Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows11-21h2-x64

10

Analysis

  • max time kernel
    444s
  • max time network
    445s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    31/03/2025, 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.io/d/eMzobv

Score
10/10
stormkittyxwormcollectioncredential_accessdiscoveryexecutionpersistenceprivilege_escalationratspywarestealertrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

217.195.153.81:50000

Mutex

5UXpujbt6vWtkdEG

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    svchost.exe

aes.plain

Signatures

  • Detect Xworm Payload 2 IoCs
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 2 IoCs
  • Stormkitty family
    stormkitty
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Uses browser remote debugging 2 TTPs 10 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE 14 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 6 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Windows directory 49 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 4 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 8 IoCs
  • NTFS ADS 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of FindShellTrayWindow 48 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/eMzobv
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:820
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2a8,0x7ffd6480f208,0x7ffd6480f214,0x7ffd6480f220
      2⤵
        PID:2780
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1932,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=1928 /prefetch:2
        2⤵
          PID:4396
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2180,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:11
          2⤵
            PID:4400
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2276,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=2956 /prefetch:13
            2⤵
              PID:2020
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3464,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
              2⤵
                PID:3904
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
                2⤵
                  PID:2248
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=2464,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=4064 /prefetch:1
                  2⤵
                    PID:4984
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4108,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:9
                    2⤵
                      PID:3420
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4124,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:1
                      2⤵
                        PID:1848
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4180,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=4008 /prefetch:9
                        2⤵
                          PID:1716
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3664,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:14
                          2⤵
                            PID:2224
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5384,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:14
                            2⤵
                              PID:4488
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5524,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:1
                              2⤵
                                PID:4080
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5312,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=4012 /prefetch:14
                                2⤵
                                  PID:2636
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3568,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:14
                                  2⤵
                                    PID:2004
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6036,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:14
                                    2⤵
                                      PID:4968
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                                        cookie_exporter.exe --cookie-json=1108
                                        3⤵
                                          PID:1796
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6128,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:14
                                        2⤵
                                          PID:3880
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6128,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:14
                                          2⤵
                                            PID:4828
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6248,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:14
                                            2⤵
                                              PID:4992
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:14
                                              2⤵
                                                PID:4428
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6404,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6416 /prefetch:14
                                                2⤵
                                                  PID:1272
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6556,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:14
                                                  2⤵
                                                    PID:4784
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6708,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:14
                                                    2⤵
                                                      PID:3640
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6872,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:14
                                                      2⤵
                                                        PID:4768
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7036,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6908 /prefetch:14
                                                        2⤵
                                                          PID:4896
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7040,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=7188 /prefetch:14
                                                          2⤵
                                                            PID:1088
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7324,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=7220 /prefetch:1
                                                            2⤵
                                                              PID:1328
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7064,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:14
                                                              2⤵
                                                                PID:4168
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7156,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:1
                                                                2⤵
                                                                  PID:936
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5636,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:14
                                                                  2⤵
                                                                  • NTFS ADS
                                                                  PID:4768
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3680,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:14
                                                                  2⤵
                                                                    PID:1604
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4468,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:14
                                                                    2⤵
                                                                      PID:384
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4308,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:14
                                                                      2⤵
                                                                        PID:5048
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7032,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:14
                                                                        2⤵
                                                                          PID:3840
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7116,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:14
                                                                          2⤵
                                                                            PID:5928
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7088,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=7104 /prefetch:14
                                                                            2⤵
                                                                              PID:384
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7368,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=7436 /prefetch:14
                                                                              2⤵
                                                                                PID:4076
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2844,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=7436 /prefetch:10
                                                                                2⤵
                                                                                  PID:3060
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5984,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:14
                                                                                  2⤵
                                                                                    PID:4432
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7172,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:14
                                                                                    2⤵
                                                                                      PID:2444
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7432,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=3424 /prefetch:14
                                                                                      2⤵
                                                                                        PID:5980
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3772,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=7352 /prefetch:14
                                                                                        2⤵
                                                                                          PID:216
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3000,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:14
                                                                                          2⤵
                                                                                            PID:232
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1028,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=7376 /prefetch:14
                                                                                            2⤵
                                                                                              PID:5432
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5340,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=3244 /prefetch:14
                                                                                              2⤵
                                                                                                PID:5732
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3344,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:14
                                                                                                2⤵
                                                                                                  PID:5916
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7404,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:14
                                                                                                  2⤵
                                                                                                    PID:1128
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=764,i,17390507428644550887,4900027285843023506,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:14
                                                                                                    2⤵
                                                                                                      PID:5224
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                                    1⤵
                                                                                                      PID:828
                                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                      1⤵
                                                                                                        PID:1112
                                                                                                      • C:\Users\Admin\Downloads\XWorm V5.6\XwormLoader.exe
                                                                                                        "C:\Users\Admin\Downloads\XWorm V5.6\XwormLoader.exe"
                                                                                                        1⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:2676
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Omnhybqtz.exe
                                                                                                          "C:\Users\Admin\AppData\Local\Temp\Omnhybqtz.exe"
                                                                                                          2⤵
                                                                                                          • Executes dropped EXE
                                                                                                          PID:4088
                                                                                                          • C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe
                                                                                                            "C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe"
                                                                                                            3⤵
                                                                                                            • Executes dropped EXE
                                                                                                            PID:4684
                                                                                                          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                                                                            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                                                                            3⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                            PID:2676
                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\svchost.exe'
                                                                                                              4⤵
                                                                                                              • Command and Scripting Interpreter: PowerShell
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                              PID:2840
                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
                                                                                                              4⤵
                                                                                                              • Command and Scripting Interpreter: PowerShell
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                              PID:1680
                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\svchost.exe'
                                                                                                              4⤵
                                                                                                              • Command and Scripting Interpreter: PowerShell
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                              PID:932
                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
                                                                                                              4⤵
                                                                                                              • Command and Scripting Interpreter: PowerShell
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                              PID:1428
                                                                                                            • C:\Windows\System32\schtasks.exe
                                                                                                              "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\ProgramData\svchost.exe"
                                                                                                              4⤵
                                                                                                              • Scheduled Task/Job: Scheduled Task
                                                                                                              PID:1840
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Tukexuutr.exe
                                                                                                          "C:\Users\Admin\AppData\Local\Temp\Tukexuutr.exe"
                                                                                                          2⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Accesses Microsoft Outlook profiles
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          • Checks processor information in registry
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                          PID:5004
                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                            "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                                            3⤵
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                            PID:2428
                                                                                                            • C:\Windows\SysWOW64\chcp.com
                                                                                                              chcp 65001
                                                                                                              4⤵
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              PID:4552
                                                                                                            • C:\Windows\SysWOW64\netsh.exe
                                                                                                              netsh wlan show profile
                                                                                                              4⤵
                                                                                                              • Event Triggered Execution: Netsh Helper DLL
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                              PID:2868
                                                                                                            • C:\Windows\SysWOW64\findstr.exe
                                                                                                              findstr All
                                                                                                              4⤵
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              PID:2556
                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                            "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
                                                                                                            3⤵
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:4068
                                                                                                            • C:\Windows\SysWOW64\chcp.com
                                                                                                              chcp 65001
                                                                                                              4⤵
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              PID:4012
                                                                                                            • C:\Windows\SysWOW64\netsh.exe
                                                                                                              netsh wlan show networks mode=bssid
                                                                                                              4⤵
                                                                                                              • Event Triggered Execution: Netsh Helper DLL
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              PID:652
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
                                                                                                            3⤵
                                                                                                            • Uses browser remote debugging
                                                                                                            • Drops file in Windows directory
                                                                                                            • Enumerates system info in registry
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                            PID:1944
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd501adcf8,0x7ffd501add04,0x7ffd501add10
                                                                                                              4⤵
                                                                                                                PID:1436
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1964,i,1932450741941952324,12984385431923471765,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2136 /prefetch:11
                                                                                                                4⤵
                                                                                                                  PID:2204
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1932,i,1932450741941952324,12984385431923471765,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1928 /prefetch:2
                                                                                                                  4⤵
                                                                                                                    PID:1284
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2424,i,1932450741941952324,12984385431923471765,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2604 /prefetch:13
                                                                                                                    4⤵
                                                                                                                      PID:1140
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3316,i,1932450741941952324,12984385431923471765,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3336 /prefetch:1
                                                                                                                      4⤵
                                                                                                                      • Uses browser remote debugging
                                                                                                                      PID:3408
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2952,i,1932450741941952324,12984385431923471765,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3356 /prefetch:1
                                                                                                                      4⤵
                                                                                                                      • Uses browser remote debugging
                                                                                                                      PID:2212
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4244,i,1932450741941952324,12984385431923471765,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4264 /prefetch:9
                                                                                                                      4⤵
                                                                                                                      • Uses browser remote debugging
                                                                                                                      PID:5188
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4728,i,1932450741941952324,12984385431923471765,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4756 /prefetch:1
                                                                                                                      4⤵
                                                                                                                      • Uses browser remote debugging
                                                                                                                      PID:5364
                                                                                                              • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                                                                                                                1⤵
                                                                                                                  PID:4964
                                                                                                                • C:\Users\Admin\Downloads\XWorm V5.6\XwormLoader.exe
                                                                                                                  "C:\Users\Admin\Downloads\XWorm V5.6\XwormLoader.exe"
                                                                                                                  1⤵
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:6052
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Omnhybqtz.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\Omnhybqtz.exe"
                                                                                                                    2⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    PID:2060
                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe
                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe"
                                                                                                                      3⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      PID:3768
                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                                                                                      3⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                      PID:5780
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Tukexuutr.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\Tukexuutr.exe"
                                                                                                                    2⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Accesses Microsoft Outlook profiles
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • Checks processor information in registry
                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                    • outlook_office_path
                                                                                                                    • outlook_win_path
                                                                                                                    PID:5332
                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                      "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                                                      3⤵
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                                      PID:4180
                                                                                                                      • C:\Windows\SysWOW64\chcp.com
                                                                                                                        chcp 65001
                                                                                                                        4⤵
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        PID:5420
                                                                                                                      • C:\Windows\SysWOW64\netsh.exe
                                                                                                                        netsh wlan show profile
                                                                                                                        4⤵
                                                                                                                        • Event Triggered Execution: Netsh Helper DLL
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                                        PID:4300
                                                                                                                      • C:\Windows\SysWOW64\findstr.exe
                                                                                                                        findstr All
                                                                                                                        4⤵
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        PID:2416
                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                      "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
                                                                                                                      3⤵
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      PID:5244
                                                                                                                      • C:\Windows\SysWOW64\chcp.com
                                                                                                                        chcp 65001
                                                                                                                        4⤵
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        PID:696
                                                                                                                      • C:\Windows\SysWOW64\netsh.exe
                                                                                                                        netsh wlan show networks mode=bssid
                                                                                                                        4⤵
                                                                                                                        • Event Triggered Execution: Netsh Helper DLL
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        PID:4972
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
                                                                                                                      3⤵
                                                                                                                      • Uses browser remote debugging
                                                                                                                      • Drops file in Windows directory
                                                                                                                      • Enumerates system info in registry
                                                                                                                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                                                      PID:1548
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd501adcf8,0x7ffd501add04,0x7ffd501add10
                                                                                                                        4⤵
                                                                                                                          PID:4816
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1896,i,8114115459913684264,10348254105105304235,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2124 /prefetch:11
                                                                                                                          4⤵
                                                                                                                            PID:5604
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2096,i,8114115459913684264,10348254105105304235,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2092 /prefetch:2
                                                                                                                            4⤵
                                                                                                                              PID:1084
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2336,i,8114115459913684264,10348254105105304235,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2456 /prefetch:13
                                                                                                                              4⤵
                                                                                                                                PID:5480
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,8114115459913684264,10348254105105304235,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3140 /prefetch:1
                                                                                                                                4⤵
                                                                                                                                • Uses browser remote debugging
                                                                                                                                PID:4660
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,8114115459913684264,10348254105105304235,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3160 /prefetch:1
                                                                                                                                4⤵
                                                                                                                                • Uses browser remote debugging
                                                                                                                                PID:4032
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4252,i,8114115459913684264,10348254105105304235,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4304 /prefetch:9
                                                                                                                                4⤵
                                                                                                                                • Uses browser remote debugging
                                                                                                                                PID:5632
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4788,i,8114115459913684264,10348254105105304235,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4780 /prefetch:1
                                                                                                                                4⤵
                                                                                                                                • Uses browser remote debugging
                                                                                                                                PID:5356
                                                                                                                        • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                                                                                                                          1⤵
                                                                                                                            PID:5680
                                                                                                                          • C:\ProgramData\svchost.exe
                                                                                                                            C:\ProgramData\svchost.exe
                                                                                                                            1⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                            PID:5820
                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                            C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                                                                                            1⤵
                                                                                                                              PID:6068
                                                                                                                            • C:\Windows\system32\BackgroundTransferHost.exe
                                                                                                                              "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                                                                                                              1⤵
                                                                                                                              • Modifies registry class
                                                                                                                              PID:1348
                                                                                                                            • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                                                                              "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                                                                              1⤵
                                                                                                                              • Modifies registry class
                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                              PID:5032
                                                                                                                            • C:\ProgramData\svchost.exe
                                                                                                                              C:\ProgramData\svchost.exe
                                                                                                                              1⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                              PID:5708
                                                                                                                            • C:\ProgramData\svchost.exe
                                                                                                                              C:\ProgramData\svchost.exe
                                                                                                                              1⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                              PID:5224
                                                                                                                            • C:\ProgramData\svchost.exe
                                                                                                                              C:\ProgramData\svchost.exe
                                                                                                                              1⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                              PID:5856
                                                                                                                            • C:\ProgramData\svchost.exe
                                                                                                                              C:\ProgramData\svchost.exe
                                                                                                                              1⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                              PID:4676
                                                                                                                            • C:\ProgramData\svchost.exe
                                                                                                                              C:\ProgramData\svchost.exe
                                                                                                                              1⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                              PID:4304

