Overview

overview

10

Static

static

10

Files/0018...8a.exe

windows7-x64

10

Files/0018...8a.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Files/059c...6b.exe

windows7-x64

3

Files/059c...6b.exe

windows10-2004-x64

3

Files/0761...50.exe

windows7-x64

5

Files/0761...50.exe

windows10-2004-x64

5

Files/0b4a...e6.exe

windows7-x64

10

Files/0b4a...e6.exe

windows10-2004-x64

10

Files/0c10...54.rtf

windows7-x64

8

Files/0c10...54.rtf

windows10-2004-x64

1

Files/0dc6...d8.exe

windows7-x64

7

Files/0dc6...d8.exe

windows10-2004-x64

7

Files/0def...d1.exe

windows7-x64

5

Files/0def...d1.exe

windows10-2004-x64

7

Files/0f64...5d.exe

windows7-x64

10

Files/0f64...5d.exe

windows10-2004-x64

10

Files/0fe5...05.exe

windows7-x64

10

Files/0fe5...05.exe

windows10-2004-x64

10

Files/1150...16.exe

windows7-x64

8

Files/1150...16.exe

windows10-2004-x64

10

Files/11c8...ba.exe

windows7-x64

10

Files/11c8...ba.exe

windows10-2004-x64

10

Files/15e3...5e.exe

windows7-x64

8

Files/15e3...5e.exe

windows10-2004-x64

8

Files/1ca4...74.exe

windows7-x64

10

Files/1ca4...74.exe

windows10-2004-x64

10

Files/1dc7...d8.exe

windows7-x64

5

Files/1dc7...d8.exe

windows10-2004-x64

5

Files/1fb0...c1.exe

windows7-x64

3

Files/1fb0...c1.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    60s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250313-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2025, 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Files/0b4a12968bf32f01c3aacc96ab4888e8b04f4ff334f903968afe452fec9bb2e6.exe

  • Size

    1.8MB

  • MD5

    c53d0c64f18101045e5728562404a09b

  • SHA1

    ebec00d5f2675c883038bc149af1da8d7b0cf535

  • SHA256

    0b4a12968bf32f01c3aacc96ab4888e8b04f4ff334f903968afe452fec9bb2e6

  • SHA512

    bdd8080dd0b17514ede52419b755cf324e2a46b2cbb38f504d008e3bf791ef7c6a3cb78cb4f4f51f875e7677dd034750022b41074dc04b1922242fd8f339a2a7

