hxxps://rizve[.]us[.]to/Xeno/Xeno-v1[.]0[.]8-x64[.]zip

Analysis

max time kernel
44s
max time network
45s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rizve.us.to/Xeno/Xeno-v1.0.8-x64.zip

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
4556	msedge.exe
4556	msedge.exe
2568	identity_helper.exe
2568	identity_helper.exe
1560	msedge.exe
1560	msedge.exe
1908	Xeno.exe
1908	Xeno.exe
1908	Xeno.exe
1908	Xeno.exe
1908	Xeno.exe
1908	Xeno.exe
1900	Xeno.exe
1900	Xeno.exe
1900	Xeno.exe
1900	Xeno.exe
1900	Xeno.exe
1900	Xeno.exe
2168	Xeno.exe
2168	Xeno.exe
2168	Xeno.exe
2168	Xeno.exe
2168	Xeno.exe
2168	Xeno.exe
2628	Xeno.exe
2628	Xeno.exe
2628	Xeno.exe
2628	Xeno.exe
2628	Xeno.exe
2628	Xeno.exe
2932	Xeno.exe
2932	Xeno.exe
2932	Xeno.exe
2932	Xeno.exe
2932	Xeno.exe
2932	Xeno.exe
2380	Xeno.exe
2380	Xeno.exe
2380	Xeno.exe
2380	Xeno.exe
2380	Xeno.exe
2380	Xeno.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2580	OpenWith.exe
2580	OpenWith.exe
2580	OpenWith.exe
2580	OpenWith.exe
2580	OpenWith.exe
2580	OpenWith.exe
2580	OpenWith.exe
2580	OpenWith.exe
2580	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 1684	4556	msedge.exe	83
PID 4556 wrote to memory of 1684	4556	msedge.exe	83
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3596	4556	msedge.exe	84
PID 4556 wrote to memory of 3696	4556	msedge.exe	85
PID 4556 wrote to memory of 3696	4556	msedge.exe	85
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86
PID 4556 wrote to memory of 3440	4556	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rizve.us.to/Xeno/Xeno-v1.0.8-x64.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb19cc46f8,0x7ffb19cc4708,0x7ffb19cc4718
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,3582359241378748728,10869997137798668128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2312

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4996

C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1908

C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1900

C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2168

C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2628

C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2932

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.0.8-x64\Xeno-v1.0.8-x64\Xeno.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0b6b6857-83d9-4aea-90a1-9e4102c22932.tmp

Filesize
10KB

MD5
68da423e1a3e58b3457a8c59665d7189

SHA1
74b7f42106410fd95bb36addb19338e3f5a37424

SHA256
c522f98be3d885b142bcbd5072fb02520ff77dbb1afffabfc5f86285bc885249

SHA512
e607bf0cbf1309230ed9ad4f687a8f74c03d24ef2e01f4aec2fd530b24df107dbfcbe8bbe89a675b45d82c9ac3dd63264501cbb09d5511b6239a4785b452868c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
399B

MD5
c10b78b00a4636c97c72a9cf63566946

SHA1
cdc3bea06c8068c42e6e5a818413e639ebd4bc15

SHA256
3eeb922c7037a37978c65f7dfc89267b0118dc3ce23f7c77090578881b43b2cc

SHA512
384140fa44f477bc6878b953a90031b005f9999f7327c83b11d9ad4bec72b365dc9245d181157a6ed2e071fd270e5de71b61a5986f166cbef27e21205a14ffbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ca3ffd4e8e9757aa695c5f16ce78033

SHA1
fc82bf1c49e17b14fc6f5eb474a9147249ff3133

SHA256
9105a2249ca8bf943fc30746e2033cf8b7705b8d826c78f5827eee3b26bd45c0

SHA512
f99e4c144141ec71c603ce8756d3bc6ef98df2eab92a21242881d9432166c805ec141aaf26d535fb891b5fb89638da34aa8cdb8470f486ba3ba5708d97d6f567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d67dade11a9290e9e80cc65cbfefe5f

SHA1
cf99e071c345bbc941cc6a5f2d2428c422c5a232

SHA256
3fdf6eeb43c9e7aa49142f01d8d138ccdacd64052be3205b2ef49b36aca73895

SHA512
c64276cffeb9c4c9bb8efe8ef84d53dabb492058a0b07394a540e73d4998809bc42aaefe96020fc2f1c3945bf2b4cb6ecea621b5d94937f01139f66fba7c241a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62adb0415297eb4fbb3b36b1da781294

SHA1
0805b75ebcaa19b1fef25f28a85af7ae97f1df70

SHA256
e4915340648e23644f9c8078e611548b75507b8ba29989762da0707fb4d4a30a

SHA512
7afaa82493282594d892847c06d65f13d5ac10d0c342f2182f2b526876672fc0c8e0f365773900a5401bd56ab4bec81477c6987be261dea0066b33c5496c6033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fc0c434a651afab46440762261d9f444

SHA1
d489aaf7c7631b5db3826d63a793211512312e3a

SHA256
02b2450bc82a53af8db645e0e7771ebbeb332267790d52ae95a542a9d98e845b

SHA512
d68b7bea0bfeb36af9568d89ef879f97f9dd7cba68236ebbaf26a0aa4f68f467418c9d75ad08ae91b0629adfd60ba375a8aa3ff4c8685c69741e1bb27c065fc8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 300062.crdownload

Filesize
4.1MB

MD5
c232bea765c6edb442a8709a2a012279

SHA1
904cbb05a56948661a34a75f4d5484dce7cb6c03

SHA256
e2157140596246478da3eef7ac3c3279e69ed1c6820ccfe2cd3f3b90c4b9a288

SHA512
3a10f27efc5d04941bdfecd642c5241b5d2a5db5d894d6c043ef46d47084780c2f1aa8bb37707fc5b146f326855503dcab2a9670cb1e73326f332f90a9c0e5c6

Download Submit