                                                                                                                            Network

                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                            Reconnaissance

                                                                                                                            Resource Development

                                                                                                                            Initial Access

                                                                                                                            Execution

                                                                                                                            Command and Scripting Interpreter

                                                                                                                            1
                                                                                                                            T1059

                                                                                                                            PowerShell

                                                                                                                            1
                                                                                                                            T1059.001

                                                                                                                            Scheduled Task/Job

                                                                                                                            1
                                                                                                                            T1053

                                                                                                                            Scheduled Task

                                                                                                                            1
                                                                                                                            T1053.005

                                                                                                                            Persistence

                                                                                                                            Event Triggered Execution

                                                                                                                            1
                                                                                                                            T1546

                                                                                                                            Netsh Helper DLL

                                                                                                                            1
                                                                                                                            T1546.007

                                                                                                                            Modify Authentication Process

                                                                                                                            1
                                                                                                                            T1556

                                                                                                                            Scheduled Task/Job

                                                                                                                            1
                                                                                                                            T1053

                                                                                                                            Scheduled Task

                                                                                                                            1
                                                                                                                            T1053.005

                                                                                                                            Privilege Escalation

                                                                                                                            Event Triggered Execution

                                                                                                                            1
                                                                                                                            T1546

                                                                                                                            Netsh Helper DLL

                                                                                                                            1
                                                                                                                            T1546.007

                                                                                                                            Scheduled Task/Job

                                                                                                                            1
                                                                                                                            T1053

                                                                                                                            Scheduled Task

                                                                                                                            1
                                                                                                                            T1053.005

                                                                                                                            Defense Evasion

                                                                                                                            Modify Authentication Process

                                                                                                                            1
                                                                                                                            T1556

                                                                                                                            Credential Access

                                                                                                                            Credentials from Password Stores

                                                                                                                            1
                                                                                                                            T1555

                                                                                                                            Credentials from Web Browsers

                                                                                                                            1
                                                                                                                            T1555.003

                                                                                                                            Modify Authentication Process

                                                                                                                            1
                                                                                                                            T1556

                                                                                                                            Steal Web Session Cookie

                                                                                                                            1
                                                                                                                            T1539

                                                                                                                            Unsecured Credentials

                                                                                                                            2
                                                                                                                            T1552

                                                                                                                            Credentials In Files

                                                                                                                            2
                                                                                                                            T1552.001

                                                                                                                            Discovery

                                                                                                                            Browser Information Discovery

                                                                                                                            1
                                                                                                                            T1217

                                                                                                                            Query Registry

                                                                                                                            3
                                                                                                                            T1012

                                                                                                                            System Information Discovery

                                                                                                                            3
                                                                                                                            T1082

                                                                                                                            System Location Discovery

                                                                                                                            1
                                                                                                                            T1614

                                                                                                                            System Language Discovery

                                                                                                                            1
                                                                                                                            T1614.001

                                                                                                                            System Network Configuration Discovery

                                                                                                                            1
                                                                                                                            T1016

                                                                                                                            Wi-Fi Discovery

                                                                                                                            1
                                                                                                                            T1016.002

                                                                                                                            Lateral Movement

                                                                                                                            Collection

                                                                                                                            Data from Local System

                                                                                                                            2
                                                                                                                            T1005

                                                                                                                            Email Collection

                                                                                                                            1
                                                                                                                            T1114

                                                                                                                            Command and Control

                                                                                                                            Web Service

                                                                                                                            1
                                                                                                                            T1102

                                                                                                                            Exfiltration

                                                                                                                            Impact

                                                                                                                            Replay Monitor

                                                                                                                            Loading Replay Monitor...

                                                                                                                            Downloads

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                              Filesize

                                                                                                                              40B

                                                                                                                              MD5

                                                                                                                              8210f4fc7a882c5a543bc4d0fefe68fa

                                                                                                                              SHA1

                                                                                                                              e87f97b79fff1950538ac0a6f94bda02150ac6fd

                                                                                                                              SHA256

                                                                                                                              75a57674df6655b8ed454ed40da67f3ccbc9b406359b52c85a6bf195fdeea28b

                                                                                                                              SHA512

                                                                                                                              feffbfd0fa6db901b9904354960c4797e0b148876599f781f2d98829cc25976030b09947c99cf152f8cf88cd63abb79a745dfc3ff48fa8d17cc306f641a9b885

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                              Filesize

                                                                                                                              79KB

                                                                                                                              MD5

                                                                                                                              dbb0d00f8b1b5cd4df4b2e8fd796d194

                                                                                                                              SHA1

                                                                                                                              11de356d329aec140087c5bb27215f3c9f9184be

                                                                                                                              SHA256

                                                                                                                              7920ac82310e11f97fc5ca35ba1e26fc4e69f89979a3846abeb279890948f93f

                                                                                                                              SHA512

                                                                                                                              3cbca5fa18b1b4bb0934144e50e195eb144460982300a954dedb678ffaab8a1dc53b70f3adade74b2fa9f1ac357e545f53239d1733bed038825668d491ba7ef5

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Omnhybqtz.exe.log
                                                                                                                              Filesize

                                                                                                                              224B

                                                                                                                              MD5

                                                                                                                              840261c3b181c9aa0c8756db2ef628b8

                                                                                                                              SHA1

                                                                                                                              c7340c54b91ce22da6735a9d686d182f6b1f4941

                                                                                                                              SHA256

                                                                                                                              6a862892ff5eaca5c3e3ad3073b115d15f5427e9f808c787542bdd870231eedd

                                                                                                                              SHA512

                                                                                                                              b8c328d4ec73753e6c7d2451f173860089779b59ccf8c150a4da6317a61453ae5e7e8418f8c27f33a907db6326cc7c097f7423fae75b149317a8eaf8048d09ce

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              627073ee3ca9676911bee35548eff2b8

                                                                                                                              SHA1

                                                                                                                              4c4b68c65e2cab9864b51167d710aa29ebdcff2e

                                                                                                                              SHA256

                                                                                                                              85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

                                                                                                                              SHA512

                                                                                                                              3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\XwormLoader.exe.log
                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              ac45cc773216001c355992d869450b47

                                                                                                                              SHA1

                                                                                                                              1f19c3839b521e1bf1ec7928f32f45234f38ea40

                                                                                                                              SHA256

                                                                                                                              c9c03abe98c496376975747c9b617f5f6e1b50aec09aa8be31aa24e81254901f

                                                                                                                              SHA512

                                                                                                                              3d73620a59089bc05d60ae07f0811ddacd1661599eca096cd9927813f86dc9cebac1de221691373601c743250694de43e408a9e607e813fb28260b1509f84574

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json
                                                                                                                              Filesize

                                                                                                                              3KB

                                                                                                                              MD5

                                                                                                                              f9fd82b572ef4ce41a3d1075acc52d22

                                                                                                                              SHA1

                                                                                                                              fdded5eef95391be440cc15f84ded0480c0141e3

                                                                                                                              SHA256

                                                                                                                              5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

                                                                                                                              SHA512

                                                                                                                              17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json
                                                                                                                              Filesize

                                                                                                                              175B

                                                                                                                              MD5

                                                                                                                              8060c129d08468ed3f3f3d09f13540ce

                                                                                                                              SHA1

                                                                                                                              f979419a76d5abfc89007d91f35412420aeae611

                                                                                                                              SHA256

                                                                                                                              b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

                                                                                                                              SHA512

                                                                                                                              99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json
                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              MD5

                                                                                                                              afb6f8315b244d03b262d28e1c5f6fae

                                                                                                                              SHA1

                                                                                                                              a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

                                                                                                                              SHA256

                                                                                                                              a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

                                                                                                                              SHA512

                                                                                                                              d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json
                                                                                                                              Filesize

                                                                                                                              509KB

                                                                                                                              MD5

                                                                                                                              630f694f05bdfb788a9731d59b7a5bfe

                                                                                                                              SHA1

                                                                                                                              689c0e95aaefcbaca002f4e60c51c3610d100b67

                                                                                                                              SHA256

                                                                                                                              ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

                                                                                                                              SHA512

                                                                                                                              6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma
                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              MD5

                                                                                                                              f05b0294ae4949feed0706bc80fa6418

                                                                                                                              SHA1

                                                                                                                              346bb7d2d99251c193652ad4ae7ef2964565b98d

                                                                                                                              SHA256

                                                                                                                              1c02e2feba3b2af3c045d1ed01f8a67e0923f7e357b32c434e567eef6aac4138

                                                                                                                              SHA512

                                                                                                                              348366e162f3a037e74d0e9ff422ba7ca3e14c2b170f50bab2a4b88b29a572028e56965c332bc63cbe89de1a3467c215893ecf3cac514d786ec7ea30c08bcc05

