Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

Xeno-v1.1....re.dll

windows7-x64

1

Xeno-v1.1....re.dll

windows10-2004-x64

1

Xeno-v1.1....ms.dll

windows7-x64

1

Xeno-v1.1....ms.dll

windows10-2004-x64

1

Xeno-v1.1....pf.dll

windows7-x64

1

Xeno-v1.1....pf.dll

windows10-2004-x64

1

Xeno-v1.1....on.dll

windows7-x64

1

Xeno-v1.1....on.dll

windows10-2004-x64

1

Xeno-v1.1.6/Xeno.dll

windows7-x64

1

Xeno-v1.1.6/Xeno.dll

windows10-2004-x64

1

Xeno-v1.1.6/Xeno.exe

windows7-x64

3

Xeno-v1.1.6/Xeno.exe

windows10-2004-x64

1

Xeno-v1.1....UI.exe

windows7-x64

1

Xeno-v1.1....UI.exe

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....-0.dll

windows10-2004-x64

1

Xeno-v1.1....x.html

windows7-x64

6

Xeno-v1.1....x.html

windows10-2004-x64

6

Xeno-v1.1....ain.js

windows7-x64

3

Xeno-v1.1....ain.js

windows10-2004-x64

3

Xeno-v1.1....lua.js

windows7-x64

3

Xeno-v1.1....lua.js

windows10-2004-x64

3

Xeno-v1.1....ain.js

windows7-x64

3

Xeno-v1.1....ain.js

windows10-2004-x64

3

Xeno-v1.1.....de.js

windows7-x64

3

Xeno-v1.1.....de.js

windows10-2004-x64

3

Resubmissions

18/03/2025, 20:06

250318-yvs5wsxvax 6

Analysis

  • max time kernel
    144s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2025, 20:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xeno-v1.1.6/bin/Monaco/index.html

  • Size

    164KB

  • MD5

    001dcbb8f41cdcbf9b4d1e3a0ed4b2d2

  • SHA1

    982a05814546017c40771e59e7677b53d84787e9

  • SHA256

    f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951

  • SHA512

    9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa

  • SSDEEP

    3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblM:64J09BA3pZaFD48VOAGUWYPjdlLJbRBS

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Drops file in Program Files directory 16 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.6\bin\Monaco\index.html
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3296
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffe595bf208,0x7ffe595bf214,0x7ffe595bf220
      2⤵
        PID:5324
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1880,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:3
        2⤵
          PID:1416
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:2
          2⤵
            PID:1672
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2536,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=2680 /prefetch:8
            2⤵
              PID:4396
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3384,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=3444 /prefetch:1
              2⤵
                PID:1048
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3400,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
                2⤵
                  PID:4948
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4316,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:8
                  2⤵
                    PID:4588
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4820,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:8
                    2⤵
                      PID:2092
                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5652,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
                      2⤵
                        PID:6116
                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5652,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
                        2⤵
                          PID:5136
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5756,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:8
                          2⤵
                            PID:3448
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
                            2⤵
                              PID:3292
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:8
                              2⤵
                                PID:4988
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:8
                                2⤵
                                  PID:4272
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5488,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:8
                                  2⤵
                                    PID:2524
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5604,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:8
                                    2⤵
                                      PID:2924
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5244,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:8
                                      2⤵
                                        PID:5664
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:8
                                        2⤵
                                          PID:4284
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5492,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:1260
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5984,i,6488255345390561724,6054249851369888893,262144 --variations-seed-version --mojo-platform-channel-handle=3992 /prefetch:8
                                          2⤵
                                            PID:4052
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                          1⤵
                                            PID:4908

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping3296_1202036470\LICENSE
                                            Filesize

                                            1KB

                                            MD5

                                            ee002cb9e51bb8dfa89640a406a1090a

                                            SHA1

                                            49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                            SHA256

                                            3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                            SHA512

                                            d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                            Download Submit

                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping3296_1202036470\manifest.json
                                            Filesize

                                            85B

                                            MD5

                                            c3419069a1c30140b77045aba38f12cf

                                            SHA1

                                            11920f0c1e55cadc7d2893d1eebb268b3459762a

                                            SHA256

                                            db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

                                            SHA512

                                            c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

                                            Download Submit

                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping3296_383364454\manifest.json
                                            Filesize

                                            118B

                                            MD5

                                            9191c4202582ea72903a86ce4e48a007

                                            SHA1

                                            91377355303e460951f8d4af612f80d86e5071fd

                                            SHA256

                                            945cd01c82a269c67b1bd6b76dda407b9c4289e4dfbb4a5d07e4a6b389430b93

                                            SHA512

                                            c4784538afdc8c3de223d187001c13a7b6c0309feffbcb88ecc689357ea04252e0521a5319f7b28b208df9e6b3880f54ef7b08b0ba33ce458f1277b3afcbff7c

