs
resource yara_rule behavioral1/files/0x001b00000002aed9-115.dat family_xworm behavioral1/memory/3200-149-0x0000000000EA0000-0x0000000000EB6000-memory.dmp family_xworm -
Xworm family
-
Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
pid Process 2152 powershell.exe 236 powershell.exe -
Downloads MZ/PE file 1 IoCs
flow pid Process 27 816 msedge.exe -
Executes dropped EXE 1 IoCs
pid Process 3200 XClient.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\XClient.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 602613.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\XClient.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 816 msedge.exe 816 msedge.exe 5872 msedge.exe 5872 msedge.exe 3160 identity_helper.exe 3160 identity_helper.exe 3764 msedge.exe 3764 msedge.exe 4876 msedge.exe 4876 msedge.exe 2152 powershell.exe 2152 powershell.exe 2152 powershell.exe 236 powershell.exe 236 powershell.exe 236 powershell.exe 5528 msedge.exe 5528 msedge.exe 5528 msedge.exe 5528 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 3200 XClient.exe Token: SeDebugPrivilege 2152 powershell.exe Token: SeDebugPrivilege 236 powershell.exe Token: SeDebugPrivilege 3200 XClient.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe 5872 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5872 wrote to memory of 1716 5872 msedge.exe 81 PID 5872 wrote to memory of 1716 5872 msedge.exe 81 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 2148 5872 msedge.exe 82 PID 5872 wrote to memory of 816 5872 msedge.exe 83 PID 5872 wrote to memory of 816 5872 msedge.exe 83 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84 PID 5872 wrote to memory of 1640 5872 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/hnSitR1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5872 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe250a3cb8,0x7ffe250a3cc8,0x7ffe250a3cd82⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:22⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
PID:816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:82⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:12⤵PID:5648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:1352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:82⤵PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6044 /prefetch:82⤵PID:4120
-
-
C:\Users\Admin\Downloads\XClient.exe"C:\Users\Admin\Downloads\XClient.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3200 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\XClient.exe'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2152
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:236
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,13841667197471770397,17921271882065422039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5528
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2076
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5627073ee3ca9676911bee35548eff2b8
SHA14c4b68c65e2cab9864b51167d710aa29ebdcff2e
SHA25685b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c
SHA5123c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb
-
Filesize
152B
MD5fe68444a298dfe7ce3afb15e1e04dc2d
SHA1ce8500b8bc9f8033bf5f6b28174d04852e996cde
SHA2564fa17fcbb66e9306869abf881cf02c7b890bd34c34852c8a8f0e276bab375ba0
SHA512ed3aec46de266977a45e00363f3e258e53e9763fd5304861d2a7582344f6364f9dba20d5a13e6c2eee42e6bb875eec2f3e900f45cc64bf911e7055008c2374c4
-
Filesize
152B
MD5648295913e8e74a91d84a0bd6dfa0efe