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                              Filesize

                                                                                                                              280B

                                                                                                                              MD5

                                                                                                                              ecf610ffadb6b05b729f1fb747c925ce

                                                                                                                              SHA1

                                                                                                                              552e136d3b35f6554388dbf3de27cc3f13aac1aa

                                                                                                                              SHA256

                                                                                                                              e60d57b0c686fee38e691bd9736e26c41a31f3f058f68c1176c0a71f8108abdd

                                                                                                                              SHA512

                                                                                                                              ac191b7ef1e260e052031443b9e97b79824c03ae79dc76639317c4f3c70c33ab7b3239cfcf38ae5ed803adf4bb011bb9a9973cb9ba1787b91de2c171cba803b5

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                              Filesize

                                                                                                                              280B

                                                                                                                              MD5

                                                                                                                              d078e361e0ed3a9230b38d7f87140520

                                                                                                                              SHA1

                                                                                                                              235c905284ee451b6d19054ce804e8e02a4dceaa

                                                                                                                              SHA256

                                                                                                                              c568a7aab912809de985c73e6f662c91cf29ef7e6d91ef6a2ff03989f0894338

                                                                                                                              SHA512

                                                                                                                              79eac09b34e1b2274901e9114c16212b608d4ba2c8875e000b77b6cab80578e25ad5c8020ff0f32c4b57884c7bc41cc494b936b4154f5d922ebba3e6457ac9e7

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000004.log
                                                                                                                              Filesize

                                                                                                                              1.1MB

                                                                                                                              MD5

                                                                                                                              859932193ddc2ce4a68ca119f02d695b

                                                                                                                              SHA1

                                                                                                                              3a6f7f9141904f100c838e6eb7f10ce94febf5f1

                                                                                                                              SHA256

                                                                                                                              81118c065c09dc6898548aff55b63eb522ca6abaf6fff16c381d81584fe9d390

                                                                                                                              SHA512

                                                                                                                              8c4994cd065a98c4f40ef939cf4d805f073bca3ce53689e34ff0d9b29b513fce1bdd9b8af4e64fdef34c308f6eb8aa1b87caca057ae582316072b56869b21002

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
                                                                                                                              Filesize

                                                                                                                              495B

                                                                                                                              MD5

                                                                                                                              c5d703aad60690aef25e90b87254ea9d

                                                                                                                              SHA1

                                                                                                                              4ea606dfe997e4a384aad3c78f1a7e5953e0a78f

                                                                                                                              SHA256

                                                                                                                              fac4cbebb1a6cf53eb24df2cf861994c11baed5bc48fcb70cacba2e56f539f27

                                                                                                                              SHA512

                                                                                                                              66b4772a00113a16118145b0c27453d3f57cfc846c780b1ba2d7b6bb2400e98a8d28164b3fd093e09600439f42726a1fe844bc696de75e6628c1ca0a1da65a6f

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
                                                                                                                              Filesize

                                                                                                                              334B

                                                                                                                              MD5

                                                                                                                              63ca0895f097064feb4630602b4b5983

                                                                                                                              SHA1

                                                                                                                              f69eed1b53c687885cf8d0ef408af6aab536bae6

                                                                                                                              SHA256

                                                                                                                              edf9c2402f289a7a5b57bd5a287059ff32e0512524fa0d45c662d4f9f61b194b

                                                                                                                              SHA512

                                                                                                                              b2c6304dd2e5e528cd26e09cd5fc86e9b4417d1f1bae5a76263a9c12fa108adab0564200b5656fe931b050fe8ed052ce90100585b06557d5c0137d43047e0eba

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001
                                                                                                                              Filesize

                                                                                                                              158B

                                                                                                                              MD5

                                                                                                                              383d3a07df9970c3521d4a9d8ba80bbd

                                                                                                                              SHA1

                                                                                                                              d9c85ad180611987de2b4adae2bbfe345db64274

                                                                                                                              SHA256

                                                                                                                              3d0d24985eaee533223cc6e18ebfbef060900aa212131e301545ca5d074bb665

                                                                                                                              SHA512

                                                                                                                              fb23becad166b6d0f3bc6346122e968878ac76c5732afa5f6434092da07c8d41bc1bd0a3cf56ee38323b4e952a9b297ed8f7bd05f2c9c942f323afc7361d3602

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                              Filesize

                                                                                                                              3KB

                                                                                                                              MD5

                                                                                                                              90c510d97930cdd15bdc51e07f7204bd

                                                                                                                              SHA1

                                                                                                                              b9723ea9ff802c2034946673b1d30492fa2f4418

                                                                                                                              SHA256

                                                                                                                              5e13985707f3e6054bd9c7344ad6589160efdadec8325b862e0cf7ea696d45ff

                                                                                                                              SHA512

                                                                                                                              85f27d8ad12676c75220c428cd8d5b54c242542afd92e10e2d70c8e90c90288fb8d2130929e2e05eaad51fe3dcd1e85c7a710cc940c3a40749fc143ad4dbfc92

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57dd7f.TMP
                                                                                                                              Filesize

                                                                                                                              3KB

                                                                                                                              MD5

                                                                                                                              ed73ac9c2ba4e1cadbcc89e7cefa9e5c

                                                                                                                              SHA1

                                                                                                                              d04fcd00d79304fca4625482ad660df374f4676a

                                                                                                                              SHA256

                                                                                                                              4056df95523fcd4ca69e9463a9943d710875e6bf55ad8b8a5052932a2833034d

                                                                                                                              SHA512

                                                                                                                              0f13c273b1425d62a6997d6ef87225fbd1d3572d6c4dae4a49c49e69d14b5b90e3459075614867741b34df4cb0dd60eccde913a701e0cca706bf82b982290921

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Collections\collectionsSQLite
                                                                                                                              Filesize

                                                                                                                              72KB

                                                                                                                              MD5

                                                                                                                              74cfcc4af9ad61660633d4a084ef3790

                                                                                                                              SHA1

                                                                                                                              eb79abf5f0ed7cb1812b4016352ad684a66ecd8b

                                                                                                                              SHA256

                                                                                                                              6ee259054b0d13a907fa2312afcd940b9cf745e351aa583d1080be56b2138b0f

                                                                                                                              SHA512

                                                                                                                              95ff156fde6546b5d7ba5710372728c22fd95a40b2949599092d55b2f844eda271ab6de115047c9a5e30b141f17c41ec883a9aee7aa4b25df0e9b215691b6fad

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              MD5

                                                                                                                              b9263bbf24428aaca95d04d04f3aeb6f

                                                                                                                              SHA1

                                                                                                                              5346015345f6df766df4bc9b42da076f6fdd440f

                                                                                                                              SHA256

                                                                                                                              1fe8f6113488865c546d2faa55b21482662ce4be19d4f505eeefa09bc3131489

                                                                                                                              SHA512

                                                                                                                              5bc2978bc96e1347500db552e2a2dfd9e5df25c8e16d3ab57e5519de43cb9c08f5aeefd1a6f6947d7fa253505918763b932f622636fc2a7a429fa72a5b49c7cc

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DIPS-wal
                                                                                                                              Filesize

                                                                                                                              60KB

                                                                                                                              MD5

                                                                                                                              66f940c6c4c73327f2d53243117905df

                                                                                                                              SHA1

                                                                                                                              69e0ccbc141c240fb10119d9e7c76fbeba93eb84

                                                                                                                              SHA256

                                                                                                                              72275bf1810cb0a5f4afd5a1aa51c643d58c3aa599b087b7000b327fb49fe95c

                                                                                                                              SHA512

                                                                                                                              73a1b23954c80dac43d228960e8882df40b57923929502de85a2a036a1fe4964aa9f387b08567b398738bedf9b8e49f3e02f11ccf34651e95d09cb1d70c6e037

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                                                                                              Filesize

                                                                                                                              69KB

                                                                                                                              MD5

                                                                                                                              164a788f50529fc93a6077e50675c617

                                                                                                                              SHA1

                                                                                                                              c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

                                                                                                                              SHA256

                                                                                                                              b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

                                                                                                                              SHA512

                                                                                                                              ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
                                                                                                                              Filesize

                                                                                                                              346B

                                                                                                                              MD5

                                                                                                                              2a8c13d789cd828977dc0f7ded0274f1

                                                                                                                              SHA1

                                                                                                                              86ae004b5735fe9faa9d03219499a858a60cb744

                                                                                                                              SHA256

                                                                                                                              35c11b9dc3bf8f4094181035896cc136e842bdf49b20b30aa31be2182169ddad

                                                                                                                              SHA512

                                                                                                                              90b91c32a859de22e82b0812eb974243dc43cc1069d8a1259a14b91c376ab67723b684291f3bc1f30845d31fdc7a1e2003c48f4abc156175fff0770ef1699a7b

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
                                                                                                                              Filesize

                                                                                                                              32KB

                                                                                                                              MD5

                                                                                                                              b8c4008ca1ad2b7c711858e82f2ef240

                                                                                                                              SHA1

                                                                                                                              39a50477da69347eecd6b8be1f6768ff04e2f6e4

                                                                                                                              SHA256

                                                                                                                              09c6f8d150e72504291fbe4261beb241e773b6e021b712e466365011998b2272

                                                                                                                              SHA512

                                                                                                                              53f50ed9da656d1c74ae0c9807af9482586ceb0ea4d16b1de81836419dc362e4fc26d8a3defa5bf09a63a2f7a61e39a46f42bfac8ab3953e6b3235b60b654f47

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
                                                                                                                              Filesize

                                                                                                                              209B

                                                                                                                              MD5

                                                                                                                              478d49d9ccb25ac14589f834ea70fb9e

                                                                                                                              SHA1

                                                                                                                              5d30e87d66e279f8815affe4c691aaf1d577a21e

                                                                                                                              SHA256

                                                                                                                              bb6cc6df54cf476d95409032c79e065f4e10d512e73f7e16018e550456f753d5

                                                                                                                              SHA512

                                                                                                                              fb5431054a23d3c532568b1f150873d9130dbc4a88be19bc2a4907d0dc2888c5b55993154ead4a6c466e2173092b8705684a6802b850f051639e1f2457387471

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
                                                                                                                              Filesize

                                                                                                                              319B

                                                                                                                              MD5

                                                                                                                              3239b70985a54296822ea18be0c2f1e7

                                                                                                                              SHA1

                                                                                                                              d4e37dd49f1238793001f5ceeca4eae8e777aee3

                                                                                                                              SHA256

                                                                                                                              ef4ec7ca8079507ca64c1e362c7d69c46492a9bd0fe4cc3a68001272e6ef2c4e

                                                                                                                              SHA512

                                                                                                                              138a35d8704732ae82d19993fbc5f403fa531ef131ab1c85e89440c0804a665478c54170e7bd9a7f68edb02935fa024d91bf1eac08b54369593ffdfd480a085c

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
                                                                                                                              Filesize

