Analysis Overview
SHA256
990565da28fb5ee5655a3723add532743334ba88efc998c891344b17549d88aa
Threat Level: Known bad
The file Loader.exe was found to be: Known bad.
Malicious Activity Summary
XenorRat
Xenorat family
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-16 09:04
Signatures
Xenorat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-16 09:04
Reported
2024-03-16 09:07
Platform
win7-20240221-en
Max time kernel
133s
Max time network
142s
Command Line
Signatures
XenorRat
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Loader.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\Loader.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Loader.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Discord Update" /XML "C:\Users\Admin\AppData\Local\Temp\tmp19D7.tmp" /F
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.178.23:4444 | tcp | |
| N/A | 192.168.178.23:4444 | tcp | |
| N/A | 192.168.178.23:4444 | tcp | |
| N/A | 192.168.178.23:4444 | tcp | |
| N/A | 192.168.178.23:4444 | tcp |
Files
memory/2280-0-0x00000000001F0000-0x0000000000202000-memory.dmp
memory/2280-1-0x0000000074900000-0x0000000074FEE000-memory.dmp
\Users\Admin\AppData\Roaming\XenoManager\Loader.exe
| MD5 | 75fdbc2d379d84adacfc0f521d88dd59 |
| SHA1 | 3a441c75c212a970b1acf547ff67d36e5b3b2767 |
| SHA256 | 990565da28fb5ee5655a3723add532743334ba88efc998c891344b17549d88aa |
| SHA512 | f6140ded24561c64c4f6722f88209c18cdec8e7b643b3de3777a3ba1390fc440eadfc272dff97a9d7ae040e72797d55ee662ed26df1da2ada4da96c9e071bb64 |
memory/2804-11-0x0000000074900000-0x0000000074FEE000-memory.dmp
memory/2280-10-0x0000000074900000-0x0000000074FEE000-memory.dmp
memory/2804-9-0x0000000001310000-0x0000000001322000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp19D7.tmp
| MD5 | 98ec19a37c08a1707467b39a05d92fc8 |
| SHA1 | f530e07fc098aa26f0b5c7ff7f481c35794a18f0 |
| SHA256 | df1c791bbfb73bb139e5c3002e7adba14af7a131d3877ed1d0e0ca19bd4a6fbc |
| SHA512 | 1cf644d7654609eaa85580c48d89e8c2b78feaa378e5447f5c3c11d8c5fc501353aca6c73c4beb4641f816833b06faa59a9c450bfe97e27c5f7f1a8dfde59701 |
memory/2804-14-0x00000000048C0000-0x0000000004900000-memory.dmp
memory/2804-15-0x0000000074900000-0x0000000074FEE000-memory.dmp
memory/2804-16-0x00000000048C0000-0x0000000004900000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-16 09:04
Reported
2024-03-16 09:07
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
XenorRat
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Loader.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{7686030A-D74A-4113-B6DE-6AA4C92A5F53} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\Loader.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Loader.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Discord Update" /XML "C:\Users\Admin\AppData\Local\Temp\tmp61B7.tmp" /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault51027372h4e65h4b7eha4b2h9c4fc32ba2d0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffe673346f8,0x7ffe67334708,0x7ffe67334718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16162356369602797649,12060703938836064889,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16162356369602797649,12060703938836064889,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16162356369602797649,12060703938836064889,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault4d98bba0h80aeh42ceh959bh33857ef96e57
