e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

Analysis

max time kernel
113s
max time network
115s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
15/04/2024, 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release.zip
Size

6.4MB
MD5

89661a9ff6de529497fec56a112bf75e
SHA1

2dd31a19489f4d7c562b647f69117e31b894b5c3
SHA256

e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd
SHA512

33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f
SSDEEP

196608:SYNI1S7C6S230UwVLW83FUSA7WQZzwM3/C2cM7m2:rNIs7CDvB1USA7WS/vcx2

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576639732036632"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Release.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2596	chrome.exe
2596	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2740	xeno rat server.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 4404	2596	chrome.exe	85
PID 2596 wrote to memory of 4404	2596	chrome.exe	85
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 664	2596	chrome.exe	86
PID 2596 wrote to memory of 1352	2596	chrome.exe	87
PID 2596 wrote to memory of 1352	2596	chrome.exe	87
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88
PID 2596 wrote to memory of 4400	2596	chrome.exe	88

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Release.zip
1⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa1fc5ab58,0x7ffa1fc5ab68,0x7ffa1fc5ab78
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:2
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4148 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4324 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4296 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4624 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3084 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 --field-trial-handle=1884,i,12096553463191411416,4437493806214450496,131072 /prefetch:8
  2⤵
  PID:2364

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3448

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3716

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0f16eaf847aa376f931e9f7377ef34e1

SHA1
3ad8caeefa7969f1f5491d645798627dd73d14ec

SHA256
de8adb26baef68bc6879fc6d9d418703d2ace6d7f28daf6b325a41fa94a77a25

SHA512
9582fefb2898ff5b024f636c149c1f37cb0a299e745bcda028afd92c8cb0bae9a0639ffcdd30a31a59dd94c2623ef937e4d53b7716a1c6094c9b52334e2c5d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
51f224827fc5e661eb69d64eda12092b

SHA1
12a3b9e100dc58f3dd8310c6d330b8209c05186b

SHA256
b6a45124e7e91023938c3db06418c27522a7721e4ea5372db155ec8b37864c24

SHA512
799c3eddab6818b55860b8c8a2a1a032d3c999edc00ba52255956010dd98f7139a721da59982fdd302afe0eaa2f1003f203a8f205f5df3fd3db927c430ebaa57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
54cfc7d48c877e561d3ffe9554359a72

SHA1
c4233145f85d331f641030c0ec35a2e183b8541a

SHA256
d3507311f7275e3d1c76c88ca7f825a46653897d3affd209a4a77198df8d931d

SHA512
97a9447b8d366de3a371b4a19a6badb0aa28836a879f62e2d79e4405a4db1c9ddcddcae4a83468ca56d06895bfe2735e9cb375c2d0009c8f2b9b660b3c9d451c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8207faeba060c56b02794b7250ae3d67

SHA1
a8485ab81f23a078a8b669a84ceff81a1d6dd799

SHA256
360b43736dda8579b30335efc10f70c8077c4c8157f52a92cf77547a04678291

SHA512
6469f01f17557ea1190c429e74f1204e59ae884309898efeb38f8dbbf5734903c94729970f9f12e8310e88728ec4daf315d473d405e6cb9461120b308f92c39d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab072e442d4601b3eb37801f2e47fad3

SHA1
43ed379845d7191ba1ab2fbcbac023aab60cbe70

SHA256
c6bbdc636611b6ced1b14dc74f915d0cbe8052939a3b5818249a1af0b12c3b2c

SHA512
bb6b0652f17c4955afc03f4e4d483b2c134a348db6e3969a6843e261942e722169c0c55be8d5bd54b388ea3ce2e41d7e33e12ff5044d59f717f4fefb6532e6c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5adf86f789693c5f5fdef3721538f639

SHA1
11b108c4f88c32d7fb2237c496463cb0b3bfb24b

SHA256
e839c28adb54a53a68ec4828ba12463127b97819ac189b5d3607ac752e52dc47

SHA512
766c6368d19b2341003559e6d98080c9999536ae8567bb142b04bffb1e7a6bfea6a7be71bdb581cea7062376e7afed16e97701a57a18698ad62460c081d53cd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1a222dcd27becc9265d56351982051fc

SHA1
185a95b36dafb4f8ebd0520ad94f9a3077f29263

SHA256
3d28b0fc4cee76f956c5d4790978afb399fac6bab4e6ae2da40473d012ad94ea

SHA512
8c6ec94e68914bfb95f3b27a7c9fd388c91d473e1e733a7d19bae5f518dcc10974a8ecafae76b0af36f623afde2259c0c086c50e3a0468cea739717a5577aba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0aad8354f64e02e0613aa8a21964999d

SHA1
ad100655e945a1c310e2ec48faa3ddc9624f6f12

SHA256
c122ee3d07edff757b5de7b36f6304a321cb2d7f1142f733d43ca52e0a119b56

SHA512
91fc6dcf3e13d0b8d675d03d940a186cc75b3d5b454a069d5ac0107a2d5c1d5b8c89c2052a04c851e6a52bc078b9a02904fa5c7940cf51fb8d57c362bc4f0a5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
ddf1bfcb84d743124dcded6975e47d6d