  • SSDEEP

    24576:xbX9r1C3TEukAYhjKVTvC/7f0Of8t2WVP3bw8izhWGsi2:ThEvC/7fhyPrwPzhWGZ

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

z-openings.gl.at.ply.gg:40705

Attributes
  • Install_directory

    %AppData%

  • install_file

    RobloxPlayerApp.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Files\0b4a12968bf32f01c3aacc96ab4888e8b04f4ff334f903968afe452fec9bb2e6.exe
    "C:\Users\Admin\AppData\Local\Temp\Files\0b4a12968bf32f01c3aacc96ab4888e8b04f4ff334f903968afe452fec9bb2e6.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3552
    • C:\Windows\SysWOW64\bitsadmin.exe
      "C:\Windows\System32\bitsadmin.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5028
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=bitsadmin.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
        3⤵
        • Drops file in Program Files directory
        • Checks processor information in registry
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:5548
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2d0,0x2d4,0x2d8,0x2cc,0x2c4,0x7ff89abaf208,0x7ff89abaf214,0x7ff89abaf220
          4⤵
            PID:1456
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1968,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=2656 /prefetch:3
            4⤵
              PID:1908
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2612,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:2
              4⤵
                PID:1316
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2284,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=2972 /prefetch:8
                4⤵
                  PID:5700
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3356,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
                  4⤵
                    PID:2892
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3560,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:1
                    4⤵
                      PID:3028
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3516,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:1
                      4⤵
                        PID:2680
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5216,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:8
                        4⤵
                          PID:2308
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
                          4⤵
                            PID:1568
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4352,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
                            4⤵
                              PID:2028
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5996,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
                              4⤵
                                PID:3356
                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5996,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
                                4⤵
                                  PID:2248
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5236,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:8
                                  4⤵
                                    PID:5564
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5248,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:8
                                    4⤵
                                      PID:3152
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6056,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:1
                                      4⤵
                                        PID:1016
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6400,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:1
                                        4⤵
                                          PID:2576
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6600,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:1
                                          4⤵
                                            PID:2780
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6756,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:1
                                            4⤵
                                              PID:3268
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6476,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:1
                                              4⤵
                                                PID:1696
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6176,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=5056 /prefetch:1
                                                4⤵
                                                  PID:2288
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6812,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:8
                                                  4⤵
                                                    PID:1872
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5568,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:8
                                                    4⤵
                                                      PID:3576
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6984,i,15489037635431231045,6033557905335256264,262144 --variations-seed-version --mojo-platform-channel-handle=7028 /prefetch:8
                                                      4⤵
                                                        PID:3724
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=bitsadmin.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                      3⤵
                                                        PID:5692
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\0b4a12968bf32f01c3aacc96ab4888e8b04f4ff334f903968afe452fec9bb2e6.exe
                                                    1⤵
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:1712
                                                    • C:\Users\Admin\AppData\Local\Temp\0b4a12968bf32f01c3aacc96ab4888e8b04f4ff334f903968afe452fec9bb2e6.exe
                                                      C:\Users\Admin\AppData\Local\Temp\0b4a12968bf32f01c3aacc96ab4888e8b04f4ff334f903968afe452fec9bb2e6.exe
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of SetThreadContext
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:5188
                                                      • C:\Windows\SysWOW64\bitsadmin.exe
                                                        "C:\Windows\System32\bitsadmin.exe"
                                                        3⤵
                                                        • System Location Discovery: System Language Discovery
                                                        PID:3300
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=bitsadmin.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                          4⤵
                                                            PID:3536
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=bitsadmin.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                            4⤵
                                                              PID:5856
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                        1⤵
                                                          PID:1972
                                                        • C:\Windows\system32\cmd.exe
                                                          C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                          1⤵
                                                            PID:2300
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                              2⤵
                                                                PID:5680

                                                            Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\0b4a12968bf32f01c3aacc96ab4888e8b04f4ff334f903968afe452fec9bb2e6.exe.log
                                                              Filesize

                                                              425B

                                                              MD5

                                                              4eaca4566b22b01cd3bc115b9b0b2196

                                                              SHA1

                                                              e743e0792c19f71740416e7b3c061d9f1336bf94

                                                              SHA256

                                                              34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

                                                              SHA512

                                                              bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                              Filesize

                                                              280B

                                                              MD5

                                                              998db8a9f40f71e2f3d9e19aac4db4a9

                                                              SHA1

                                                              dade0e68faef54a59d68ae8cb3b8314b6947b6d7

                                                              SHA256

                                                              1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

                                                              SHA512

                                                              0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b
                                                              Filesize

                                                              34KB

                                                              MD5

                                                              522037f008e03c9448ae0aaaf09e93cb

                                                              SHA1

                                                              8a32997eab79246beed5a37db0c92fbfb006bef2

                                                              SHA256

                                                              983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7

                                                              SHA512

                                                              643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c
                                                              Filesize

                                                              69KB

                                                              MD5

                                                              59380c6460417e4c098dcbee68df177e

                                                              SHA1

                                                              8613fa48ea4367feaf0d40aeeff5b2a2d1ac42f9

                                                              SHA256

                                                              4baa05cbda27653e61e023a4329d9a6acfc36e74e8aa78490a35d025b21ebebc

                                                              SHA512

                                                              d0cb2f25e614ef35b79da471c7c8a59d36c7856841e3a588f8533e331c53e388d2d06664259d8cc547fdb58aa2586b109dcd19d6150436188eb80208e7749af0