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe673346f8,0x7ffe67334708,0x7ffe67334718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13584843590069306467,11181787701910312735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13584843590069306467,11181787701910312735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,13584843590069306467,11181787701910312735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault4dff52c8h0d07h497fhb26dha0611d242e31
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffe673346f8,0x7ffe67334708,0x7ffe67334718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2982406145524819329,8514782737317340998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2982406145524819329,8514782737317340998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2982406145524819329,8514782737317340998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe673346f8,0x7ffe67334708,0x7ffe67334718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6395403713123783903,6478942001937008369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| N/A | 192.168.178.23:4444 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 192.168.178.23:4444 | tcp | |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| N/A | 192.168.178.23:4444 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 2.20.37.224:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.174:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.37.20.2.in-addr.arpa | udp |
| N/A | 192.168.178.23:4444 | tcp | |
| GB | 92.123.128.161:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 161.128.123.92.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.187:443 | th.bing.com | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| GB | 92.123.128.187:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 187.128.123.92.in-addr.arpa | udp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| N/A | 192.168.178.23:4444 | tcp | |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.178.66.33:443 | gofile.io | tcp |
| FR | 51.178.66.33:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 33.66.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.80.50.20.in-addr.arpa | udp |
Files
memory/4500-1-0x00000000748E0000-0x0000000075090000-memory.dmp
memory/4500-0-0x00000000003B0000-0x00000000003C2000-memory.dmp
C:\Users\Admin\AppData\Roaming\XenoManager\Loader.exe
| MD5 | 75fdbc2d379d84adacfc0f521d88dd59 |
| SHA1 | 3a441c75c212a970b1acf547ff67d36e5b3b2767 |
| SHA256 | 990565da28fb5ee5655a3723add532743334ba88efc998c891344b17549d88aa |
| SHA512 | f6140ded24561c64c4f6722f88209c18cdec8e7b643b3de3777a3ba1390fc440eadfc272dff97a9d7ae040e72797d55ee662ed26df1da2ada4da96c9e071bb64 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Loader.exe.log
| MD5 | 916851e072fbabc4796d8916c5131092 |
| SHA1 | d48a602229a690c512d5fdaf4c8d77547a88e7a2 |
| SHA256 | 7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d |
| SHA512 | 07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521 |
memory/4500-15-0x00000000748E0000-0x0000000075090000-memory.dmp
memory/3496-16-0x00000000748E0000-0x0000000075090000-memory.dmp
memory/3496-17-0x0000000004BA0000-0x0000000004BB0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp61B7.tmp
