xenorat | hxxps://gofile[.]io/d/Cm5pOR

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-01-2025 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/Cm5pOR

Score

10^/10

xenorat discovery rat trojan

Malware Config

Signatures

Detect XenoRat Payload 1 IoCs

resource	yara_rule
behavioral1/files/0x0007000000023c94-77.dat	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Xenorat family
xenorat
Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 350349.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
1276	msedge.exe
1276	msedge.exe
1748	identity_helper.exe
1748	identity_helper.exe
2844	msedge.exe
2844	msedge.exe
5496	msedge.exe
5496	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 4460	1276	msedge.exe	82
PID 1276 wrote to memory of 4460	1276	msedge.exe	82
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 2516	1276	msedge.exe	83
PID 1276 wrote to memory of 4452	1276	msedge.exe	84
PID 1276 wrote to memory of 4452	1276	msedge.exe	84
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85
PID 1276 wrote to memory of 4476	1276	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/Cm5pOR
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd317946f8,0x7ffd31794708,0x7ffd31794718
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,12901863907114649908,2416696883051386660,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultdd80d2deh6008h49cchb4a1hd9fbf6671219
1⤵
PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xb0,0x12c,0x7ffd317946f8,0x7ffd31794708,0x7ffd31794718
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,18242115313111798647,13921997435027855507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,18242115313111798647,13921997435027855507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
be8842caba48dcb8a02aa560da852cae

SHA1
2b696279fb773b0203a23179a44d1570642418dc

SHA256
2130a10cf26ee5cf50fda25e19e0ad2992bc399dea33ea7ec20dda589d53cd0e

SHA512
21dfdf64b51459d0767801966b05b14b072712dd490bed18ccfc386e4da2f47dd7f4317994dd5bc84ed8daf668ce826c21d05e8ce95633f98526202d06ca7ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
5ebdc3314b8abf64a7ca17943332bde2

SHA1
1f45d01bcf730b0658cddfc0c5c670e2c0ed25cd

SHA256
df820dd23e7cf86c46ce9977463e39fbd3e17ed52367e14d42814caeed5047d4

SHA512
301869872849f3d4abbae8edaa4d220d6c6b28ba0ad8057bfda3a528dc7be0ddb1daa41b93e80bf6c25e5b93bc1fc597166ed44daa26157d6c80cc6367c7bb1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
391B

MD5
af37e39de81bdee39b60eb28cc58a54d

SHA1
e743c591a8e2f0ec6082969662abf7535c444fc6

SHA256
81c5cdcf737de4b1c1ca1b11ac83ca3ead05f2ae1f6e9347cad7213a7ab56b4c

SHA512
a7d594187232d92de104eed7b1c7321d7261b62e815b87de1880df659f79884a25dedf06c5ffa15107229b8bc8215972825f82e88e562b87f4e3025684fd6c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68dce32213dc2c90783f297710dbb8e7

SHA1
1f0e8261fd259b0b69a7ed94cda8f31ef6db6c6a

SHA256
d55ee442a699cfdd3e9776d2ecd7ed548c6b4ccb204a9dfea933da4b4b9df76e

SHA512
7f5e8fa7608210e7fee34f7af4d6ada5c3b3fcf25df75c85622de37149d0e2f123dae132c3742bf088bb8539417d693b47c440fe21a492f91f46fdb9c3fa3cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a9a9b5308e5e62fdc5fe32659343d47

SHA1
41af3d275b9ad25c786cb83bef4e5dbf1a4e093c

SHA256
54f38bd94040e3428bb6d2331f3756fba516469e1f68d5cce5b2a697ee4b3570

SHA512
e39c10a2c9509097fd1c7205d13002ea92d0456e06e09a9250297a7cf24c99f109e77f4fdb9157f9fe846090342886d425077a7509ab7cae77a54a1cf09a4e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21db894eaac4e3c8d71a487119d781ab

SHA1
79b7273e8d95c0fb1d7616358ab91f3afc48a735

SHA256
367d7eb13329d363949fa538d8b26810281a2b2ae430ab63e2a90d2373944cf0

SHA512
dd6496cabb04962abe2b6e9612d7be91669720b581d8548aec7cd9cc74921e2b0529edfd958d34b22d8d497ac29dd49a56ec1c9cd9e3c8f3014685c811ab46db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
01cecfcf8161bba646fbc8dc6231ba22

SHA1
05864e5c79a679653f63e07787e2c329f4a9bddd

SHA256
a77f6966873d291f2961ac57e15eea47e8a255dd56ae6c9fac18c969fb4a8369

SHA512
4d966bb81ed2ff1967373027ea58e06936dfa4df20ae0969ab9e0f117f73c2abe4790ff7d436a0fad03d4566fabc45abdb5fe7bb8b94f09c85fd750ee6803994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2364ab8d5bc95fe0a19ffbfac3c60a23

SHA1
09d65ed2ee6e22bcd4616f192b35713d6b659f73

SHA256
a215ac1a0f10936f423ae60b754b06324770a3927d00030167a61e6c278940ec

SHA512
a0371e1c507c9925ac44ae93db260e4494a6155558216b59e2688fa01fe3426d7698c6bc83bfd92adaae503c502f4a0572bf979e51f5a022dc5365dd0d828068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
88062112c9b9e0b54f0685157a85e301

SHA1
4efe975ca8e2792e3fe89e583f4fafbd0da87250

SHA256
e0d0e3dbf5a94946ea3ed9a27f32b70a69938961c21d23a285b30c69d2aa2e88

SHA512
2074b2e801e6c88a91b9020266161538f0869db605ba75dd51b610a9631cc384636732fdc5bc371a7d98a1e07135117af005c3a1167e3d8118d3c2a152cde9d0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 350349.crdownload

Filesize
45KB

MD5
cc0e4450d0c8446eb72206c66bdd4ca3

SHA1
a936af65c7d90196f7a7ab2f663319529f6221d0

SHA256
e2d780d8bc56846e3a2ed26c08ebe210c16d79149e3d90539b12c1d2e80b4fda

SHA512
ec3fbef492428a942b51c21e052bd0b5a8d375b515d544b7e4063f6d12b23c97c5bc5c157747ba27795d74ec09524c219cf4e8e5385cca27ba11a1da03a82c41

Download Submit