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            280B

                                            MD5

                                            690f9d619434781cadb75580a074a84d

                                            SHA1

                                            9c952a5597941ab800cae7262842ab6ac0b82ab1

                                            SHA256

                                            fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

                                            SHA512

                                            d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                            Filesize

                                            2B

                                            MD5

                                            99914b932bd37a50b983c5e7c90ae93b

                                            SHA1

                                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                            SHA256

                                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                            SHA512

                                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                            Filesize

                                            107KB

                                            MD5

                                            40e2018187b61af5be8caf035fb72882

                                            SHA1

                                            72a0b7bcb454b6b727bf90da35879b3e9a70621e

                                            SHA256

                                            b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

                                            SHA512

                                            a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                            Filesize

                                            1KB

                                            MD5

                                            3e39b7c826e628f1e4a40fc7222efd07

                                            SHA1

                                            83edbd1f599faf02764d6552e6c78e563406524e

                                            SHA256

                                            4925d69af9ee1950f88b5d1f44c49797b88e3211db1bcbad810a7834be8de932

                                            SHA512

                                            455ef16a54fb72879a1bd623543709ec9cbdd97616769cb4a85edf59879855243da7d9f9217dd9e372e701fb95b82df8b3eb0eee86a0ddd8382640b54fb2c8c2

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                            Filesize

                                            2B

                                            MD5

                                            d751713988987e9331980363e24189ce

                                            SHA1

                                            97d170e1550eee4afc0af065b78cda302a97674c

                                            SHA256

                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                            SHA512

                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                            Filesize

                                            40B

                                            MD5

                                            20d4b8fa017a12a108c87f540836e250

                                            SHA1

                                            1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                            SHA256

                                            6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                            SHA512

                                            507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            15KB

                                            MD5

                                            2ee694d6500630f4e888dbaf2bfe1151

                                            SHA1

                                            9c3af03a2be31a5bf1daa1b659604b33337fb2fa

                                            SHA256

                                            eede816e22c12d75bb1195059a130202bc3e97f8e52a46c9305a0f71413e9f16

                                            SHA512

                                            3dc8c4ad1905512548021978716cb60ccd9d0c8c274a92a7511e88987c21c52a1a64c6828d479747e45361e97ea8b05b9224d0cf95a9819a0a3cabfc4592d758

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            15KB

                                            MD5

                                            bf8304d4abae79089264f13f2dddca97

                                            SHA1

                                            e51f36a4898ffd0d55a3d4e14772398855848138

                                            SHA256

                                            c0b01faf44972f43553cff94dedca10c5b7fbe31a507dbcf43b3fd6df2e5435c

                                            SHA512

                                            91d1bd266dd1abfe3ee69fee86289ae9dbb8309c28365cb3c7156c7248da746d127d0fa7b6b0129b88feb463e96f943243eb1ba96b63585a662a2b27495d9a0d

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                            Filesize

                                            36KB

                                            MD5

                                            e4474a006e0c8236e85f2d8762b67f38

                                            SHA1

                                            586db45534fb5086f1022a48a9ea0c6214ff0fa9

                                            SHA256

                                            b0af6046eea4b68ce2f0bf071049a91ecbfd7dae8b161c741d41109274c4033b

                                            SHA512

                                            4d22b64d87bf24adf5492eeeddf3c06ab30446d3d399b2d474090d63411f1fc372ebd45674385d897bb790c59c2e07d0883a06fbb37be593e56adfcd958d3fa5

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                            Filesize

                                            22KB

                                            MD5

                                            2499a9ecd19ac86b1be404b64aa6b490

                                            SHA1

                                            eb6fa5760674f48c5443956948cd7bdb3e811865

                                            SHA256

                                            8e4542386e66c0b490d243a9ce328de0280c58e38db9e41a9fd604662dd33c0e

                                            SHA512

                                            2f5d395fc354520bc37c32a50ff73a010c27818c6a7d379eba8e3d266b8951991ade2fd4145287666c0e40fddca9f2c459922436037a8ce007e9bd3073def0fd

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\72aa884f-c584-4ea5-9377-878bc880702d.tmp
                                            Filesize

                                            19KB

                                            MD5

                                            41c1930548d8b99ff1dbb64ba7fecb3d

                                            SHA1

                                            d8acfeaf7c74e2b289be37687f886f50c01d4f2f

                                            SHA256

                                            16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

                                            SHA512

                                            a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                            Filesize