| MD5 | 98ec19a37c08a1707467b39a05d92fc8 |
| SHA1 | f530e07fc098aa26f0b5c7ff7f481c35794a18f0 |
| SHA256 | df1c791bbfb73bb139e5c3002e7adba14af7a131d3877ed1d0e0ca19bd4a6fbc |
| SHA512 | 1cf644d7654609eaa85580c48d89e8c2b78feaa378e5447f5c3c11d8c5fc501353aca6c73c4beb4641f816833b06faa59a9c450bfe97e27c5f7f1a8dfde59701 |
memory/3496-20-0x00000000748E0000-0x0000000075090000-memory.dmp
memory/3496-21-0x0000000004BA0000-0x0000000004BB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 279e783b0129b64a8529800a88fbf1ee |
| SHA1 | 204c62ec8cef8467e5729cad52adae293178744f |
| SHA256 | 3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932 |
| SHA512 | 32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b |
\??\pipe\LOCAL\crashpad_1192_KHALKPYMIYUDUAOF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc132dcb6c95ddcfca12acf0cf884e81 |
| SHA1 | da5655ee1287b02a6b183e17085ec45b1f9e03d7 |
| SHA256 | 54e20659df47e14afbfbcc6390f3dde53fe23f9559cb0671cd512ff1c0b55c14 |
| SHA512 | e9901cfb615ac66b5115b6d2cfd2fcc29ccb95d9d3711308985a7a8bc5ad454a728cedbb3ec89c12e562e9991351ca036de61e5f0c793aa0323770bd7e32b074 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39ec05f7ca4380f9650844393c58e54e |
| SHA1 | 22181f5526d315968a9190f3e0a97a35e3d23dfe |
| SHA256 | bf815545d9884c46f14f2de1e8ecfb84fc1f49a7395680edd799b0d30adf91e8 |
| SHA512 | 47a4f5dc1da15cb323e1eac2fcde4f7697d198a21cf9159844d10d10e2b875290942f4da65bc5e923a08d19dbf1b6c0818218cc479279eed2c23699988632d65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cbec32729772aa6c576e97df4fef48f5 |
| SHA1 | 6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba |
| SHA256 | d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e |
| SHA512 | 425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | c651f4d827b2be9d22db19298c8e05c2 |
| SHA1 | 70f9d1992537909055d9ae1fca678afff979f73d |
| SHA256 | de120162465451dae7a2eb4e3316d77e22d1237de2888718b5cf1149973b8eec |
| SHA512 | d2c2adbbf6d8758a164e2f573e059183563150d3fd87ddad739ef090831a9f586376f3394e3ccbef17dc11f842f5c118ba6248c982a8b3c266c9a009bceabb8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | b7a0f08189c53fe73520f5c6b30d7e15 |
| SHA1 | a51c425c5a5aafa9959a21ba930236dccbed9e80 |
| SHA256 | 3f1288bce63a4681c7c31c4d4cc0ff0a09502887acdbb1b96efdb4a46c158045 |
| SHA512 | c1da414805f81b61186bcfe1408b21af4669ff0fcc24f1ba6c16ed3feb28ec77d4323bd8a875ab192689ad1e9cd43d79ba14679390ea0c5e99fbadbb0e7aa86f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4df4574bfbb7e0b0bc56c2c9b12b6c47 |
| SHA1 | 81efcbd3e3da8221444a21f45305af6fa4b71907 |
| SHA256 | e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377 |
| SHA512 | 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8248c378013861f792572eb169bd5ee1 |
| SHA1 | 5caf09f2b50a1eb3fd94c3a450c6ea0f5cc59e4b |
| SHA256 | 6b25891e7b417a4cc442812deaa0c717d284cc4ff70607ec12593099759dedd7 |
| SHA512 | 73a8c856e916ee88513cb4644662d7855735e3cb8c9841e03095f13bfe2a5e5d44d63c7be38582995a245d8da1b727122f00e7595efec7e5a5eff72bf491c3b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e63427c724f88bc9a6f086bbda1be14b |
| SHA1 | f40a9212bd04d2d1e3789039ac0827ec1237fa97 |
| SHA256 | cc6a90bf73cdd6783bb7c6aae7580a1ee15bc298c06fbcc7225bcb052023db61 |