                                                                                                                              323B

                                                                                                                              MD5

                                                                                                                              4ddbb563d27d10d0052cdb3d0da84028

                                                                                                                              SHA1

                                                                                                                              a5b5c2aef36c9cc7a6306e383876daec34f0c1cd

                                                                                                                              SHA256

                                                                                                                              2c73beb8d7664e37330bb0b27dc2bb3328ae3afde6d3a8985134d5b0e42ccdee

                                                                                                                              SHA512

                                                                                                                              8ef1669b78bca3279e0faaa9d839f914556bfeceaf7e8ed17a93723b1e86160607a4eb0b4b12e4fcafe731e46329ea1f5239d069d4e0faec5db806cbdf1b8c57

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
                                                                                                                              Filesize

                                                                                                                              627B

                                                                                                                              MD5

                                                                                                                              9d7435ea49a80fdd66e4915f513017f9

                                                                                                                              SHA1

                                                                                                                              469f6c6e4b19b85cc1be497812b2f20864f4ff2c

                                                                                                                              SHA256

                                                                                                                              409d4c47e940688527d730b996e8991e010988c7671565467ed69d640d0947f3

                                                                                                                              SHA512

                                                                                                                              0561cd632d4219aef4686de40ec092921384ca89755d354801e0eaec8645a8630a180807af518ac8fcf01f71eb3d10faa9ce1e62c7a7226a274975bdcb7eeb4c

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
                                                                                                                              Filesize

                                                                                                                              322B

                                                                                                                              MD5

                                                                                                                              de60474c7431d6c515a106c99c6a356f

                                                                                                                              SHA1

                                                                                                                              4057c5900a116b4b20803847bc044841c7c9beb8

                                                                                                                              SHA256

                                                                                                                              c68eb3d05e05b5c76ddef95c42c40bd4fff02608bb36224a837189acf744da81

                                                                                                                              SHA512

                                                                                                                              5a9c3ec0e9157d3be66c8294b7c49a95e8b17fd9c464f7801534f3d4c65d92604fa9fdc33a3b60bb57bbfb1ed7d2bf1d63f5e92c99e56f570dae86e25285c93c

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
                                                                                                                              Filesize

                                                                                                                              9KB

                                                                                                                              MD5

                                                                                                                              3d20584f7f6c8eac79e17cca4207fb79

                                                                                                                              SHA1

                                                                                                                              3c16dcc27ae52431c8cdd92fbaab0341524d3092

                                                                                                                              SHA256

                                                                                                                              0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

                                                                                                                              SHA512

                                                                                                                              315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
                                                                                                                              Filesize

                                                                                                                              20KB

                                                                                                                              MD5

                                                                                                                              b8705fd2eb0af27e368b5fd80d77af9a

                                                                                                                              SHA1

                                                                                                                              d0524f6cf3058e97be6112cba3e2e2178ee08ada

                                                                                                                              SHA256

                                                                                                                              fb4413c6d03437cbd69e3026d413ff65cd7ee2a273fd62a9aa7ce9ab53f3b7f9

                                                                                                                              SHA512

                                                                                                                              ea6dc2f117215df3d3a27229d66e546c4537e521df111e2c12081be7326c571bac497427f01cc4741bb8823b4113aaae6d9287797468466600946a235846ca65

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
                                                                                                                              Filesize

                                                                                                                              44KB

                                                                                                                              MD5

                                                                                                                              08bccb3b716d518ea43b52cf5e518e0e

                                                                                                                              SHA1

                                                                                                                              c8e3617c48ecbcb696b5fc75c28686b0b1318c70

                                                                                                                              SHA256

                                                                                                                              0992792c8bd5c61a064c238bf1c075fa4baff8a4bf8f45b64060df9bfbd2ba97

                                                                                                                              SHA512

                                                                                                                              8153e3a4018012924fac29434ff205d7f38fdb79a8c1046db1d6f6d5ceb8cb0330f2ae76b4ef21a144fe3d21ec3afaaf7e92ab63338a4f64836c86ceab614828

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                                                                                                                              Filesize

                                                                                                                              264KB

                                                                                                                              MD5

                                                                                                                              6df416bdd4da29ef845d2294316710dd

                                                                                                                              SHA1

                                                                                                                              31298a53b5ae4bf315cf01379141f720c65df31a

                                                                                                                              SHA256

                                                                                                                              ca7d4a936b0031ed7d42dd506a6aeeb4edb8a1c709c751fbd1a06db6dec54e13

                                                                                                                              SHA512

                                                                                                                              ff00fc28be6c65d2d928d8265b3ed51ff22ddee5b9b47553f356089fd59aae94ea2df664684c89f3a72e8cf96cffcdd015023e7d36d6366afac27c469309c28b

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
                                                                                                                              Filesize

                                                                                                                              1.0MB

                                                                                                                              MD5

                                                                                                                              74d4cbe6142fb11d53b6abf65f9a24f1

                                                                                                                              SHA1

                                                                                                                              c5a8d53164b1a8d3dd40b516a66c7abff732f448

                                                                                                                              SHA256

                                                                                                                              70408aa6f904b411f5620fb75d180dc4041ae7004fe03fa0de5a5815f37659ff

                                                                                                                              SHA512

                                                                                                                              4e8e06d007d9941be204c6cdba1bbda25f7d89fffe5295483718538221c726dc092774cbc198c3c701ba105bb8c729be23026773645de0103586419c75e0ba1a

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
                                                                                                                              Filesize

                                                                                                                              192KB

                                                                                                                              MD5

                                                                                                                              c686c375b6d84855a99b4c97c810147c

                                                                                                                              SHA1

                                                                                                                              d434ad9462a342ab8ea6218bf1dcf59fb6c2f84a

                                                                                                                              SHA256

                                                                                                                              d50850214065431674762701bb79e2802f9dafa096467eda60ad4b70b9670c76

                                                                                                                              SHA512

                                                                                                                              8d55521f44f4a3a15440be057810fccf002246499abc5cf2cccd2f9d31bada9dc14e8d8bae0b1e7dd7ef8d248cd2dc673bec488ee617197709ecdcb808089ff0

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                                                                                                              Filesize

                                                                                                                              107KB

                                                                                                                              MD5

                                                                                                                              40e2018187b61af5be8caf035fb72882

                                                                                                                              SHA1

                                                                                                                              72a0b7bcb454b6b727bf90da35879b3e9a70621e

                                                                                                                              SHA256

                                                                                                                              b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

                                                                                                                              SHA512

                                                                                                                              a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
                                                                                                                              Filesize

                                                                                                                              52KB

                                                                                                                              MD5

                                                                                                                              414d2be764f0ef6dda6a4d6485d06999

                                                                                                                              SHA1

                                                                                                                              b680a168a9c18abf2ead15f01c68242d125ad452

                                                                                                                              SHA256

                                                                                                                              2f80b3d97ed21bb40f2fb613ed996eb9735ce6993034397ccfecf1f37a1abe98

                                                                                                                              SHA512

                                                                                                                              c96459835a11700e1551e085a24f1bdb597abb7210ba93138b20ca6991aa0547146c08744677d35699a853d0e6c6f194a96ed33fd7cdd15ac05e59402beb1806

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                                                                                                                              Filesize

                                                                                                                              20KB

                                                                                                                              MD5

                                                                                                                              4124fc97a946929a4cc5b2f7567b59c6

                                                                                                                              SHA1

                                                                                                                              c6076334cffe4e66be545e92d6451c28ffefeed8

                                                                                                                              SHA256

                                                                                                                              014368e1bc2c15bbb12e6884a272a28d057e1441bf72be6410b37ed07072f772

                                                                                                                              SHA512

                                                                                                                              bd6fd4113be9a16d22bf0ce901d1a78c35e7eed199bb2adfe0ee7be03dc136a2eed797ab2026afde5155e1e9b227dbe8190233550e4bba431ea934d8ac3cbac0

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              3501e89391fe192ed3d1a65c752a35b5

                                                                                                                              SHA1

                                                                                                                              c5623734a04f651226e80236db305159ba163b57

                                                                                                                              SHA256

                                                                                                                              f0e55ad7cb31a496a91b8ac0e66fe3c5d462396a8f0c111e156aca99d2cd063f

                                                                                                                              SHA512

                                                                                                                              1f064170cf410b299b5875ceb4deab352b41eef03a633c650e37c38296636affbe8e8973275e6300972fafd91cc91f41e450d9cbdbf4233f26e5ab6824838a88

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              495a04371a2cdd1bacd7d49a6e7a911b

                                                                                                                              SHA1

                                                                                                                              e7bfe435ca7a43133e8b77423b5a0b41aafec4f6

                                                                                                                              SHA256

                                                                                                                              3405dbc34e3b86c1afead16e73d46a664cf1b3f190f2042273dc6351e9c32aaf

                                                                                                                              SHA512

                                                                                                                              d53991bbef864f9b55299a8823398957b3e88cecd77752a66eb3d2354a1f6c22a89a0ae2d3a241417babc82fd0f3889c5b3b831bd3d4c2161015b64768a478d8

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              fbb9febd7d4440b9986e37a08d987e7c

                                                                                                                              SHA1

                                                                                                                              18049387179413df7b5519019404fc950440a342

                                                                                                                              SHA256

                                                                                                                              11976161bb39a92da50e11f1d99389df9097ef30a8ed6291715751348e512d8a

                                                                                                                              SHA512

                                                                                                                              838c9d8348ecf71460ec20c6338c7b61f04d1db0ad81dde6277d14dcc1f61bdcd68c21b7396a5f2814b80e4faae2a03b1f14c48f0e6663a3c5748e830c6281c8

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              4e70db94ec5a5243de09044d2382cf58

                                                                                                                              SHA1

                                                                                                                              3ce6fa3c82195449cbddf7d55dbbbbb6a5048d1d

                                                                                                                              SHA256

                                                                                                                              f640fd2ad9240bb16931ffb0fd4615ef53ef4d54ddece718a772aeda1b69bbd1

                                                                                                                              SHA512

                                                                                                                              ebfa40becf1532fbc30d0bd081e01d3b5ef2d9996a462bdabfe2729a9340263fc7c51cbc8ad23a325f2d0be575045561aa0acc5c6a4b98a35329bf52a54f2b4f

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                              Filesize

                                                                                                                              111B

                                                                                                                              MD5

                                                                                                                              285252a2f6327d41eab203dc2f402c67

                                                                                                                              SHA1

                                                                                                                              acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                              SHA256

                                                                                                                              5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                              SHA512

                                                                                                                              11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                              Filesize

                                                                                                                              2B

                                                                                                                              MD5

                                                                                                                              d751713988987e9331980363e24189ce

                                                                                                                              SHA1

                                                                                                                              97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                              SHA256

                                                                                                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                              SHA512

                                                                                                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                              Filesize

                                                                                                                              14KB

                                                                                                                              MD5

                                                                                                                              75e6abda0cdbc8d0e6cf6412e4d8cb3a

                                                                                                                              SHA1

                                                                                                                              1254e1e625c23b5adec7032580e68957f9bb9c44

                                                                                                                              SHA256

                                                                                                                              a77c04c0d2c0b2ebbbc24f7add8e7e3028d8c5a8c7a410e5eca0e7d90edf3c3c

                                                                                                                              SHA512

                                                                                                                              44ad3143300130aba0766927778f7806356bbe9f8eca4f8979dca66459eb739acbb7008f169b7f8ec12b265f684f11e541a6394fa05482f47ca557655279be26

