hxxps://github[.]com/Dfmaaa/MEMZ-virus

Resubmissions

18/03/2025, 13:40

250318-qyhjkatydw 7

18/03/2025, 13:37

250318-qw33gsxqv5 10

18/03/2025, 13:35

250318-qvqe1atxgs 6

Analysis

max time kernel
120s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2025, 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Dfmaaa/MEMZ-virus

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
162	camo.githubusercontent.com
163	camo.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
180	ipinfo.io
179	ipinfo.io

Drops file in Program Files directory 63 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-pt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-sl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_310595916\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-de-ch-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-hr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-it.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-lt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-mn-cyrl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-sq.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-ta.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_310595916\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-be.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-bg.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-es.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-eu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-hy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-ml.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-cu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-mr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_310595916\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-cy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-de-1996.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-gl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-nn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-or.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-pa.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-ru.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_310595916\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-ka.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_1903678979\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_1903678979\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-en-us.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-la.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-af.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-cs.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-ga.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-kn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-lv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-nl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-tk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-de-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-hu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-mul-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-sv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-und-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-en-gb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-da.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-sk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-te.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_1903678979\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-as.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-bn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-gu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-uk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-fr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_310595916\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-et.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-nb.hyb	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2536	2872	WerFault.exe	132

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XWorm V5.2 Resou‮nls..scr

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133867785195892724"	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{40912FDF-8171-4FDC-AC36-40CB6301DF1A}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
3352	msedge.exe
3352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2872	XWorm V5.2 Resou‮nls..scr
Token: SeDebugPrivilege	4560	taskmgr.exe
Token: SeSystemProfilePrivilege	4560	taskmgr.exe
Token: SeCreateGlobalPrivilege	4560	taskmgr.exe
Token: 33	4560	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4560	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe
4560	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
64	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 116	3364	msedge.exe	86
PID 3364 wrote to memory of 116	3364	msedge.exe	86
PID 3364 wrote to memory of 772	3364	msedge.exe	87
PID 3364 wrote to memory of 772	3364	msedge.exe	87
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5600	3364	msedge.exe	88
PID 3364 wrote to memory of 5044	3364	msedge.exe	89
PID 3364 wrote to memory of 5044	3364	msedge.exe	89
PID 3364 wrote to memory of 5044	3364	msedge.exe	89
PID 3364 wrote to memory of 5044	3364	msedge.exe	89
PID 3364 wrote to memory of 5044	3364	msedge.exe	89
PID 3364 wrote to memory of 5044	3364	msedge.exe	89
PID 3364 wrote to memory of 5044	3364	msedge.exe	89
PID 3364 wrote to memory of 5044	3364	msedge.exe	89
PID 3364 wrote to memory of 5044	3364	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Dfmaaa/MEMZ-virus
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x250,0x7ff91fd2f208,0x7ff91fd2f214,0x7ff91fd2f220
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1960,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2248,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2028,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3500,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3532,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4680,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4972,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5408,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5784,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5784,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5560,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6260,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6384,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6324,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6676,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6140,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6588,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6976,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6920,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=7200 /prefetch:8
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=7172,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7100,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6664,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7180,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6960,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4928,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=7556 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5088,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5396,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=7488 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7076,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=5604,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7436,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7744,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=7840 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7368,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7588,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7872,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=7376 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7884,i,5253064882624767134,15872709639740346184,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3500

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x4f4
1⤵
PID:6032

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:64

C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-V5.2-main.zip\XWorm-V5.2-main\XWorm V5.2 SRC\XWorm V5.2 Resou‮nls..scr
"C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-V5.2-main.zip\XWorm-V5.2-main\XWorm V5.2 SRC\XWorm V5.2 Resou‮nls..scr" /S
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 1920
  2⤵
  - Program crash
  PID:2536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 2872 -ip 2872
1⤵
PID:4748

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3364_1903678979\manifest.json