SHA1
d69e6e2e78cdf836d71d74184c90a5337ddd4031

SHA256
34cdde2a1372d5cb499f1bfca548670e6377767130ef0329bec3916952942edd

SHA512
c99b54112c60be8e8683f1325f5cf50c7cac55bc052281145be173ed626d4881c5e3307346090ebbe093c9d3a3b7a3038826e09c8d09d21f407cebf304487e40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fd401362-6e8b-44be-b04a-79ab61cbf4d9.tmp

Filesize
6KB

MD5
dc6a143815f88425124afd35ec685151

SHA1
61313e3bfffc31bf1f95487360630c641eae8813

SHA256
01c3d29b73b66575e194d518bfc01c039096c529ac98c7b92ee9f80c8dfae580

SHA512
b535608541ce9abd67ce9566f33c6f0a8731732da3311bc3f98d69c68404d25659ad96c6eabf8d0a983231b72dfd3eb486e379a3decb78019d0924eb7873e039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
4fb5761b8f677b87ec4aa36242965131

SHA1
a402aa6d848d99239fb1cd54ce2ba56cbc31f10e

SHA256
7e869676878b3f970d2cb89c5015461577fc31f84fbde96e019c219ad6531f8c

SHA512
dbc3f0842b1871c00aa5d09faeb6f8177038bed37f6ea595d3a47f7a22b05c73b643b251cb88aa3a898f469eae1efe9816e67c8e1b76f402ea6c2502ac77954a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
38569ec0f4e6c61d16ef790346aaee67

SHA1
6a5c76e61478e94b6cea5debda3f7bb441dc7323

SHA256
fff15ca3adec33b9bba7f6cfa29420441d753c3e8bd1a8e0dc91f6c74ffc134d

SHA512
821615cc8a1a23329ad35601ee9c7234112f1e3ae959bc54b1d9cd079f0106fba89a527260d7004bdae3635396bb93fa7603833789763274bc87603e12ad1514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5858e9.TMP

Filesize
83KB

MD5
0a1929ec7abc1067ed2190e74cec8e5e

SHA1
9cedcd05854785c81e5014a844a187baef220902

SHA256
3919c99af15691a694a9c8653e0003606cfebc9e0aee64a51c0342cb8a9ac860

SHA512
b751f8532757e7f4bdd179ef3495c6f3f2e6ec7a7878574375ff7eb2940a96d1b4432e5ecf3c6b59a29d839b2c6e59702a20ff8393a5e380746f3ebbe9c3e91a

Download Submit
C:\Users\Admin\Downloads\Release.zip.crdownload

Filesize
6.4MB

MD5
89661a9ff6de529497fec56a112bf75e

SHA1
2dd31a19489f4d7c562b647f69117e31b894b5c3

SHA256
e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

SHA512
33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

Download Submit
C:\Users\Admin\Downloads\Release.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2740-448-0x0000000074CB0000-0x0000000075461000-memory.dmp

Filesize
7.7MB

Download
memory/2740-454-0x0000000007E00000-0x0000000007E1A000-memory.dmp

Filesize
104KB

Download
memory/2740-449-0x0000000005AD0000-0x0000000006076000-memory.dmp

Filesize
5.6MB

Download
memory/2740-450-0x00000000053E0000-0x0000000005472000-memory.dmp

Filesize
584KB

Download
memory/2740-451-0x0000000005510000-0x0000000005520000-memory.dmp

Filesize
64KB

Download
memory/2740-452-0x00000000054A0000-0x00000000054AA000-memory.dmp

Filesize
40KB

Download
memory/2740-453-0x0000000007D30000-0x0000000007D44000-memory.dmp

Filesize
80KB

Download
memory/2740-447-0x0000000000720000-0x0000000000922000-memory.dmp

Filesize
2.0MB

Download
memory/2740-455-0x0000000007E20000-0x0000000007E32000-memory.dmp

Filesize
72KB

Download
memory/2740-456-0x0000000009D20000-0x0000000009D42000-memory.dmp

Filesize
136KB

Download
memory/2740-457-0x0000000005510000-0x0000000005520000-memory.dmp

Filesize
64KB

Download
memory/2740-458-0x0000000007E90000-0x0000000007F42000-memory.dmp

Filesize
712KB

Download
memory/2740-459-0x00000000083E0000-0x0000000008737000-memory.dmp

Filesize
3.3MB

Download
memory/2740-461-0x0000000074CB0000-0x0000000075461000-memory.dmp

Filesize
7.7MB

Download
memory/2740-463-0x0000000005510000-0x0000000005520000-memory.dmp

Filesize
64KB

Download
memory/2740-464-0x0000000074CB0000-0x0000000075461000-memory.dmp

Filesize
7.7MB

Download