| SHA512 | 5853879f4012038f17134234fff6e7f80581420a180d9a691ef683b56bb949a1cab217bd0ac32aa054faede5c3f9adc16bac0e1248be78a2c8beddbeafae205f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e1f7cfaa7f617a32e983f8cd0fdd1ff |
| SHA1 | a17aa35cf6c966b713f51f97ccf7753897519214 |
| SHA256 | 1b3d73a9fe183aebd04870c0911c20b70995d410ac2fca3e7a68722fb9af8469 |
| SHA512 | 694409af83f24f9c78ec113aadfe07b1a0262e1f67dc4d266595801ba7b571a37d67fdcac390ab1488f1f8c7ed96fb716edccebcbeec5ff949e3ee9dcc8b3970 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 51d330c505051fabbcd8afc9366caf98 |
| SHA1 | 4a40084990e3251d75dd52b41ed2f7696294194b |
| SHA256 | c62834204d891b16067d5b8cfd7d0abde29823a0bad8be5d6f893821fa7fef72 |
| SHA512 | 640167be3cf191ea8eea86aced28237c42eaaf5fcb2a1d8489e7105482a1c0e0cf3794fc5a9984bb275994c51b6ce27f297bc3990e3dbd890afff6f38389bd45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 2262bbff271577f2f2600895cc7013d7 |
| SHA1 | 75232d85e3aaa2c21364b83c6b1f97eab2b1486d |
| SHA256 | 21abc7370f655d6004fef0394a4d57e3d3cf3baf05173c03683cecd661051b0f |
| SHA512 | ab2a4e41b904466183ff28ca32dc3bf2326b63aa9363abe432967cf235ca1d677001cba32bcc3d3ea31cbc479919f3068bc53908a0974641596c65b24d2d879c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4808af2f-2fbd-4baf-9dc2-50bffb4ffc41.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 912b99ba9a558fa28d876ed7d6c637f8 |
| SHA1 | d599b2b397c5334b50125e7ba79ed82b364d3b35 |
| SHA256 | 61428de0438bc7768f037caf257409e069499e5b0028014372a613e2809fe1b5 |
| SHA512 | 7f96a3843679ca7138c720ebc7ae20deb7d03338b52016e778f692e4942c4e5c4a521cc6aa65ee2321b9704d79d1b89e2f7c45dc74eb6cbc7c84bb66ad99e96c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 66bdb2a27ce90014b178bc5816d70691 |
| SHA1 | 7c52e22cc5ad19120fb19fb1b9d16400a484c633 |
| SHA256 | c17f6a1cf035ea29110127ebc0c662cad72afc858e0ab6d015d57d0e191fbdd9 |
| SHA512 | 16c85d99f4e03a5825c26318c5c12078e9b9de32369341569caa7fdd7dd2fb9bf675b16165bc9749463363c5cfc7b4b1dfeb860b9c4a50e7d35ff3c4bc0fba9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9bd6fa4b643b9de086991f0be7008302 |
| SHA1 | 479f364b11bb58bb5571711973781d093cf07089 |
| SHA256 | df4f6642928f03d7eaf640f91327e5c72fb0fe3c1c03afe823909b8f2e1edf9f |
| SHA512 | ac8db2bb6ab674243c9bc6d36f65b287a9165a43e629361ce9e448e60fa679fd1173dad22323b03ae6ff7af4c650010349f1e4655aa0d547e45dad7b7b341fd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 05bb95fb274d07ecd029c1c5125d8960 |
| SHA1 | 50c5e3a5e2af5651e69747c1d505f7261565909f |
| SHA256 | 7a0a2bdaac35fcbab355a2354e7a7ae288f64eb42bb4f98952869acde61c488c |
| SHA512 | 1cf6d9c4906cdb7235f1d76f0df67fc5433d07afe0c5d0e4b7a9a86951fa26858fa6f98e135ac492db47d62c26f05517146f57a931a1e6bcf023e226e81cb180 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | bd0c21093c6d8bd6cfdcaee04c2edfed |
| SHA1 | 72cf27839d7e9b70befed7710513518658c22ef5 |
| SHA256 | 006dfe0b04c1155a00bbca3c53fc662760834c1efcba215770e88b79f8153b15 |
| SHA512 | 91290afe7825558dd3deaa21ce474914ca457601b538c6648ee5ae45aa8a0d5179fb71e4467a4b6a243d0023dadc0229f4a680875e075834d9e1e54bcc2f8343 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | f0fc61daa42af6ad8617ca70ff9a2a19 |
| SHA1 | 00e436cce49a6a0c8976e30cabeab77d235b1f23 |
| SHA256 | 8fe0b1c367a742bd51507657eba54847ae1ddc2fcec5cc3ede3ed5994110a251 |