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d
                                                              Filesize

                                                              17KB

                                                              MD5

                                                              240c4cc15d9fd65405bb642ab81be615

                                                              SHA1

                                                              5a66783fe5dd932082f40811ae0769526874bfd3

                                                              SHA256

                                                              030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07

                                                              SHA512

                                                              267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e
                                                              Filesize

                                                              506KB

                                                              MD5

                                                              8e6ce867013f3eed05206d62d95388a5

                                                              SHA1

                                                              ef6befec1cee1a20995ec492b4c9e124703e3c57

                                                              SHA256

                                                              eb2b07d0a32fd6585a2149db158e026fac21c4e414c71bde70982bb9a3f18745

                                                              SHA512

                                                              676fa4c1dd80ec7ff20f26dd84ef46527026d0d9fb8034e74875931ce180098ab24e4e8d17e1fadb20d9a02fb9b58ec161241a374399c7ca455fb25b37073d80

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f
                                                              Filesize

                                                              89KB

                                                              MD5

                                                              0717397fe8eef151e33cb8be3efc692e

                                                              SHA1

                                                              5a459c5354cefae6dae7772af791e04e464b801f

                                                              SHA256

                                                              c90f8877736b234f6852f4679190a2577da02aaca5e06ef20a4155d4587b5b19

                                                              SHA512

                                                              3846c82f4cb07bfbe9b323c0459724575810a52ec22bb96249e9a7da2ccccd5cb0850271d49154520ce14cab8a87aaeee89f87a9613f6da49036b92f4d9e8933

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080
                                                              Filesize

                                                              272KB

                                                              MD5

                                                              5f524e20ce61f542125454baf867c47b

                                                              SHA1

                                                              7e9834fd30dcfd27532ce79165344a438c31d78b

                                                              SHA256

                                                              c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

                                                              SHA512

                                                              224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081
                                                              Filesize

                                                              21KB

                                                              MD5

                                                              d12ec1e5456fd41fb76f9b777f7402a2

                                                              SHA1

                                                              40a707fff8aadea25d67586a42464408d0ba37e2

                                                              SHA256

                                                              45c533f03c678d37a507a9acd850a31d9cb902ddb40786c1801eab8cc2d939b9

                                                              SHA512

                                                              89642c3e26c0c14c85e037794e15c617a8730337645c17c327da0b96855932938c0745e8be17f96f7d0558891a7bd22e04a97284f7fec5ed09da28c10ce27f0c

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082
                                                              Filesize

                                                              259KB

                                                              MD5

                                                              34504ed4414852e907ecc19528c2a9f0

                                                              SHA1

                                                              0694ca8841b146adcaf21c84dedc1b14e0a70646

                                                              SHA256

                                                              c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810

                                                              SHA512

                                                              173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083
                                                              Filesize

                                                              28KB

                                                              MD5

                                                              e35d41d29bcacc8474c96fec87ab3760

                                                              SHA1

                                                              04c4cd7c7b0efbe9a3831b1ed2db8fe0dc468818

                                                              SHA256

                                                              2f0454db4dd937f7fe4f0b0d1969f4057c631ec5e102cb3209f79b08dfad40a1

                                                              SHA512

                                                              12e19dba0a58f9e7a50f5bc55ebebf58fa9bddf8ea2f25e1c14ad15bc1ef65f4b087846ad8172d714dbc76995c9188abfad08bfaa650be08a5e8ca0de51ed619

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084
                                                              Filesize