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                              Filesize

                                                                                                                              13KB

                                                                                                                              MD5

                                                                                                                              bba118d77a556a2e72d30411e4cbec4c

                                                                                                                              SHA1

                                                                                                                              23278eeadcf4375e283f3b1ebe41cef6738f3d6c

                                                                                                                              SHA256

                                                                                                                              c60c65b0dbbeece7cac7330c59b16b9ef9f46fb607c6b3bf125e1ecf45131cf3

                                                                                                                              SHA512

                                                                                                                              04a89dcd76d9d177ad619046827b05157e2ac7d5525280e4d5a65b69cc24297068d053f3c66668883dfeb1e5909959821cc3229cf09e467fc427fe6221a57497

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                              Filesize

                                                                                                                              14KB

                                                                                                                              MD5

                                                                                                                              1640c4f1ee430ad146dee271e575ec0b

                                                                                                                              SHA1

                                                                                                                              7b09c0a3396dd5989be7a059fb76bf92443db54a

                                                                                                                              SHA256

                                                                                                                              7888a07f9df59d08cfdacf597a7dcaff0b24bdc18edf7d4fa5222ab5b331b395

                                                                                                                              SHA512

                                                                                                                              2f3b2398892c19d9145f63f10477f9b26f33b16be37500861727081b3d535e7ba21fe80f685620f3a36e8a3a050c1d7574a8e1716a2701aa5fed1d46fc921e40

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                              Filesize

                                                                                                                              37KB

                                                                                                                              MD5

                                                                                                                              f5bb92ba4d286c70a8990befe957e916

                                                                                                                              SHA1

                                                                                                                              75e2b629f388bda20b2786390b601804f620b598

                                                                                                                              SHA256

                                                                                                                              70253543a82cfefe64435b2184638757ca7e467aac8351e53780589a596775e6

                                                                                                                              SHA512

                                                                                                                              0c7ffdfe97c9ba9ceb7d28cabff8eddedcc272bfa8ce3698b5c73bcafee5732a403bd4de5957d1bd431d650841e83a69622f45872e3be48148a8aecd1a0e1b77

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\9c519646-5b85-4f87-b6f2-333835629ee0\index-dir\the-real-index
                                                                                                                              Filesize

                                                                                                                              648B

                                                                                                                              MD5

                                                                                                                              d21a2be874c90af5b420e3155151d550

                                                                                                                              SHA1

                                                                                                                              578e11824f72d87b5cfb9f98261e22a4ed5db1cc

                                                                                                                              SHA256

                                                                                                                              b16b2b4c516702a50002c3e7b1bcb2202e254c257eddaede1e024607f3d6330c

                                                                                                                              SHA512

                                                                                                                              77c65d79c7c6b8f3841c40b155eb40822dc4b1fa90ac453c764f915cc4926684905f55274034fdbb28fc0eebc7aa291d0f93b64f02207c0ce890b6dc94ae8869

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\9c519646-5b85-4f87-b6f2-333835629ee0\index-dir\the-real-index~RFe5c2216.TMP
                                                                                                                              Filesize

                                                                                                                              648B

                                                                                                                              MD5

                                                                                                                              5cbe0647f4166f3d98da5619731b8809

                                                                                                                              SHA1

                                                                                                                              3686f143ee4684a5e477d3e0b9806cae566f297b

                                                                                                                              SHA256

                                                                                                                              2501a9becaeb8c8739361b653f601893273bf7c9c2627e1d0fd296c98aeff8cf

                                                                                                                              SHA512

                                                                                                                              b926e808643ff5136a384834662ad35a6d8ff504199351c152db782099ccfa8534c448d99d1196d80f308919ec8ed2af3c282718abc38e70be7a708dd77785d8

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
                                                                                                                              Filesize

                                                                                                                              253B

                                                                                                                              MD5

                                                                                                                              279f582ae25e7464b84781811744ae52

                                                                                                                              SHA1

                                                                                                                              54e5f58847031c5262bd73ab20830852ea2fe304

                                                                                                                              SHA256

                                                                                                                              dc0cfe94ad84896da5ecad64373bc176a38066ad86638381b6cef21568bf082d

                                                                                                                              SHA512

                                                                                                                              4164ee2d7d0f62b249e4a5f4ff2f40aa892a91b2ccd7705d69a6628464da9f2e4ddf380d209b6a8583dbf5c1d89c7ad873fa299220b4f1b787b823590c0ded61

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
                                                                                                                              Filesize

                                                                                                                              338B

                                                                                                                              MD5

                                                                                                                              2906a287f57796ac140db5a1ade02956

                                                                                                                              SHA1

                                                                                                                              f658733234ec5b5614cc7feb4a34de0707ba911e

                                                                                                                              SHA256

                                                                                                                              1cdee58100ccb53b6088e046b7955ff32c0d89d3a5dfb320079a0b9bec5ee828

                                                                                                                              SHA512

                                                                                                                              0cd53f65dbd869a977e69f3f01874255e765ef15b7c88048f8fd7765250b6794792f1726c14dfeb4f0c9d03ed330a6288a9c939bafbc07ddf56c5ff51c29970e

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13387930217119888
                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              a21b4648abc9fb2986e1e51a6bbd6c1f

                                                                                                                              SHA1

                                                                                                                              633bb2b5289b0bf16159db1fc5a860c9f0004570

                                                                                                                              SHA256

                                                                                                                              93e99638454d5da2f3152aac8574762e2497c14b38bc81cf906de086f8bd1e18

                                                                                                                              SHA512

                                                                                                                              14c4a3c89d7eb60a8a66b2236050a8a7cce7972779560695c30b7899078afa302bcf8078ba08fe2148f47c06ada468223857c1e1d893dae31c8e34cc0ecaf2f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
                                                                                                                              Filesize

                                                                                                                              20KB

                                                                                                                              MD5

                                                                                                                              c135aeda0eeffc53bbf903913c861f3e

                                                                                                                              SHA1

                                                                                                                              c294f21924c0eed4aa1527f8ce867c96833ee834

                                                                                                                              SHA256

                                                                                                                              ff1398edcfa0ea35375afa95cd25bc086af7ce25cba4a85318eebd1252e29b4f

                                                                                                                              SHA512

                                                                                                                              f72555fd484139dd4b59281375ccbf109c8196635f5e08e574e89d137e42886c1b62f4f8d3318963a469725faae42c7d64d47dcb41210833383e978d611dc87e

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                                                                                                                              Filesize

                                                                                                                              350B

                                                                                                                              MD5

                                                                                                                              a379fee4d36693d0279314612175f883

                                                                                                                              SHA1

                                                                                                                              bad2bb9ae0c4c7de3eb9b73e0f181bbd44796582

                                                                                                                              SHA256

                                                                                                                              4e4a113155273b1a6d6732511cce9d920ff6d674803b960c2a477cbbb094c075

                                                                                                                              SHA512

                                                                                                                              01a70dd8e267df02469cca593e1fccdeefc3a8a989fbf265a07eade62b197ed83f7ea9bc907e39e20010aa9598dcfc3d432e24fae9aa8a9a416cf515b5028e93

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                                                                                                                              Filesize

                                                                                                                              323B

                                                                                                                              MD5

                                                                                                                              96a609953f6b983cad65b3042bc2d8dc

                                                                                                                              SHA1

                                                                                                                              c6d40d640055e090feae78db4e335ad8e645a75a

                                                                                                                              SHA256

                                                                                                                              125869af3ea4a143fa8b2e08018992b2e658c04e73062268c3aca7bb9e86ed1b

                                                                                                                              SHA512

                                                                                                                              0ab9185054e3176924a14e6879ad9c598a7789d88ca77e9843f7c19da5659b848502abce2d6c5af3d2c1d49afbc889a7583630717148350d416116b57f839447

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              MD5

                                                                                                                              cb0f5d8c9b6d653d6b4df202281cacab

                                                                                                                              SHA1

                                                                                                                              3e12d75f38c1955c2273a20cc2590c6e6798bd3e

                                                                                                                              SHA256

                                                                                                                              64e9bd1a5ad2687238ced1717b761e472175a991a5d5671221574d3993b0550d

                                                                                                                              SHA512

                                                                                                                              82c2b2289c41cc8bb48786033cf4e20b4d46db7fbff5be6f09f4fb93271862cc1d30828be6c301144e008936bf6b0344ac47e5e9c1d40e4f1908e1f4bd233f20

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              MD5

                                                                                                                              9d85a6004fa3ec426be2e9d0e936390c

                                                                                                                              SHA1

                                                                                                                              ce357f1d4107d31c950c47822daf0be751d46397

                                                                                                                              SHA256

                                                                                                                              f1a6ae0ff06fd8981f3b45b5873f0e02f10662bf145a5cc77f297643a9e3ac45

                                                                                                                              SHA512

                                                                                                                              6ba9e32d7d33a3a0d1806927cd69d661c6ba0490b90a98bd2c3886977fb40f72244d83bff157a916cad805a337bdf56248d21c60dfe16c7a491ba0959108a42f

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
                                                                                                                              Filesize

                                                                                                                              228KB

                                                                                                                              MD5

                                                                                                                              b82d97a1337d8593dcd3f3770079e7ce

                                                                                                                              SHA1

                                                                                                                              1e339d18b2d49adc5a629987925799eaf0e14f0b

                                                                                                                              SHA256

                                                                                                                              6f30a175d50d85a637625098af4862bdefbb8b3693d5411ef387c854c315c127

                                                                                                                              SHA512

                                                                                                                              bc514b3f2e926fd81b9ee6cc072134b44c54eaa1790a95c1e09e407445a44f34ee2bce0615fade9197954cde93f1ba0e2e9c1273218671eccb81882b480e2444

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase
                                                                                                                              Filesize

                                                                                                                              14KB

                                                                                                                              MD5

                                                                                                                              46794471331bb16e8f2d7eee3fa35317

                                                                                                                              SHA1

                                                                                                                              c588ecce3532c732edf2c4e7f3d51637b831b9d1

                                                                                                                              SHA256

                                                                                                                              f83d50231015123fd23637a0fe8709145e3c0e2d2f56b3afe4d7998b09b9c8e5

                                                                                                                              SHA512

                                                                                                                              0790b94769ca085434446e0d7e26ac7925d20f2ef5ee7bea8fda6434ccf18549af1f9d37d311cc931d2dd3fae2a8f96683f595ad0bf7c4156c4f64349dcaf533

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
                                                                                                                              Filesize

                                                                                                                              3.9MB

                                                                                                                              MD5

                                                                                                                              496d9e6929324eee2ce751f87f3b51de

                                                                                                                              SHA1

                                                                                                                              a91301af57b278c5c20f5a4b0718b728362f4229

                                                                                                                              SHA256

                                                                                                                              1e45d72a091a809ba42d69f45e3e675f0fdd8ede15c6277da70fa29d70d7dcb4

                                                                                                                              SHA512

                                                                                                                              904fbfcd8012a2d3784679b4691d0bb4a2538af82b3206fa1f0fddcc4d070384db7f152f0fbfd3ceb7d2ef1316178e5628ec06e1bd263a474dc9ee26af8add1d

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
                                                                                                                              Filesize