Filesize
118B

MD5
9191c4202582ea72903a86ce4e48a007

SHA1
91377355303e460951f8d4af612f80d86e5071fd

SHA256
945cd01c82a269c67b1bd6b76dda407b9c4289e4dfbb4a5d07e4a6b389430b93

SHA512
c4784538afdc8c3de223d187001c13a7b6c0309feffbcb88ecc689357ea04252e0521a5319f7b28b208df9e6b3880f54ef7b08b0ba33ce458f1277b3afcbff7c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3364_310595916\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3364_310595916\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3364_704679098\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
37KB

MD5
9a0f2fed78beabcb1af818103e79eb49

SHA1
e36dcc0472152bec227a1f5a81b5024ff3624452

SHA256
bc3ea6c39f4b013cb279391c0adbbd540219cae079703926d37a82dab9046450

SHA512
c4a96707d57cb474f45d669a52e31cc4f34e783b3600781c683c88d470cc6f6c3a5c5a399af33b8a193c57df87e797087fab9f6817048baec5a75e44ff835c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
21KB

MD5
3350e4099797cfeaefcb1ca2482d7841

SHA1
eb0ff9d9c3831c13653af67f2d9380eb9f591de9

SHA256
378eba6c5685941c3520915fe9cb730232d736d8ba45fc9eec5faff4d8cba729

SHA512
454c77a69725e0daa08dbc0410f404f31b4fedd0a6e299d4341c96b18c779bb944f88398bd35d24ee1b78bcceabc09520977208d0b8cbc02ac2a8db7d4a88b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
21KB

MD5
eb5f2f8b27b3794eb0b9d7302f3ed208

SHA1
ceb14ae185daed71ebd356c06f067ee90ca75a3a

SHA256
16a56eb5759e2174470278fec544af28e58f93a2e895141c140eef9409efeb60

SHA512
4c1441f9bc16c6c03df5c727c75e238d41aa24127904f86d18eb755564765eed86674de1d6d19406c2f9085454bbaa26c9b65f31973a364906878a9fa4688eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
26KB

MD5
398c110293d50515b14f6794507f6214

SHA1
4b1ef486ca6946848cb4bf90a3269eb3ee9c53bc

SHA256
04d4526dc9caa8dd4ad4b0711e929a91a3b6c07bf4a3d814e0fafeb00acc9715

SHA512
1b0f7eb26d720fbb28772915aa5318a1103d55d167bec169e62b25aa4ff59610558cf2f3947539886255f0fa919349b082158627dd87f68a81abac64ba038f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
18KB

MD5
84c3ce1d3d0b1d971e3d3f239f877830

SHA1
0cc932781f7bac01196ab2ce181ff298b98bd0ee

SHA256
ada01876fc7687a6fe35fafd68fc071adef5bcbf87323635bf985878a67b973a

SHA512
77df6eb947b861b4d5ee4c1dd1abb3f89d4a24170edc1fc4bc2460eabfb92accd687384d2ed9891bb9f1bedcb52d6f583d4604ce5c924a1e91249b8632e2f558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
59KB

MD5
d0cfeeb9b48d7a7c67cf0c365054015f

SHA1
36457f5c44b82688641322d50450dae05daeb551

SHA256
245b708789ccc1489354d552edb9744994d7aa267490399a82bdbfe40d16d1f7

SHA512
09d1dceabeed77553723671413592c3f10b2a10a92a945524aee1d72ac3ceebb6ca44b5353fc96eeb63820f0cec32c475305fc987fa42b26e2ccaf02107b1a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
45KB

MD5
d1ddbfeb7ab267728a98b636d94c51b3

SHA1
48544ce8b01f28d5b30d11c2ba328997e1bf6cdf

SHA256
44c18eba7f7f81332228aadad65c4d2e2c7934b39a22848fac92d6a3f8507eae

SHA512
c96e6e8fab26748b38dae25f6ed879be3d55e06cf8b073831a18ad4fe332efad5b120d14bff65ebe10c2d94c51a08ef889bbb77f639a83688366e318e3337d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
16KB