SHA1e42c17ec7e237fa16204bd204ba0d47c2e7aa057
SHA2563f46ccf49be312c1e7b3cd94ff1d27970975d6a80e052769daf31c772adb260c
SHA5126e3f03fade65388ad14c2443300f79d028986a7863d32ad731a3b1aef4bc4937e7cb150c814947befdf4d2a8510f70368ad35621ae854b9037e46488df7423e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD567600e4544fe3349f5d19413fa6a3d4b
SHA16d8087451799d6ca129a12c8c9a06898e6335bb8
SHA25674a4498ae78795c6a1573cc252e08309a0722ff4dd4c6b4a90bab2588f2d7a72
SHA51264939ec5ac39e1e8d37ee6c589c193e4a9b745419ad537a5a8ec7fad9c72aab91e062300f45053eb8a985fa0a48d3366cac5f2f099789ffe7864b929ab808b34
-
Filesize
391B
MD5af37e39de81bdee39b60eb28cc58a54d
SHA1e743c591a8e2f0ec6082969662abf7535c444fc6
SHA25681c5cdcf737de4b1c1ca1b11ac83ca3ead05f2ae1f6e9347cad7213a7ab56b4c
SHA512a7d594187232d92de104eed7b1c7321d7261b62e815b87de1880df659f79884a25dedf06c5ffa15107229b8bc8215972825f82e88e562b87f4e3025684fd6c11
-
Filesize
5KB
MD52d4fe14e124aff4063f8417e943daf79
SHA1f21a92ca1d3d3b43e65f3c390dfcc420ab1c640a
SHA256ff83e0c4996810441a995270c472ad32bb2f54f7c935bf27cc80ad30955902ab
SHA512837828f3c0772abdfe291d2f08a8355d013d7c9237589742d018e1328230a9e1ec7523f69758f1b73a709d77e9d2655d7d0c4aba87699811faec431383e1312e
-
Filesize
6KB
MD5d4f5a4ed88c60f2138170c87ba6b8d74
SHA13aaffdd4cae60ae6905b89a9c671b02485949fcc
SHA256b829b296792f64c33a6d06c409c3f1d3e409de281adacedeb74692408a7c5af7
SHA512abc1bd7bc46c3b2e160b84eb22907e83c6e335dcf1e81a36bb99b489d40edc7bf34e7fee8650d22d24211e5d7cb522f4ce17322e6bbc2dfe77dbfb57a2a114e7
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5457a471148cdd117af6f412ff1a87e4d
SHA10a0ca2b63782d2df84e383450f2d58c6f6184450
SHA256748de3fed948253aa4ff03697ac8cc5fd208d87f69f9286b7242c2153df2ff43
SHA51232bc7359dcec270b589c378607ec0110ad6aa8d43438ec58af265e50ba52c1f7c60b74493ab959856ffcd89bc691e05040f181f8ff7d69947d0468119c5b630d
-
Filesize
11KB
MD5165935e86db59dafa86ce18ed0c465fc
SHA1578a46556f42df8861beebe9b7164a613394b61d
SHA256245be328435521454760c07f7e9cc3377420feb66fe05f89b9c4dac68316f227
SHA512fba0c4effe2112f9ee22294043298b7ff9ffb05a7f6825bfe6119a4c47f045da3ca329c9deb0a6763a49ccaa78f4fe4843043f5729c2cbf43558d5030a49517c
-
Filesize
944B
MD52e8eb51096d6f6781456fef7df731d97
SHA1ec2aaf851a618fb43c3d040a13a71997c25bda43
SHA25696bfd9dd5883329927fe8c08b8956355a1a6ceb30ceeb5d4252b346df32bc864
SHA5120a73dc9a49f92d9dd556c2ca2e36761890b3538f355ee1f013e7cf648d8c4d065f28046cd4a167db3dea304d1fbcbcea68d11ce6e12a3f20f8b6c018a60422d2
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
61KB
MD571e29295d79a4eec97d0b1cd825174e2
SHA18a66754607bc4aab68a16f0c21d8b2c1f30758fb
SHA25672208cd4f4a002d9c091ec3133e170798b75dca13aa8410f656bc48f0e76f4e3
SHA5121ff548a0372ad5a31aafb84c3a582fe757c8d20112a4c38668945d6d8692ca7b9569bce1d6c858d3eef77cbc2f5abad22b591a389e5fb5fe4e053940f580ea74
-
Filesize
154B
MD56c8a4a6b2544d1c1b057776963850348
SHA11f08faf899567f1b9b3050c3ecc2cda3dd8055d6
SHA25633fa6e9031db73e151f2f17ac95df86671999d5b169b083d582342492c9bd1b0
SHA5129959d584721f31ef2a238711c47bdd547e1bb41e95c12db2137da64a2dd497a60f9831adabcaf379651c5a6d108ed6516ec09dd5ecc350999896939e6c840106
-
C:\Users\Admin\NTUSER.DAT{2fa72cf3-34ca-11ed-acae-cbf1edc82a99}.TMContainer00000000000000000001.regtrans-ms.ENC
Filesize16B
MD59bfefe6c4176b743f893687c430612c1
SHA1a2628af7b8abc719a8bc2a9339ad2f77312f08db
SHA256a83d8b03494f87c9207d7a039fe362b82bfebcfb9d7a8dccdbdf6c976926b5f1
SHA512f81515ef635583efe7fa67a71f242a4378593f0f8ae5792d5007764a8547886c64d858f05332a826bbbd5128db6a9dbfb21f7a9b13d103e525379d2dc777cacd