                                                              31KB

                                                              MD5

                                                              10a3bf6e6cac566e16d57d26835df69b

                                                              SHA1

                                                              f12d0b459f4f1f5af1e227a074218bb6012eb0bc

                                                              SHA256

                                                              1e7e4d23dc95b01cfc94093235553b37e9ffef82ed1f89f555541883a98c7f03

                                                              SHA512

                                                              05e2769b63b6e48684edfeda80115c683de4647537abb4b76fa87799a914e2ae5825e6fb220ac8471db3d071d74c1ecbcdbef783abe2bb732530407a92b9c65c

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                                              Filesize

                                                              2B

                                                              MD5

                                                              99914b932bd37a50b983c5e7c90ae93b

                                                              SHA1

                                                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                              SHA256

                                                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                              SHA512

                                                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                                              Filesize

                                                              107KB

                                                              MD5

                                                              40e2018187b61af5be8caf035fb72882

                                                              SHA1

                                                              72a0b7bcb454b6b727bf90da35879b3e9a70621e

                                                              SHA256

                                                              b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

                                                              SHA512

                                                              a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                                              Filesize

                                                              2B

                                                              MD5

                                                              d751713988987e9331980363e24189ce

                                                              SHA1

                                                              97d170e1550eee4afc0af065b78cda302a97674c

                                                              SHA256

                                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                              SHA512

                                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                                              Filesize

                                                              40B

                                                              MD5

                                                              20d4b8fa017a12a108c87f540836e250

                                                              SHA1

                                                              1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                              SHA256

                                                              6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                              SHA512

                                                              507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              16KB

                                                              MD5

                                                              e45558a2a05b6e8c916dff4f671fba36

                                                              SHA1

                                                              dd77f9911551b77f6cc60f06f38205016906d07c

                                                              SHA256

                                                              b8e4e238a7de4616ccdda84c6a3551390b14d3079927c05589c27c855c370da7

                                                              SHA512

                                                              0cc16649e96ff6728221efdf278dc47b00eb4db53bded493ff976eb229df4f2f43f968b5a3951b003e982280ccd964463bb6ec839c3182144005e64407c3dcc6

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                              Filesize

                                                              36KB

                                                              MD5

                                                              d11523e32490d5018c9f5dd05af12763

                                                              SHA1

                                                              075bcf5dd3f0a342e7693c86473e03edeb681dbc

                                                              SHA256

                                                              74a7192c35152c1b0e6d0d81ac0c712a2a454967eece18c9314506726c5697e1

                                                              SHA512

                                                              bbfed46267619720ab3615cf5eb5eca5f80548be9c4f67bbd15c5e436a444c51231400dbe564ee251039b80dea14dc25f6509af02637eed104e17d7e6cad44e3

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                                              Filesize

                                                              22KB

                                                              MD5

                                                              c5147edaebc27f9f7ae1e561a95b7040

                                                              SHA1

                                                              60f4184876f902a742d20bebcfe7b7723c62741e

                                                              SHA256

                                                              0f8abfde79ff29133b5ca9132b6bc1de5b874e5249d3382d1527c3500617d62b

                                                              SHA512

                                                              ac37f1dbf79a5aa1512884d3ec1c7c4c146b375588d5b0cd7e98e8141517d93d8281f2e6b9172be9bacc9d605a3b004d72d5d7db485a2c75e37a74b2fe4d8e69

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                              Filesize

                                                              40KB

                                                              MD5

                                                              8b02d353c32e455f78b0a90a9a3847d1

                                                              SHA1

                                                              75d3bd90119b368c4dcb8b1fd97992bb303a0005

                                                              SHA256

                                                              bc1f5f425c142be5e9c3239a37fac932a375b370cdcd8f514a7a6ed8045c6c6e

                                                              SHA512

                                                              fcaeb59d228c5abeb26e3ab2eabd9cbcf22bdda1dca3f55bd32ad22644916320198117f4d5f41d982a2a04be8fece274c0f7280d806f9202a21e142bf58f348f

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                              Filesize