MD5
dde035d148d344c412bd7ba8016cf9c6

SHA1
fb923138d1cde1f7876d03ca9d30d1accbcf6f34

SHA256
bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

SHA512
87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
55KB

MD5
92e42e747b8ca4fc0482f2d337598e72

SHA1
671d883f0ea3ead2f8951dc915dacea6ec7b7feb

SHA256
18f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733

SHA512
d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
110KB

MD5
c0399e6d4556acf02013416c3a3af8d2

SHA1
cfd275764c4aa78e272f0bc6d66b8506efda3c80

SHA256
faed6ef527975d8c81afe700f2cd3f24a4d4ae068705d460904dde292f25534f

SHA512
6f89caef920af72a30028c4e002f5504a0d7e40848fa17b48d2ea0854739df2b0eeccba606773f8347adf2784b4847f13d1431dd2d31fac49523b548dc11d1a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
87KB

MD5
65b0f915e780d51aa0bca6313a034f32

SHA1
3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

SHA256
27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

SHA512
e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
16KB

MD5
dc491f2e34e1eb5974c0781d49b8cbaf

SHA1
b73ca9b5f9c627d49da4ecbc3455192e4b305a3f

SHA256
f956049f0d96d455a71003eba400cb94f7067bc52620cd05b81006ecfdd438d8

SHA512
5c9bd0d5c93a05ca76eb727328a0fde40f2be7fe53b6b6c9eb260e8f20f92cfc831fd4b46f954d85baf151ae8aba1cdd6f76b0faf96217922cad844c905f3645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
22KB

MD5
7cf02e7d7665e3c3b5496279c9039188

SHA1
d31c00766b2ad3f7939a9ebcb46d40fb1f8e869e

SHA256
5220da6161261cfafde0d1fa6adc21e0ba4cbe275dd7408bc810a6421bbcf6cb

SHA512
1c0a6fd92fc799aecd0c128b8a1774d05399d4b8c944ec92546dbfbab7cc0b58c71b8fc8049eec2657a39d6700563bccb601e36318686963b6c5193e992b8e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008d

Filesize
361KB

MD5
7299d5c3cd19c17dd5d4887c653c4b3c

SHA1
9df68872944392710713e02e77d4589176acb17d

SHA256
5a47a201b7f85208100196aa225d21785f7268242910829d0ab5ddfe1b0fd260

SHA512
9be959d7f73d963d1c3e5d850b82f0a64810b6e42203657c1e460047a73f4d2a25cbadfb0b2526c3bd16ada0029ddb5dbf47b4b0b3560ddde4f87a07087a0faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c8730f68699f263837c13422c971d571

SHA1
dbabe5151ef9042a7da1066666d3e22028f98c65

SHA256
31b66e11e3bbc6c58ccad2fe5a24dad006b09ed4ce59de6bcc1ead2ae3755eff

SHA512
b70c34301aad5844648fef613a3380687ae7f62942e0a1dcfb6bb4072d8c2e6a2c42eb646e30260472261d32021626d4e6dad847bada2df97f7b0de13e5bc748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
8e5f9f3ec069fd86c8bb37e70a6d1516

SHA1
4a47d2c692946d218303e55d6e88fc9302eddcde

SHA256
3ebb0fa9e00243f29226b81a38e36902d73e1e69b5ce67f9773bd0bbc16e29d1

SHA512
078a1a1b91d547c7a8fe098331a83091273b67d14801664383dcc54352a1ffcf1a5e0e84e6525741b3eae3533693b019a611b8a10c8d8e58d91a5acc00c4758a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58244c.TMP

Filesize
3KB

MD5
648f2ca3c073d7a1fbca96b7d4d2c889

SHA1
98f53c4b6266927cc0d577a4d763efb17c2ca4dc

SHA256
830c0cd243b67d4e5d1ace01d2577dc4c5ed906fbcc161cb7a5ad6e8f1ed24cc

SHA512
bd24f42947fee0231d217d8f1501da46947b87a08273ccc0ccb126d025015281004d58f31959ce2e19ddd299e930a0ea5be729c93bb8580c06ebfd2561e2ede7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3ef1e9ccafffdc265e69c7ddcd15f9b5