                                                                                                                              11KB

                                                                                                                              MD5

                                                                                                                              50e93de20b9eee2487f81557024f3227

                                                                                                                              SHA1

                                                                                                                              ad4d3f12f7656f6377b3feb4a74cea15ea70f2bc

                                                                                                                              SHA256

                                                                                                                              f1b0678a18b7f9fe7efb0abcd375e751964bef0876102be97a47737102fd8c29

                                                                                                                              SHA512

                                                                                                                              4f0def09d1d899b26ed28350d29c65f16c6ea3b0e6e969fcb016b3be6c531ec131aa9207efe86dfb9d89bfb6edcca3e2578093525fd5f5ef274f8f13d4aac851

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
                                                                                                                              Filesize

                                                                                                                              322B

                                                                                                                              MD5

                                                                                                                              d7f404a55f0a2b58948a87c0421180cc

                                                                                                                              SHA1

                                                                                                                              5973f8b3d66c16088e75a1ec88ac6e088719c10a

                                                                                                                              SHA256

                                                                                                                              09759c8b919bc2cb375e62c1cf9a9f495e89ed10a7f2349f365e90ed693dc4ff

                                                                                                                              SHA512

                                                                                                                              db5d2f31af85200b8d16c458b3ae152ccb94cecde88a5d6d1cf9f0aa0d264a8caddbb4564eae4bf21664fddcb983a88a171ac0d71aa82a5ba1cb592d5e732a31

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
                                                                                                                              Filesize

                                                                                                                              1000B

                                                                                                                              MD5

                                                                                                                              c5c6eb4f6ba9e4479fd6cbcf02eba599

                                                                                                                              SHA1

                                                                                                                              abff6ffac03e1c196b19420d34fd80b6897b0480

                                                                                                                              SHA256

                                                                                                                              95cc32c9c5405238b14d9840fd1b5372988a0c54c876579f052106f38ccc4620

                                                                                                                              SHA512

                                                                                                                              5f8bcf3e3a0823862152b220d5a24f9b2023da85c3fa8a7bf966df830ebe5cac1892e2ec9f8904f52e3db143be9d15c8ce74ab01c849dc0f1150bce9c7a6e29d

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
                                                                                                                              Filesize

                                                                                                                              340B

                                                                                                                              MD5

                                                                                                                              6333d521b79749b7136a1f6fc77237ba

                                                                                                                              SHA1

                                                                                                                              4b1bf329622b3df6240c565dd6f6f160b2797369

                                                                                                                              SHA256

                                                                                                                              9ae0956fb06794bc506691ab74a99ab238d83f76309a4964c65ef425aad2bcf2

                                                                                                                              SHA512

                                                                                                                              655a5ba66847cea5cd7232b55b642e72a491261f13f4ebf1179bcc4d2f41387abeda26b294bcea36aabc8918c3c8e22e510104de23d7050a25dde70a13fbd6d2

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                                              Filesize

                                                                                                                              880B

                                                                                                                              MD5

                                                                                                                              bdd633558223abd7602ff6944e822a99

                                                                                                                              SHA1

                                                                                                                              f28213408b32a0f02f19288aa10ddcc9593b19a4

                                                                                                                              SHA256

                                                                                                                              219bcd52d20d604d708536655d9d4b47953fc8557ad92a080a0baa263786a7ad

                                                                                                                              SHA512

                                                                                                                              8612a624174165deaf350a2b90d8bce44758364f9745e500a0d1afba88da8e5517661f52dc0e6f02e63a3390f540bbe1027eb25126fd398ce055235d9e98721a

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                                              Filesize

                                                                                                                              23KB

                                                                                                                              MD5

                                                                                                                              2fe033e0ad8163b52da055b72a811cd7

                                                                                                                              SHA1

                                                                                                                              5730f23fc647b308b0d82727a7691bf10a53acad

                                                                                                                              SHA256

                                                                                                                              55060ef3ff90d250fdb9bf31e3a474152397c613f7ed2f6188b2ec83a6f96182

                                                                                                                              SHA512

                                                                                                                              b766d305978dab2be1a982fb2d9d1fbc4968df809603d91989f0a17a851f506d3dd90e04a799bb2d8e9e2b94ec056b7630363ffeecf278d5942eed9990160ce9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe58752b.TMP
                                                                                                                              Filesize

                                                                                                                              469B

                                                                                                                              MD5

                                                                                                                              3696536133d1ceafc4b298d1fcec55b3

                                                                                                                              SHA1

                                                                                                                              1d095e1c35eaacb5c2ee1a2e6e8955e27a1bac62

                                                                                                                              SHA256

                                                                                                                              52f192efd70e0c3419f4d74cd4815aacdcaad658150e6085231dfd910bd8b933

                                                                                                                              SHA512

                                                                                                                              1464232de31c53f2a188286a0ce9d256bb0c3b1277f7ea9b6fb9d86aaa212476afbd5cd22d9f2ad87cd104407b24f764b05bd1ed772974e68e1efa0728aabd0f

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
                                                                                                                              Filesize

                                                                                                                              22KB

                                                                                                                              MD5

                                                                                                                              56a63f182b2938fbe3e59fbf9681dc08

                                                                                                                              SHA1

                                                                                                                              b76578ca24fb20b8bd5dafad4296e5a46735a5e1

                                                                                                                              SHA256

                                                                                                                              36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

                                                                                                                              SHA512

                                                                                                                              b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe588a0b.TMP
                                                                                                                              Filesize

                                                                                                                              3KB

                                                                                                                              MD5

                                                                                                                              c7569efb2fa9fe93c0ea2f0896f54036

                                                                                                                              SHA1

                                                                                                                              e231c700b778b624f6065b035e5803fdd8b4db4b

                                                                                                                              SHA256

                                                                                                                              2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

                                                                                                                              SHA512

                                                                                                                              c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json
                                                                                                                              Filesize

                                                                                                                              3KB

                                                                                                                              MD5

                                                                                                                              94406cdd51b55c0f006cfea05745effb

                                                                                                                              SHA1

                                                                                                                              a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

                                                                                                                              SHA256

                                                                                                                              8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

                                                                                                                              SHA512

                                                                                                                              d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0
                                                                                                                              Filesize

                                                                                                                              44KB

                                                                                                                              MD5

                                                                                                                              239d0f1c97ed3669cd8b018d536bd338

                                                                                                                              SHA1

                                                                                                                              8677503b0ca44368ec03d8dfa102e5953ffb7910

                                                                                                                              SHA256

                                                                                                                              1978827063bc8ef1cd9ee13155e617f8e2960a87fdaa632d5c9c97c4593f59a2

                                                                                                                              SHA512

                                                                                                                              cdd0a511fb0d2407120d10a100b3c1561a4cad59535a2299ba33aa99627bd89b455177889c47993506e7124fb1f2179c84e90ededf41542e70d7496397baf760

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1
                                                                                                                              Filesize

                                                                                                                              264KB

                                                                                                                              MD5

                                                                                                                              c725af41e100e2e3cf3d9ed44bc98ddf

                                                                                                                              SHA1

                                                                                                                              f31dd84f93fe669d7f5162a9ae822c087675ddf3

                                                                                                                              SHA256

                                                                                                                              00cf4d35bf5df5bda78b54ceb628801e03d3414b5c8b752aa14ff4e96757dbf1

                                                                                                                              SHA512

                                                                                                                              54424333637ffb07691e60b06f2796cb731bee903056ddc91805053d8a6fc2f0f73227b5fdb5f19a0b1d4dd3e96367cfbc284863f53b7b078b1c4d4ce870588c

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3
                                                                                                                              Filesize

                                                                                                                              4.0MB

                                                                                                                              MD5

                                                                                                                              3904fac4d731063cac53923d6b9a2537

                                                                                                                              SHA1

                                                                                                                              b5ab079a21d0d88a3bbf6f5b2063129b3b3229d4

                                                                                                                              SHA256

                                                                                                                              f6faede7244574ee64108c8a9e16f7747d771d957f7e3059711ea2c67c5a7bd2

                                                                                                                              SHA512

                                                                                                                              21e15d2a5e7def0bd735783043e25420cd22c662149e63d9615ea5e7aed2c30235b600c57bb3c29e0d1270f6587ff0312973411dc4bd963bbf5b0121acbda211

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
                                                                                                                              Filesize

                                                                                                                              120B

                                                                                                                              MD5

                                                                                                                              a397e5983d4a1619e36143b4d804b870

                                                                                                                              SHA1

                                                                                                                              aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

                                                                                                                              SHA256

                                                                                                                              9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

                                                                                                                              SHA512

                                                                                                                              4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                                                                                                              Filesize

                                                                                                                              13B

                                                                                                                              MD5

                                                                                                                              3e45022839c8def44fd96e24f29a9f4b

                                                                                                                              SHA1

                                                                                                                              c798352b5a0860f8edfd5c1589cf6e5842c5c226

                                                                                                                              SHA256

                                                                                                                              01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

                                                                                                                              SHA512

                                                                                                                              2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                              Filesize

                                                                                                                              39KB

                                                                                                                              MD5

                                                                                                                              26acca54e4875c0ad98ec93a0ef7bd08

                                                                                                                              SHA1

                                                                                                                              d2ab7871f7ddd03ba07c595fe5bd03a0b3807d0b

                                                                                                                              SHA256

                                                                                                                              05b52fd85b7a68259f0cf36633891438650f0089b7c40e63c370e1abbc98eaa4

                                                                                                                              SHA512

                                                                                                                              dc8f3b834f4c20e4f0ecc205d694a87716124c02b5b5809d883cb88bd8aba0c622dfed618391380ebe6b38168144f577d4ec62051c2d71ce1c584999e994d94e

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                              Filesize

                                                                                                                              30KB

                                                                                                                              MD5

                                                                                                                              0c06274e0a5ab9160019b9aec91f4490

                                                                                                                              SHA1

                                                                                                                              02f98440928d58b1073043bb96723b8b11ae4eef

                                                                                                                              SHA256

                                                                                                                              8e03b713680e064a8b50cddad66da585337d397da66b1275f53431e35445a768

                                                                                                                              SHA512

                                                                                                                              0cf6462a33f15fc0cebdbb0e5fe9584b54cf69070ffa7b813b89e77ea4fa5f79f317528c9d4de1dbedad6492f3c4394991a3eeeeb9150d62b01b144347f72b38

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                              Filesize

                                                                                                                              30KB

                                                                                                                              MD5

                                                                                                                              60d8f2a5c4255fa52c7b5bd2fac1d366

                                                                                                                              SHA1

                                                                                                                              73ced619297ee6e0d8c081bd0272b34a64761ec2

                                                                                                                              SHA256

                                                                                                                              88c86e11d8d9a47b0474b450a29ac4a8af9368a827e02ca568d720fb12723c0a

                                                                                                                              SHA512

                                                                                                                              3d47a6a24a23b39b83857e71fc1aa08a681670d14c24248cccbe904369723854dcf3285fb9567bf29948adab025c70e0597dcf2d2dbabca2d63fb4a28e6e361a

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              a3e7149e915c7eec45604901f133f7f9