| SHA512 | 90466f9e129e51c1d4ac1a75ff1fedfabae2293be57599cb679f1cf879cc7f117f8323bb544cc3cb4bffe27f7fdee60ea18ff41de5231e1b014bddf402e0ffef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38a9e96953d1ed2bafbdc1934930f568 |
| SHA1 | ee313d2166c9df63e78c21d656cab57ea9cc3081 |
| SHA256 | 22cca51f8eef147d69e2d4c4feb90895ec1be49dc5aacec2d97c5229f4158c2c |
| SHA512 | 60cfa0bb21d0d46bf7c2d64bb62a9684449014a75be0b92be13db719d999c7947050700c471c52a7d21f1f16bd4a8c39bb942473a4fa779c8de10350902cb6c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | cf39ddc8edc47d10ee67a1bd096f1758 |
| SHA1 | b2ecc29073101e496bf8cec4717e4b7091e46ce5 |
| SHA256 | 768e5c1587a223b359aa9185d4684e634c105afdd871bb308e993fc2185c2dce |
| SHA512 | c9f05fe8a0a12a721ded7a535076bacd7d266eb27b9fe3eb5f58c2be9d8e19fd6ab1be35b20be0995b04ea5a2c9c6d3a744ba905c228203df691451fbe951e09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb93af887e4b07988b69988e4d17b8ad |
| SHA1 | 681b3b61b3eec1a8cd245ae2c7f392f344862166 |
| SHA256 | 07a0ccfc7d20d2958780ab908f4b747d554a9a41084ee8156eede05230364b0b |
| SHA512 | 236b02f8923e21f040dce841f59fc9fe3d6748a4c9393439727bbcb94a247f2700171f0aab5876721bf9a73c5a3de0f16c27e69a3c366855d28ccade10c19c2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 88e48a2c7c65544a69f1dbe5f64f222a |
| SHA1 | 2ee293a64ee7ed0736e86cf6f44f55bee774201a |
| SHA256 | 9dafd3604498632f9e21da934727ecfb35c61bce29ca3475d58fdd04d1818ae0 |
| SHA512 | ac46f5a4665b165fabd506517e9a97684aabb1650b675d3ba5c9c3bbe728a55bff23fe3f09f180be14c7174525969a48a080a412deb7ffaeb72a93aeb80f1a03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cbfc27ba25c9b3c223aac89cabc079e8 |
| SHA1 | bd91e3cbd3d4c26f261bc66978fa9a5822f484f1 |
| SHA256 | 9a28ef3c1f6e7a7a4f05c551f406f7bd47d337bc175489d93fd01a7e5fc19774 |
| SHA512 | 55937f2273e29a768e34a06a1c3f1501921ac7871d71d72a20d5b4008b82a90546d9193dace4a9eea0178397aeb640d649dca4fc5e2ab9cd64b70591afe60041 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 65d79e58eae0984480dbd80f4cf66bed |
| SHA1 | db2b5c3cffe5a0b179b51e3d574148513de7ca03 |
| SHA256 | bccd36b234d25858bf3defebca00e012bc2ec2543d747bec310c1d76ca9e8dfa |
| SHA512 | 5d07104710e3536935ba91e59d93c799265800dc22c10c79181ae926050423c253edb95ff88fece1cdbe5a33c52af32d62eed7f1c55ea7f94c3325877b95c5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a7efc655eb78f71e18b35145751a197 |
| SHA1 | 23b864aee8e41f9710c6937794a5712fc6c976cd |
| SHA256 | b8512d481ced7a534dcccc8b58ca0d7155ad826b54eab9ab2c5f6e28612276c7 |
| SHA512 | 51021c0714a2a653746b51ae39203066e0f82ff6d250ecc7903bb4837ffd9c0cad02c522b10dad25774425f4256665b32c0a24e52c466cc4f7e9010dc50db4df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6b3305ab2ff6cf7118f22d7af4c38cbd |
| SHA1 | 9a3acacadaa770148db1c9956b0fd5302d6befd7 |
| SHA256 | 2b40aac2e585973481fa78109a815229e2f3a77764aba8a2b640415239e0569f |
| SHA512 | cbe301823a8e0a53edc5883899531389a632dbb44142f371b342ec87bc2057df6a1aeeac4df9893851618324f0dc0e12035ea1301455f1e0dd9dc75bdcd7981a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599466.TMP
| MD5 | 77ec78307570b01ea33ba38ff0ecc99c |
| SHA1 | b6920c9f200e96503ddf0325c427976672d4a60d |
| SHA256 | 467fce37dc1a9a4a8466eba55c7eb3df37096e662257dfb34b58976e554bbe55 |
| SHA512 | be3f8380190251cd5ab443e4cb578775c7fce145659c0f82bffe447a795a3d817633fa085bdc4e48dc1cf411b2c8d22b29f4b659af0dc5c7df87f9fa1c6fa2ef |