SHA1
3dabe75de64ecdc827356e4101a73e8329b1259a

SHA256
c8cdbd5608914d50bda285b9c676f69275b18714633612c6394192bd11dc5513

SHA512
d576d5451fa8fc7eb6fb452793791430b258dcb0988e6f1d893353c854de647ea43510a0c10680ec40c094d0aa2f9f8b5767d42f4e913c8c85137c7337d0b59d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
9fd72395b38e1b689f635a9176370ad8

SHA1
259591c578f67f2eb6b780e42fba21b3fb56bd9e

SHA256
721a02e9999667c397ff54d8957d270e2c5f5f29d6c841c79049bb9a799c5212

SHA512
084a0f43156914bc3b098eedc769396f0bbb09cf2a1bf40a6c4b8471d69b01d29fce3248919b6193a0731d66588cb0b804f21066a33ab31ac8b916b4a2c67de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
1f3de04bc5340d739e949c6ad3902567

SHA1
42bd08c47a3c897c8cdc420ff35e04c47e0ecf01

SHA256
1e6837761a65b1905462ae7b64662655cb235c56f8e121ab0fa09c3d6c58e329

SHA512
555646ce60dd95ac172bc1aedbc14612bb735e04b2f427c6bcd35037c711e3090c31bfef87674cfb53ae3fe4ac6c217869d3b287da249832d360d75a97e5aafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
32aaa8bc9549f51b310552ef75f52320

SHA1
b7f19e45310d290634a9d0f3adc1abd3f4576bec

SHA256
1fd9f057d34b2320e472b6ede15f9109ae7e0ac40a344ffea32171d8db82703c

SHA512
19313fb0e2003de638d6f2186142d54afb93cefa18b04acb26eb6f549fa2c5fa4a274b5bd3488491557cb858bcb27e21b018b307dbfaab45ac238ca58743a783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
92a5b8990b6e473e0c063d4fcce6e487

SHA1
acc429b7c53025819ecb392d58cafb3fa612a91d

SHA256
ce1e30beb87874a2872b76bbe7a33da7fc452574e1f33647e82a647cb11dcf35

SHA512
c2efd4d006bbc46dacfe6fd364c4f1dcab96d476afa2633d1f9d95ba6d176286d1e6c727fe0469bce7b11b11799861631e09bf47e0638e59191f84f2db8d16df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
47afd6e1ffc06418acc5f8af36f9d67c

SHA1
a1f8ef45643f325b49f557f682f11dc875f2f7e0

SHA256
2760029334aef7a534b29a2f1a4c72a738a9cc9d3e388dbda4d0c42215c232d3

SHA512
4dda7e81cc69a3089bb8eac60a116dd3dcdde1b960eca013548fc658324db2cfa5b66414cf50effea7d3058837f638de3def2fd6287ea6eb7f15c1e30f8491ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
18KB

MD5
91ec80b645f7aad39bac0b9c419b8d7f

SHA1
d0c605856678436880c455e2cbac52c81e74fe45

SHA256
1daf51ab7ef46cf485408fa121cce26f27916ec60afddc7d8bef3c446b3853a4

SHA512
c27aff5feeebc24fafbde95dd62a69e22db2986251d50b3e02c6daed94b0cfff148340c9f0fc84b1c81856633d7f4ab67a0a30c781db78790c14d11deb571b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
902B

MD5
b33b22b096350a3bb24908c9ace148e2

SHA1
6246613a392d6df2feb03fdaaf38d20286b55588

SHA256
b437b652a42a419675848f7519d43e90b4e9bd28568639ce3f5f0aa472c1cd61

SHA512
575e8dd90e7afec3bab3b1d70e23deaa41df3af1b03ee76ed521efe0568786d5412912a18f1a28f5f2548c42b1cfb44216c9df6915a2a73781a3a1705231641e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
1d09df44aae7410d09d33b092f0872ca