                                            465B

                                            MD5

                                            0992e4b3e84ff52f179f353a7be5e2de

                                            SHA1

                                            cd10bb5b51ae0de6d0a290f841008746ebfce9f7

                                            SHA256

                                            b52061055b744c5f7e1bd7fc026b19c81e97fdd559cd5b5b707fce275e5a16d6

                                            SHA512

                                            2cfb0029d61c516dbe0995e8db69fea6fda687e55bc6bfcfbb52dc54ce6e828db7796f9cf0a5ffbf6355ac306f04435795090cec118cc120fe75ddaa219419a0

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                            Filesize

                                            18KB

                                            MD5

                                            3ef79940d6bd43e53e6e75b8bf44e6a9

                                            SHA1

                                            f95958633a560a3ceabdde62df681d26743adf15

                                            SHA256

                                            f17d9201a446dc77f9f2f167316eb538cebb7ee59ceca26c83363bef2746d92d

                                            SHA512

                                            19e17b9656f856e18a4a44d2d084e174a748b60d6639e0af0d6eababf7264dd24114a6c5da64877f577bc4ad512630e570df9b35acc69abf2b2769945a03fd0b

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                            Filesize

                                            894B

                                            MD5

                                            ad6f19fe5b674e8814e9487f44d867e5

                                            SHA1

                                            2d8f5d61b783b819545c4db502bddfdea748d1ca

                                            SHA256

                                            be2a270a2be42565055e3c626ed43b56937e28b04092aee98b42fc320e03c49c

                                            SHA512

                                            1eb1e72f3c74a3046485bbc0dd5caf14396f432506471403a29b714a2f4ff31938d4e50ad82406d0ec26ecfd5cec9760ed9a743cf3570f26183443bca9407903

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            40KB

                                            MD5

                                            db0f4e3f2dcf86e5340fe2b39a546fbd

                                            SHA1

                                            60ebdbf042da84817c9a22fc49ba598ad2abb636

                                            SHA256

                                            3e11addabb4fd750ff0c9a7755988218992e4202889c264fbe28a563d62344bd

                                            SHA512

                                            d2a6c01ffb4fa3226e05197d92994397e2faac131f62a3018b069bb718310bf8be282711b0453e58451f3e4e34921eae7e74be45e067a67fbb6915b8d9733cb2

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            49KB

                                            MD5

                                            8a4c04be26dd440cb60990f81537b44b

                                            SHA1

                                            d396d4fb01ccf1a5fa2f709bdd96a15475df1de0

                                            SHA256

                                            d3a31302b055620fb0694584e59968673c1d9180eff6819e36354ed9cc934555

                                            SHA512

                                            85683d37925181cdb9837d7c73ab1aa6873fc358a94e2a30ca3e1d2124e697a3bc576018920f5fe87c72609b5295305f7ee5dc79dec1e9438d39ffd6b7facac1

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            49KB

                                            MD5

                                            a1bf19a647c73b2f0405e164e309578e

                                            SHA1

                                            ecd75f55e3a8059a79ae0fe97e2e93e0ca395c5f

                                            SHA256

                                            f0c5b4286e9a313b09a8aeadf51153391f365f82915662a3afc7e3e43deda2b8

                                            SHA512

                                            16050ac5cf6053035808716241c981bb4b6e00cc77067136d3af7240a83ce108088dbb928f555d68b963e6c61d014283217a7681f8e0d1f9d7df4ca966c8a282

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.18.1\typosquatting_list.pb
                                            Filesize

                                            635KB

                                            MD5

                                            9bd22564aa3ca907ecb09074d0f011b8

                                            SHA1

                                            1f15761be36f2fd400e6ce7f9fbc1d613be8b81a

                                            SHA256

                                            a295e802149a6350aea7d9e132e5bf99c36085bb18ed5654b501a9c1d24dc4df

                                            SHA512

                                            47b17689549f292e34957c2a89dd273ace59a69975c0450cc9a88ee3cb5c2fe72543c370d858bb15e14002fc387d3ecdc1fb2eada53497ecd9fec8e0d6b2aa18

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                            Filesize

                                            2KB

                                            MD5

                                            214858a4341fbceffdf3c8cceced4bee

                                            SHA1

                                            db94f289172e839884266279c842b795ebaccd45

                                            SHA256

                                            dce278de48ea809ab722c0a64dbc00711862effd18e1f5bfc41198196a07306d

                                            SHA512

                                            fb775e04b891b51f4b460b0b863753ae6b333bec9809ee664d7c2764b2f199db89dc7c5676eaa5d588fe51e94d1228fec8cc728643718c1a7c31165c5ece33e7

                                            Download Submit