                                                                                                                              SHA1

                                                                                                                              5f26e16ea2e9672ae77a42c0fbee64ae84be02c0

                                                                                                                              SHA256

                                                                                                                              be1635efe2cc30aae0ee07db2e781c525f5373b47441053efecf0da916526784

                                                                                                                              SHA512

                                                                                                                              f1332b2468650b240deec2314ee4ce964d3d6f61619520b5871e4f53abf011aab4fef971294a591e8de7dc880e5188326d04896e93f276ed54a1aa264940b0fa

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                              Filesize

                                                                                                                              7KB

                                                                                                                              MD5

                                                                                                                              a36ef8a3d2b2bbbfb67a71a8c0cdf176

                                                                                                                              SHA1

                                                                                                                              a4f9b3e867c275cc5d4bb5fd11d46b11fe814782

                                                                                                                              SHA256

                                                                                                                              b352026221dceee134ccde6dfd534763c3b459db625a4a6876a7905887da7d4e

                                                                                                                              SHA512

                                                                                                                              af00a82d022ad315b977fd6635ba25d3077308ca779a943359a6bc5536c20d0df4514a7d7cb5a6d8833b1e7517eecfbb5cd13f8925b791340a6938fe20e9a8f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                              Filesize

                                                                                                                              30KB

                                                                                                                              MD5

                                                                                                                              fbfd098e70307eb695d3c6ee72bea2f9

                                                                                                                              SHA1

                                                                                                                              6a6ae3ab31a728adb0d41caf87b29b2b5c1152aa

                                                                                                                              SHA256

                                                                                                                              05e7bf0d594f444c015eb5861a84d9e82f9e501bd7e7a42f45d7350a3f310251

                                                                                                                              SHA512

                                                                                                                              cfb1a3f3f9a5a4de6023155708198570ef79af116e9540dbdc2d112df168c1b4cf476c145481497bb02286eec7d67db2229e7898d89770c54ac6f614b9cc69bc

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json
                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              bef4f9f856321c6dccb47a61f605e823

                                                                                                                              SHA1

                                                                                                                              8e60af5b17ed70db0505d7e1647a8bc9f7612939

                                                                                                                              SHA256

                                                                                                                              fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

                                                                                                                              SHA512

                                                                                                                              bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json
                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              499d9e568b96e759959dc69635470211

                                                                                                                              SHA1

                                                                                                                              2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

                                                                                                                              SHA256

                                                                                                                              98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

                                                                                                                              SHA512

                                                                                                                              3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db
                                                                                                                              Filesize

                                                                                                                              48KB

                                                                                                                              MD5

                                                                                                                              fe595c089e6cb7e8bb98f688a148134b

                                                                                                                              SHA1

                                                                                                                              d3523cba854fbbbaefd08ee994fe28d056c63581

                                                                                                                              SHA256

                                                                                                                              5bd2196ceb05acbaae8cdfaae7a5df8d6b6e5a6240e7c273b7e9d14caf956189

                                                                                                                              SHA512

                                                                                                                              d6895129ba6751060ded1a0754f04f689437199df1fca0cd8934629a3b038a89e793651808f19fa0c8e4506ca2cbca128bc3483e9c5f9c34ff460e6e38435678

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                              Filesize

                                                                                                                              944B

                                                                                                                              MD5

                                                                                                                              1a9fa92a4f2e2ec9e244d43a6a4f8fb9

                                                                                                                              SHA1

                                                                                                                              9910190edfaccece1dfcc1d92e357772f5dae8f7

                                                                                                                              SHA256

                                                                                                                              0ee052d5333fd5fd86bc84856fec98e045f077a7ac8051651bf7c521b9706888

                                                                                                                              SHA512

                                                                                                                              5d2361476fa22200e6f83883efe7dcb8c3fe7dae8d56e04e28a36e9ae1270c327b6aa161d92b239593da7661289d002c574446ecfd6bd19928209aae25e3ef64

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                              Filesize

                                                                                                                              944B

                                                                                                                              MD5

                                                                                                                              050567a067ffea4eb40fe2eefebdc1ee

                                                                                                                              SHA1

                                                                                                                              6e1fb2c7a7976e0724c532449e97722787a00fec

                                                                                                                              SHA256

                                                                                                                              3952d5b543e5cb0cb84014f4ad9f5f1b7166f592d28640cbc3d914d0e6f41d2e

                                                                                                                              SHA512

                                                                                                                              341ad71ef7e850b10e229666312e4bca87a0ed9fe25ba4b0ab65661d5a0efa855db0592153106da07134d8fc2c6c0e44709bf38183c9a574a1fa543189971259

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\2c6de665-e2c1-4728-900c-019af048bccc.down_data
                                                                                                                              Filesize

                                                                                                                              555KB

                                                                                                                              MD5

                                                                                                                              5683c0028832cae4ef93ca39c8ac5029

                                                                                                                              SHA1

                                                                                                                              248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                                                                                                              SHA256

                                                                                                                              855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                                                                                                              SHA512

                                                                                                                              aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\212.102.63.147\Browsers\Edge\EdgeHistory.txt
                                                                                                                              Filesize

                                                                                                                              3KB

                                                                                                                              MD5

                                                                                                                              ab518253b453da2c62222559553d875c

                                                                                                                              SHA1

                                                                                                                              bb0bea5ca2adab804dd42e1ad9569c5ae118cd69

                                                                                                                              SHA256

                                                                                                                              133a2d0152f1531c858c458fc75a0db821d28b68a4b17641ae522f558149e8ef

                                                                                                                              SHA512

                                                                                                                              1927e7514bd3ce9b8c833a3628c0f984f7672b007998456e753327a34c8e6161d3132bcb18de9dee386dad9c1bff1b90a905458583b92d80090c440c4a5ddbee

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\212.102.63.147\Browsers\Edge\EdgeHistory.txt
                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              f029867ded1867bef2dd76292ee026fc

                                                                                                                              SHA1

                                                                                                                              9c364470d42cd23c9662f2a43bede0319c7887f3

                                                                                                                              SHA256

                                                                                                                              364d4698e6e69c6da889536c6c85c8e4e3e6364545026b4cf7c5469fdc9e85c8

                                                                                                                              SHA512

                                                                                                                              6a713dae74c052b376e0339cfe2e774625ab61190b361203540211998c2267795ce888ca9a5b714ae1a473d3ba6d7479a4fbfdc4104260d8766fc09ac4cf458d

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\212.102.63.147\Browsers\Firefox\FirefoxBookmarks.txt
                                                                                                                              Filesize

                                                                                                                              162B

                                                                                                                              MD5

                                                                                                                              9b9de086b372da84e4bd01979b2d501e

                                                                                                                              SHA1

                                                                                                                              14bb853a2e1360a92a43564cbbf2b1e654bfd745

                                                                                                                              SHA256

                                                                                                                              ff9b231ec4d32420337db47764c66eeab38d07fa42e65637b8f8ac165d5e8eb5

                                                                                                                              SHA512

                                                                                                                              5db7723390582ccd93ede00c90036a6276cd98be1bd0bce7c059302bcea2fdb2829ae37cf00f2cfffb481857b21a4ffe2332c1919161a2b5ff05b87f4233e78b

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\212.102.63.147\Browsers\Firefox\FirefoxBookmarks.txt
                                                                                                                              Filesize

                                                                                                                              81B

                                                                                                                              MD5

                                                                                                                              ea511fc534efd031f852fcf490b76104

                                                                                                                              SHA1

                                                                                                                              573e5fa397bc953df5422abbeb1a52bf94f7cf00

                                                                                                                              SHA256

                                                                                                                              e5fe7f327ae62df007bd1117aa7f522dbbcd371ec67953f66d786424cb1d7995

                                                                                                                              SHA512

                                                                                                                              f7d8e575a2332b0fbd491b5e092b7ed6b0942a5165557fcc5d215d873b05103aa6ba01843133871c1c7ac81b10182a15895be49885c98d1a379dd55f88004fae

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\212.102.63.147\System\Process.txt
                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              MD5

                                                                                                                              290ddbeb39d5094ab2364b71383f4a58

                                                                                                                              SHA1

                                                                                                                              e96f188248019be93204d6bfceabe5ab441a3be2

                                                                                                                              SHA256

                                                                                                                              766ef591932dbd4bae7dda29dfc5475ee8601ff975b44b92db6c407956c139de

                                                                                                                              SHA512

                                                                                                                              d7e9ff94ec2d98814d0bfa22e174e56db6d0fa522dd2a544f0bc33e61e883a4a02395128d80b390e853f1d5e61d085309dcebd295907bc8096db67742abdf585

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\Omnhybqtz.exe
                                                                                                                              Filesize

                                                                                                                              7.8MB

                                                                                                                              MD5

                                                                                                                              e2d96d9ee0fc390755c45034ec782c33

                                                                                                                              SHA1

                                                                                                                              f5487d3d706f7554c3075ed8a0753b8581d33749

                                                                                                                              SHA256

                                                                                                                              2b00d8e00c84a130c58a3d4ee5d4548517fa4b95eb6ceb0429a0b857755ada29

                                                                                                                              SHA512

                                                                                                                              04608fe3591b841217e4b92b1020d5ca384b796d156a6b7c6664769c7bbd7345b03c8a6857d6fd2d1779f41eefd349635d0f7b2a1c4c8467c071edab4f9bd327

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\Tukexuutr.exe
                                                                                                                              Filesize

                                                                                                                              245KB

                                                                                                                              MD5

                                                                                                                              4fc027cda3ab806b71d90369f05e2e12

                                                                                                                              SHA1

                                                                                                                              57748ec8d12f215fc80559594a94e8f74e3a1ae3

                                                                                                                              SHA256

                                                                                                                              9f628e852ccd4c45b3e4ee68ada8c63ae593066cd386895c6f8beee4fbb46c6d

                                                                                                                              SHA512

                                                                                                                              e407ae686958bc5f66556317694ac372b02e150dad7c3b3623d2d6be991a0e349cba6aff61403299803b0d4b1f17fd5cedc822b06f0bff3866bc7250fbdc2715

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe
                                                                                                                              Filesize

                                                                                                                              14.9MB

                                                                                                                              MD5

                                                                                                                              cac67604904dce94d230953f170d4391

                                                                                                                              SHA1

                                                                                                                              9ea639f23a5699bb66ca5da55b2458347aed6f13

                                                                                                                              SHA256

                                                                                                                              64e5b7463d340b9a8b9d911860b4d635b0cf68afbe3593ed3cc6cbb13db0b27b

                                                                                                                              SHA512

                                                                                                                              af358008abb47a345a53dab222a01ab6c0ed10185fca8d2be9af2892161f150c8cc8a7f75272d1eb1acd17b49f32d3531adbc1cfdd153cc7c3e90841cabe766a

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uy4j34dh.kjv.ps1
                                                                                                                              Filesize

                                                                                                                              60B

                                                                                                                              MD5

                                                                                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                              SHA1

                                                                                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                              SHA256

                                                                                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                              SHA512

                                                                                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\d89f374f-e68a-48ba-9d7f-9cb7ea5270b8.tmp
                                                                                                                              Filesize

                                                                                                                              1B

                                                                                                                              MD5

                                                                                                                              5058f1af8388633f609cadb75a75dc9d

                                                                                                                              SHA1

                                                                                                                              3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                              SHA256

                                                                                                                              cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                              SHA512