SHA1
78472c0a1cdd742fadd94106c94126e92cc1eb7c

SHA256
09d5bf425b21f3e1b73e2071a74d1b6069dc568678451a614a2bdabebafbed91

SHA512
d3419cc181f7f0744b0605a50d8b89a97d29efe0c51e8c61984126fae8111ad15c850b7a2196d9008d587b826f101d11b5c16c0e18510ef570f101f6aad42a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
bd089f5b38dda8c1b3bf3e0d7d2a5592

SHA1
c89612316c09aadacd6ba00bab15465849261297

SHA256
d8cf984c2a1b837e20537d68efb7598252301977b4bd2cae6e50ba5579b67d01

SHA512
1a5f6458d8987b790fa5a05a6acf073bed23f0975a7cdd9e577c98ddfd5de1d42942c904443debe1ab369021d511f9fba751a2fbf689f30589ca3d2a2f3f0bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
2c25451d900bcfd442f0ef4176996814

SHA1
9260f7f2f878369e2f3eba1f8eeae7a5815382aa

SHA256
38afa4726bf9dc9ca4047b36130d053acb49555187d29bbd7be763b5a00b012b

SHA512
a13ee5ff31053a58efefec1da23d73b1e4d32f049ee99f5c2fbb436e3ec73eabad31766e8796b0e90c0cee9c7e31837c112f4c7b7c00e4dc43565d25850a049e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
c971591567c5ecc0c4112aff9a4a5f7d

SHA1
d0bd5f3ff9062d4ee3782bf474d717f6701abc51

SHA256
0b7c3d5b9d015c89ff81d9be90fffff1e2c3b87b8ca56f07ab9084a3c2c208cd

SHA512
0e7a220605fc17c113c259f341fe927df5ec0e34d93298cc7cda6a067ab8998ba4fffd9b59b63f4845db8daff0c3c8f3278727c370cef1f98b8a51cf87bfa561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
1a899d12167a2b1458d5c2c75495accf

SHA1
0b76c48d304e886a734bb07b76356c4fcf42f20a

SHA256
7f37b99fa7efb05e6a22eeceb0a5e982dde5b3540eebb1b030445aba418ae747

SHA512
f2f474d0f60155122d294322a164a48f236c063523676fc0211d652b705ff2aebc862ae1939e8bb722367f969bc90dc5b868df38dbca9b0ac428755b145c4864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
3d80305109cba6867b6c2c871cd58525

SHA1
967752502de763a6a90567b8de8e140910d56c3f

SHA256
d47ce406d5d254e6459cf4ce1b292e1804c8c65eb216846577966c01604f2f91

SHA512
884c1a6f2b057729fe89d41ec7430302a7d92b529b7d652ee363827fcb761e1784d0845b5d8c28a7e3a8a1af93071339ce4eb2a2e07040635c7ddb1a5e95952a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57fc32.TMP

Filesize
392B

MD5
6f25397705ee06681cead36380b57420

SHA1
86b7ecd0cf76fb1763ab6d502693a69acb6011bb

SHA256
b25597d312e21b22351e98a7527fbe3533d9a9d513dcd2ae08b6e2c95ccee52d

SHA512
0536669d5916f7ad2c268b340445cdff166810830b0d08dbaf809e307264cf77c14956ac512ba6203147d71025eec7e45ffc726ff85be15ea20e69b0c2db1d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.18.1\typosquatting_list.pb

Filesize
635KB

MD5
9bd22564aa3ca907ecb09074d0f011b8

SHA1
1f15761be36f2fd400e6ce7f9fbc1d613be8b81a

SHA256
a295e802149a6350aea7d9e132e5bf99c36085bb18ed5654b501a9c1d24dc4df

SHA512
47b17689549f292e34957c2a89dd273ace59a69975c0450cc9a88ee3cb5c2fe72543c370d858bb15e14002fc387d3ecdc1fb2eada53497ecd9fec8e0d6b2aa18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
7934fd0df2417267ea2bc7b6fd399c87