                                                              41KB

                                                              MD5

                                                              3e49130342e5243058156af1c361b429

                                                              SHA1

                                                              d46a0b8fb4febb0f392dc96974f3928a1c5d4ba5

                                                              SHA256

                                                              78a307d68ce8f0bd98f7019d9cfcb31a4d379a4e68a7ffa3aa04e9e247eec238

                                                              SHA512

                                                              bb7c0facb19cff05718457aa322f3466a7052171c436907e8fb491010b25bd0afe1c802ab6d20d9d7f47f10bedbab1fef0ddd2166940f9bcd6ad2d0eadd50478

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                              Filesize

                                                              50KB

                                                              MD5

                                                              744040eb72340ccf5f302b91da6dc9c9

                                                              SHA1

                                                              dd2e598cb076f1bf726f8273b1dd457d6114a4d0

                                                              SHA256

                                                              2903e64a9fe71e5e7649047024ef672c2d64266b5b1d6ed8c523c856f01649b4

                                                              SHA512

                                                              4fdbc1e9f5bc51f35c311f4caed3216e9c8b76b8d5e0e8dc1b0970496596cca0546a9cbd995b9de35720dfc0b314b94c9b2cd0317557f650d98652fc1b481f9e

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
                                                              Filesize

                                                              152KB

                                                              MD5

                                                              dd9bf8448d3ddcfd067967f01e8bf6d7

                                                              SHA1

                                                              d7829475b2bd6a3baa8fabfaf39af57c6439b35e

                                                              SHA256

                                                              fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

                                                              SHA512

                                                              65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              a31eeb2b7b2a78bc17f48bc6c1b55c6a

                                                              SHA1

                                                              6b2e886bf1b238d30b67e4069b2c8bf0bdc67e1a

                                                              SHA256

                                                              2c2d1ac733b768faa61177430ff6598f6d99a041e0053440e922885f422cf0da

                                                              SHA512

                                                              ed8645517a99103144bc1975d2b82cc711f7ab4798c207533e93bb1269c54208419e7fb5cfc053e80c822cb51a4f04294a5c730719e45da2d8e16edc02678786

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\0b4a12968bf32f01c3aacc96ab4888e8b04f4ff334f903968afe452fec9bb2e6.exe
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              c53d0c64f18101045e5728562404a09b

                                                              SHA1

                                                              ebec00d5f2675c883038bc149af1da8d7b0cf535

                                                              SHA256

                                                              0b4a12968bf32f01c3aacc96ab4888e8b04f4ff334f903968afe452fec9bb2e6

                                                              SHA512

                                                              bdd8080dd0b17514ede52419b755cf324e2a46b2cbb38f504d008e3bf791ef7c6a3cb78cb4f4f51f875e7677dd034750022b41074dc04b1922242fd8f339a2a7

                                                              Download Submit

                                                            • memory/3552-4-0x00000000745E0000-0x0000000074D90000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download

                                                            • memory/3552-2-0x00000000745E0000-0x0000000074D90000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download

                                                            • memory/3552-0-0x00000000745EE000-0x00000000745EF000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/3552-8-0x00000000745E0000-0x0000000074D90000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download

                                                            • memory/3552-1-0x0000000000270000-0x000000000043C000-memory.dmp

                                                              Filesize

                                                              1.8MB

                                                              Download

                                                            • memory/3552-3-0x00000000745EE000-0x00000000745EF000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/5028-6-0x0000000000400000-0x0000000000416000-memory.dmp

                                                              Filesize

                                                              88KB

                                                              Download

                                                            • memory/5188-100-0x00000000740F0000-0x00000000748A0000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download

                                                            • memory/5188-13-0x00000000740F0000-0x00000000748A0000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download

                                                            • memory/5188-14-0x00000000740F0000-0x00000000748A0000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download

                                                            • memory/5188-485-0x00000000740F0000-0x00000000748A0000-memory.dmp

                                                              Filesize

                                                              7.7MB

                                                              Download