                                                                                                                              0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\fbc79eb2-7fd5-4813-bd9d-41e4aa8d8916.tmp
                                                                                                                              Filesize

                                                                                                                              10KB

                                                                                                                              MD5

                                                                                                                              78e47dda17341bed7be45dccfd89ac87

                                                                                                                              SHA1

                                                                                                                              1afde30e46997452d11e4a2adbbf35cce7a1404f

                                                                                                                              SHA256

                                                                                                                              67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

                                                                                                                              SHA512

                                                                                                                              9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\scoped_dir820_2046381634\a9670b87-3b20-440f-ae2e-1a9f5c5a7aee.tmp
                                                                                                                              Filesize

                                                                                                                              152KB

                                                                                                                              MD5

                                                                                                                              dd9bf8448d3ddcfd067967f01e8bf6d7

                                                                                                                              SHA1

                                                                                                                              d7829475b2bd6a3baa8fabfaf39af57c6439b35e

                                                                                                                              SHA256

                                                                                                                              fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

                                                                                                                              SHA512

                                                                                                                              65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                                                                                              Filesize

                                                                                                                              38KB

                                                                                                                              MD5

                                                                                                                              076f2c93e34a152c270907e33143fdf4

                                                                                                                              SHA1

                                                                                                                              26278090a3e808d79e76ce8dc3ef21f55524c9b4

                                                                                                                              SHA256

                                                                                                                              59d95ba60294f08afe88b16ca08c6befd1148ec4a120a674fc5bf8287205ebc5

                                                                                                                              SHA512

                                                                                                                              54cbde7e10665bf039d69df63a05dcd6886a883d51e8354d3cc78f2f0883a80b7441a24108053b9b23bacc4a8cff366fc52fa02e2a10e8f3f9c600a1e9fbe867

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmpCB7B.tmp.db
                                                                                                                              Filesize

                                                                                                                              160KB

                                                                                                                              MD5

                                                                                                                              9b85a4b842b758be395bc19aba64799c

                                                                                                                              SHA1

                                                                                                                              c32922b745c9cf827e080b09f410b4378560acb3

                                                                                                                              SHA256

                                                                                                                              ecc8d7540d26e3c2c43589c761e94638fc5096af874d7df216e833b9599c673a

                                                                                                                              SHA512

                                                                                                                              fad80745bb64406d8f2947c1e69817cff57cc504d5a8cdca9e22da50402d27d005988f6759eaa91f1f7616d250772c9f5e4ec2f98ce7264501dd4f436d1665f0

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmpCB7E.tmp
                                                                                                                              Filesize

                                                                                                                              56KB

                                                                                                                              MD5

                                                                                                                              0e2c60740cafa19c5158f4aa41a5d4e7

                                                                                                                              SHA1

                                                                                                                              f01d0f359e407fed424c30919ed64b77508b3024

                                                                                                                              SHA256

                                                                                                                              ce41f2a3255df2099ae8eea9364bd28c6fd6a56c8ca3290bd274944d16d9e6bf

                                                                                                                              SHA512

                                                                                                                              e367b88f1d984f84b9b4a8fa4002ede1afad0d375f9374636250f17e64445a60d1b99fe23a0b314c4b2bd5fd27fe5b87fa4079a84b4497629f238afd8436afe2

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\Downloads\XWorm V5.6.zip.crdownload
                                                                                                                              Filesize

                                                                                                                              24.8MB

                                                                                                                              MD5

                                                                                                                              79dbcfc4041b31d47e63abd1d08ecc91

                                                                                                                              SHA1

                                                                                                                              2b5df69e6999ba107ef54feeaefd288d96e86141

                                                                                                                              SHA256

                                                                                                                              f01bae5d62f6320edfba317ce34413659200c30ace28fc9f671425c355e063ce

                                                                                                                              SHA512

                                                                                                                              c89a9e1bf582755525b3e70c9c32a9b7a03f4b7c6092af1efccd740a02069dffed666d6dc26c76c98a98cc5c6f528437f32c45733211a37f05490bfff3669cfb

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\Downloads\XWorm V5.6.zip:Zone.Identifier
                                                                                                                              Filesize

                                                                                                                              26B

                                                                                                                              MD5

                                                                                                                              fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                              SHA1

                                                                                                                              d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                              SHA256

                                                                                                                              eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                              SHA512

                                                                                                                              aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                              Download Submit

                                                                                                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping820_1026262825\manifest.json
                                                                                                                              Filesize

                                                                                                                              119B

                                                                                                                              MD5

                                                                                                                              f3eb631411fea6b5f0f0d369e1236cb3

                                                                                                                              SHA1

                                                                                                                              8366d7cddf1c1ab8ba541e884475697e7028b4e0

                                                                                                                              SHA256

                                                                                                                              ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

                                                                                                                              SHA512

                                                                                                                              4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

                                                                                                                              Download Submit

                                                                                                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping820_118659692\manifest.json
                                                                                                                              Filesize

                                                                                                                              43B

                                                                                                                              MD5

                                                                                                                              af3a9104ca46f35bb5f6123d89c25966

                                                                                                                              SHA1

                                                                                                                              1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

                                                                                                                              SHA256

                                                                                                                              81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

                                                                                                                              SHA512

                                                                                                                              6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

                                                                                                                              Download Submit

                                                                                                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping820_1481681784\manifest.json
                                                                                                                              Filesize

                                                                                                                              160B

                                                                                                                              MD5

                                                                                                                              a24a1941bbb8d90784f5ef76712002f5

                                                                                                                              SHA1

                                                                                                                              5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

                                                                                                                              SHA256

                                                                                                                              2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

                                                                                                                              SHA512

                                                                                                                              fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

                                                                                                                              Download Submit

                                                                                                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping820_1545209957\manifest.json
                                                                                                                              Filesize

                                                                                                                              135B

                                                                                                                              MD5

                                                                                                                              4055ba4ebd5546fb6306d6a3151a236a

                                                                                                                              SHA1

                                                                                                                              609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

                                                                                                                              SHA256

                                                                                                                              cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

                                                                                                                              SHA512

                                                                                                                              58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

                                                                                                                              Download Submit

                                                                                                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping820_172876632\LICENSE
                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              ee002cb9e51bb8dfa89640a406a1090a

                                                                                                                              SHA1

                                                                                                                              49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                                                                              SHA256

                                                                                                                              3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                                                                              SHA512

                                                                                                                              d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                                                                              Download Submit

                                                                                                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping820_172876632\manifest.json
                                                                                                                              Filesize

                                                                                                                              79B

                                                                                                                              MD5

                                                                                                                              7f4b594a35d631af0e37fea02df71e72

                                                                                                                              SHA1

                                                                                                                              f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

                                                                                                                              SHA256

                                                                                                                              530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

                                                                                                                              SHA512

                                                                                                                              bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

                                                                                                                              Download Submit

                                                                                                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping820_1823325902\manifest.json
                                                                                                                              Filesize

                                                                                                                              134B

                                                                                                                              MD5

                                                                                                                              049c307f30407da557545d34db8ced16

                                                                                                                              SHA1

                                                                                                                              f10b86ebfe8d30d0dc36210939ca7fa7a819d494

                                                                                                                              SHA256

                                                                                                                              c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

                                                                                                                              SHA512

                                                                                                                              14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

                                                                                                                              Download Submit

                                                                                                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping820_1867626102\manifest.json
                                                                                                                              Filesize

                                                                                                                              176B

                                                                                                                              MD5

                                                                                                                              6607494855f7b5c0348eecd49ef7ce46

                                                                                                                              SHA1

                                                                                                                              2c844dd9ea648efec08776757bc376b5a6f9eb71

                                                                                                                              SHA256

                                                                                                                              37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

                                                                                                                              SHA512

                                                                                                                              8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

                                                                                                                              Download Submit

                                                                                                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping820_2090822540\manifest.json
                                                                                                                              Filesize

                                                                                                                              238B

                                                                                                                              MD5

                                                                                                                              15b69964f6f79654cbf54953aad0513f

                                                                                                                              SHA1

                                                                                                                              013fb9737790b034195cdeddaa620049484c53a7

                                                                                                                              SHA256

                                                                                                                              1bdda4a8fc3e2b965fbb52c9b23a9a34871bc345abfb332a87ea878f4472efbd

                                                                                                                              SHA512

                                                                                                                              7eeee58e06bba59b1ef874436035202416079617b7953593abf6d9af42a55088ab37f45fdee394166344f0186c0cb7092f55ed201c213737bb5d5318e9f47908

                                                                                                                              Download Submit

                                                                                                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping820_269195008\manifest.json
                                                                                                                              Filesize

                                                                                                                              85B

                                                                                                                              MD5

                                                                                                                              c3419069a1c30140b77045aba38f12cf

                                                                                                                              SHA1

                                                                                                                              11920f0c1e55cadc7d2893d1eebb268b3459762a

                                                                                                                              SHA256

                                                                                                                              db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

                                                                                                                              SHA512

                                                                                                                              c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

                                                                                                                              Download Submit

                                                                                                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping820_80810326\manifest.json
                                                                                                                              Filesize

                                                                                                                              160B

                                                                                                                              MD5

                                                                                                                              c3911ceb35539db42e5654bdd60ac956

                                                                                                                              SHA1

                                                                                                                              71be0751e5fc583b119730dbceb2c723f2389f6c

                                                                                                                              SHA256

                                                                                                                              31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

                                                                                                                              SHA512

                                                                                                                              d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

                                                                                                                              Download Submit

                                                                                                                            • memory/2676-618-0x0000000005210000-0x00000000052A2000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              584KB

                                                                                                                              Download

                                                                                                                            • memory/2676-616-0x0000000000400000-0x0000000000C06000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              8.0MB

                                                                                                                              Download

                                                                                                                            • memory/2676-617-0x0000000005330000-0x00000000058D6000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              5.6MB

                                                                                                                              Download

                                                                                                                            • memory/2676-619-0x0000000005A20000-0x0000000005A2A000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              40KB

                                                                                                                              Download

                                                                                                                            • memory/2676-772-0x00000000002F0000-0x0000000000300000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/2840-805-0x0000013A4EEF0000-0x0000013A4EF12000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              136KB

                                                                                                                              Download

                                                                                                                            • memory/4088-642-0x000000001C0F0000-0x000000001C196000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              664KB

                                                                                                                              Download

                                                                                                                            • memory/4684-758-0x0000017AA6720000-0x0000017AA7608000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              14.9MB

                                                                                                                              Download

                                                                                                                            • memory/5004-641-0x00000000050D0000-0x0000000005292000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1.8MB

                                                                                                                              Download

                                                                                                                            • memory/5004-643-0x00000000061B0000-0x00000000066DC000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              5.2MB

                                                                                                                              Download

                                                                                                                            • memory/5004-644-0x0000000005DB0000-0x0000000005DC2000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              72KB

                                                                                                                              Download

                                                                                                                            • memory/5004-645-0x0000000006130000-0x0000000006196000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              408KB

                                                                                                                              Download

                                                                                                                            • memory/5004-640-0x0000000000640000-0x0000000000684000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              272KB

                                                                                                                              Download

                                                                                                                            • memory/6052-1252-0x0000000000400000-0x0000000000C06000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              8.0MB

                                                                                                                              Download