SHA1
a2128da034a143cb776736908a03c43a53bef9db

SHA256
24bde7fd6e85ed25cf13ca414b4b93df807e06fc6fbfa7d675a699cd0766f0c7

SHA512
c5f6ef32f5412a93799f859ac4fee173c993e9a2924ff57f77837eb5e43018023d6dced5d74ca356ff9488ce2d3608b2a6cc5d261ac1a6fb6e3cb7f11b6a8990

Download Submit
C:\Users\Admin\Downloads\XWorm-5.6-FULL-main.zip.crdownload

Filesize
24.4MB

MD5
2d0ae853f32a31e30ed0d0b3bd879e4c

SHA1
7d67f08adb319e65ad05b2f12daac9937f0846ea

SHA256
59b8fc64048c7127a98c9f2948024a978e0ff275261ad375f8352f9c0a3189a8

SHA512
43baee1aedcd31d27aebd78eeb3d40362c382354c87bb66038e0b346940279f1db3e751bf6398555c00bcb30b2251a12ec89a6485deaca421b9496c8894c7b66

Download Submit
C:\Users\Admin\Downloads\XWorm-V5.2-main.zip.crdownload

Filesize
752KB

MD5
06290bca26649b34c201fa1a6fabd232

SHA1
5ee6f669a49d57fb3669e4c404187f97afdb0d35

SHA256
338091b8fa272908857fee2d1ea3622a3147df78c1fd72f36328ccf16b51c87d

SHA512
b90c2f0e922b891400e30605362ff2cf588c0d072ce9263cc3d55ccf141d678803b39688ca18c2b36e85cb9c8dbb16745a471aa94610c98ef37d0dd8e1a4911d

Download Submit
memory/2872-1284-0x0000000005930000-0x00000000059A6000-memory.dmp

Filesize
472KB

Download
memory/2872-1285-0x0000000006B70000-0x0000000006B92000-memory.dmp

Filesize
136KB

Download
memory/2872-1286-0x0000000006CD0000-0x0000000006CEE000-memory.dmp

Filesize
120KB

Download
memory/2872-1282-0x0000000000E70000-0x0000000000ECA000-memory.dmp

Filesize
360KB

Download
memory/2872-1283-0x00000000057E0000-0x0000000005892000-memory.dmp

Filesize
712KB

Download
memory/4560-1333-0x0000014BEDEF0000-0x0000014BEDEF1000-memory.dmp

Filesize
4KB

Download
memory/4560-1335-0x0000014BEDEF0000-0x0000014BEDEF1000-memory.dmp

Filesize
4KB

Download
memory/4560-1338-0x0000014BEDEF0000-0x0000014BEDEF1000-memory.dmp

Filesize
4KB

Download
memory/4560-1337-0x0000014BEDEF0000-0x0000014BEDEF1000-memory.dmp

Filesize
4KB

Download
memory/4560-1336-0x0000014BEDEF0000-0x0000014BEDEF1000-memory.dmp

Filesize
4KB

Download
memory/4560-1334-0x0000014BEDEF0000-0x0000014BEDEF1000-memory.dmp

Filesize
4KB

Download
memory/4560-1339-0x0000014BEDEF0000-0x0000014BEDEF1000-memory.dmp

Filesize
4KB

Download
memory/4560-1327-0x0000014BEDEF0000-0x0000014BEDEF1000-memory.dmp

Filesize
4KB

Download
memory/4560-1328-0x0000014BEDEF0000-0x0000014BEDEF1000-memory.dmp

Filesize
4KB

Download
memory/4560-1329-0x0000014BEDEF0000-0x0000014BEDEF1000-memory.dmp

Filesize
4KB

Download