d4494d6239ab355a31308234f5c4508c6b31cb2e89e0636101de41bd60d544fb

Analysis

max time kernel
841s
max time network
848s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03-01-2025 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.0.9-x64-New/bin/Monaco/index.html
Size

164KB
MD5

001dcbb8f41cdcbf9b4d1e3a0ed4b2d2
SHA1

982a05814546017c40771e59e7677b53d84787e9
SHA256

f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951
SHA512

9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa
SSDEEP

3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblM:64J09BA3pZaFD48VOAGUWYPjdlLJbRBS

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
16	raw.githubusercontent.com
8	raw.githubusercontent.com
15	raw.githubusercontent.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\38d731a6-0d54-446a-88c1-93aaf2a2048b.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250103102642.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4944	msedge.exe
4944	msedge.exe
528	identity_helper.exe
528	identity_helper.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 2508	4944	msedge.exe	82
PID 4944 wrote to memory of 2508	4944	msedge.exe	82
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4904	4944	msedge.exe	83
PID 4944 wrote to memory of 4388	4944	msedge.exe	84
PID 4944 wrote to memory of 4388	4944	msedge.exe	84
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85
PID 4944 wrote to memory of 3912	4944	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\index.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb7f9646f8,0x7ffb7f964708,0x7ffb7f964718
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2512
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x100,0x254,0x7ff70d135460,0x7ff70d135470,0x7ff70d135480
    3⤵
    PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16911344788232927629,15104126749044606055,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d57a449c855203411a38d5ae80bc24c

SHA1
b361032efa556fc4557bbad595ce89c4b0c13dba

SHA256
bb59bab10e406cd91bdfe4fc0e8ce2817a6ca32fc731ccb3f90b6b79c1a46c21

SHA512
8d4244dc9c0e9518cd71aacaa54d43c1e2d74519e3e692160b2b040d00aac25c4ba7a5705391e50957d46c8c711dc07604effea3bc06c8956ecf717f61008da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
77fe0ce7e1f9c9ec2f198ad2536bf753

SHA1
2a366472f227a24f3c0fba0af544676ea58438d7

SHA256
c69ca7653724e1e9e52518de8f4f030813e1431223d5b6ad3270531d8df89f00

SHA512
e8d4e17b93fb19364eeeffc5b1016fdbe566a8b8d702005291ff263367840b8ccc76290d8a3ad457d40fb5d1c2204bdaa5acba9374236c77935ebb0fe597a095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
193B

MD5
62fc8758c85fb0d08cd24eeddafeda2c

SHA1
320fc202790b0ca6f65ff67e9397440c7d97eb20

SHA256
ee0d15dce841e092ad1a2d4346a612410f8f950fdb019bc7b768f6346f2b5248

SHA512
ca97e615bdcac137a936c10104a702e1529ed3470828f2c3a2f783345ebbef04cac8c051df636c714151671efea53a9b8912b6b0d0b5eafdac5fae1dfdc8f85d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a822.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
13f6b886c29be73f34f84d3969436e45

SHA1
c88ac112d68188218ad071994f6421ae34d86d66

SHA256
769a9d2ae873dafc2fecd893f75257b4068d027d19c10ee36ae904bf8ee7bcd7

SHA512
9679a9f451cf728e0fd8d14ef1200288ee6c30c99ad922102b52b5c93b9767131a2acf0588888a89102c2859be10314b2c717a1f997da83878f411b4541da755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2c0d868cbf5912cdac86a3e8b09fb24

SHA1
806f186920828785b12b02d3dbb63b6bd9a1d7e3

SHA256
51b13b7bb1976a24609200b88af1203ea398449ff1fc9d59905291851b2bae9f

SHA512
700291e69d8d7691fef863df310ec3bb92ca482c71ec99bdf21f28f9ae536f4cb99340ffee246af2379e7353f7c4af4d0fd46c7ca1c3b0b1cb8d10ccb822deaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a8fde24acc3d965a82a4ffcc8a1574c6

SHA1
121978a73f8f52e7b122938a5c62a66237ceafc9

SHA256
9e20ebaab452fc306b869c26294204acaeecdfceaa8da488e9a043fb50a281b8

SHA512
70f4ba0e0020e43802617a38d7919a945827f1e86ee45550271ffaecfa465ee711bb2ee7314cc11534b3709f6d8704e3cf65be8f38c2dc1766728ac33a79681e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
9b2345e425acf05ffaa1dee20d4fdbe7

SHA1
aecf86c5a5d24b77aea68f6bc99e7f42c9048bc3

SHA256
1eb6cc0eab0b222c1111dba69db74281366b9f5dc9f8707ff215b09155c58d14

SHA512
647fc97d693b709ef3b0877b6de1d4f9f4e1085d35b809d27360ede1be52b37f9a967fb80ce43be35d60b52409c7e4036376d7d931c96f0660a2eeffa58a8208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
77006dacd174a80aa9b867f95d5df337

SHA1
7078db638c72ee5cf4ede7911e4421cc4ae103c7

SHA256
5e22af33da2ed3f3197d9c899a8fec5e2716b54be019c484cd59960da8f143d9

SHA512
e8268ed24af38eaebda4cd864e5580ed1bb63e3e4b72a27fe3404baeb7c8c944a7e79282712ac9d0b33f0123654dedb1984633d6ae2a5b412d6536e2b0389bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
9ae2e3b3a2c446d28829794ce2ad6b01

SHA1
8be9645bb303136892900e6407e61b2385684a43

SHA256
9aa7e299b15b778dbad7c8e4ae3f56bb9ba6f91f5703c086b60463875fba03a4

SHA512
fa5159263c602ed4a38d9c618b91d2f6a8475e083c425ec9943eba461be84ffe17580edc202a7b3608a28adf4006c93a6719709011910a353118c37b05766880

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f941c5b41daf3c30e7624cd164e6c343

SHA1
741eadb971bb4d7708e0df2e4cd20195f9632801

SHA256
228c972db82f523e05ea758f2c28576cf35b41816e095ad51abf40ad637dd8a6

SHA512
b5d032c336ae43270d9eab3ec4b5c0328f65fcc4200d44c77df6cf950140ae69aea83ccabfdcde7732d94454a68c4e677c99d9d3b75006c98fcb121012f541d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
da2751608f7060db7135976102c6c704

SHA1
e0db93189055b6f867481a391c6435a6f647c52f

SHA256
d6a76a6e888087ed1d14548245ce36a1629b80115419dd772b23287177b00775

SHA512
e941dca27ca8624e1257823b2cf761150dbfd08ce2699fb990ebb5960c6d90969f64d0130a1b787dc69695ce6003c11141e7f508325003694489d79be2371688

Download Submit