xenorat | 186e1599e1ddb0030f0c4c514bf9a2158f12ebc29b3e1c86ffa34562599cf79c

Analysis

max time kernel
149s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vape Launcher.rar
Size

18KB
MD5

2a2f0ec4d7927f2a6cacc44767a12388
SHA1

0ef4541bbff76920499bd37d8959f4d0f21bc90b
SHA256

186e1599e1ddb0030f0c4c514bf9a2158f12ebc29b3e1c86ffa34562599cf79c
SHA512

f4bb2fa1ad26f98e2e519da36a2092ec1bb354f1cfa7c231d84e1a649b6bc752ef8b95178d1413db59dddb7606f62990290471cc45c8425278ffb60cbdebf550
SSDEEP

384:0tmxT9fHe47EdINnygB0WKGrYMRSnYez1+rZ/OfVeraYDPvn/qSicvgDilq/RY:0tIR+478QyCzl0MFezOqVeraYDPv/ziM

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

127.0.0.1

Mutex

VapePatcher

Attributes

delay
5000
install_path
appdata
port
6666
startup_name
Minecraft Launcher

Signatures

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000\Control Panel\International\Geo\Nation	Vape Launcher.exe

Executes dropped EXE 2 IoCs

pid	Process
4572	Vape Launcher.exe
1460	Vape Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3632	schtasks.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589937612353477"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1104	chrome.exe
1104	chrome.exe
4544	msedge.exe
4544	msedge.exe
2916	msedge.exe
2916	msedge.exe
5976	identity_helper.exe
5976	identity_helper.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2812	7zG.exe
Token: 35	2812	7zG.exe
Token: SeSecurityPrivilege	2812	7zG.exe
Token: SeSecurityPrivilege	2812	7zG.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
2812	7zG.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
1104	chrome.exe
2916	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3748	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 1460	4572	Vape Launcher.exe	105
PID 4572 wrote to memory of 1460	4572	Vape Launcher.exe	105
PID 4572 wrote to memory of 1460	4572	Vape Launcher.exe	105
PID 1460 wrote to memory of 3632	1460	Vape Launcher.exe	108
PID 1460 wrote to memory of 3632	1460	Vape Launcher.exe	108
PID 1460 wrote to memory of 3632	1460	Vape Launcher.exe	108
PID 1104 wrote to memory of 4916	1104	chrome.exe	111
PID 1104 wrote to memory of 4916	1104	chrome.exe	111
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 1900	1104	chrome.exe	112
PID 1104 wrote to memory of 3200	1104	chrome.exe	113
PID 1104 wrote to memory of 3200	1104	chrome.exe	113
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114
PID 1104 wrote to memory of 4276	1104	chrome.exe	114

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Vape Launcher.rar"
1⤵
- Modifies registry class
PID:1460

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3748

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1684

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Vape Launcher\" -ad -an -ai#7zMap1867:84:7zEvent18788
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2812

C:\Users\Admin\Desktop\Vape Launcher\Vape Launcher.exe
"C:\Users\Admin\Desktop\Vape Launcher\Vape Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Users\Admin\AppData\Roaming\XenoManager\Vape Launcher.exe
  "C:\Users\Admin\AppData\Roaming\XenoManager\Vape Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1460
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "Minecraft Launcher" /XML "C:\Users\Admin\AppData\Local\Temp\tmpD0BD.tmp" /F
    3⤵
    - Creates scheduled task(s)
    PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffafcfccc40,0x7ffafcfccc4c,0x7ffafcfccc58
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3344,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4860,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3760,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3508,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4052,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4540,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3536,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3352,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5188,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4632,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5320,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3412,i,8933561761914181556,3699002730997580144,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:960

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5076

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0d2246f8,0x7ffb0d224708,0x7ffb0d224718
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9749060749845080405,1006101623834494367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4110169c0e254ebfec84012cc9725dad

SHA1
bfb7a8f8ad10baf698b7065b273dc91729b113c9

SHA256
7df31697b2d01b7e91d421e30b71f05539dd9d7feaec33a4c4a56c84a12c0f75

SHA512
64779f8f2f8c21febc88e2a5570c02f551f3576cb997e2048645b97f305f6b476599e6d5a79e99974630050e3c59f52d625337bc9f7635f203a63f46319688aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d37d0aef47e15aa120eb906062c455a1

SHA1
b6bb888f51a2d709d4915dbde3cff86e8e0dec61

SHA256
9d4031917759a6ccf28481dcddacb980ae0037a444bfed88b0efdac5d8b7054f

SHA512
30f196d49ee83594d46457d0dc73a38ef6a6868e585e48e327764039c56d1cc1bf72f426796d1e152ffdd0e14c2a272b2a05ce34c3fda56b26babfd2bde32f3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d960c13dc1ecdc7a0a3b44aca30867a

SHA1
ef8de84d07206a037e7ac15d4444eb743b1a3995

SHA256
98df3a8f646e30d5bbfd3f4ec735f80ec47ec1f07faa1514e645da60c589dd1b

SHA512
c5c51a4f07331c0d4298136efc43b76a722e1928d4f81278eb3a591a625148a273fac753a2cfbf1219c1a8177909c14b0509db2fb821b6fcd51661e85ff059a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b4524571642bd8aaf06afc84f19f9ea

SHA1
23bda65489f58dc657d1a939450dc594c8e1d6c5

SHA256
241cf3b7448b00913e8fd557fbb828d2f6abec7ef403c5278d6a25dd04247ddd

SHA512
f34ca55d3e77625ebd40b7f1ade67fff858674fa9601b457367a6638270113518097e574793ac61a733609a6686d4523c189c6bfcdf6403ed95237bd1c266f24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
894ba59742d480b61680e85853ec23a8

SHA1
dc10fb56da6b378955f9f62a472e8deb946d9264

SHA256
62371ae20fd8a2082a7216288245f0dfc7cc397c97fdcab82e53bac09531dc2f

SHA512
fa6ef51a44d23ed569170929f41eb6923221a23c1d6d68b58407b416ad4ab50972a59a757bc1d23f6aa433cc8ccb6e9b46a328299bab7dd121a544da19c59cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97573781f6c343a4b85c8284efdf7a60

SHA1
8d6c9f120044439119e79d7241b665598d2b9a00

SHA256
451ab2b5ae1bca492e1531206907acc6fd0745e71544bf8fe5efa55b9ed7c762

SHA512
55926b4c948eda77a92ba4c7a2bfaa3fcce9e574b2d9512065004c2253a71c401b7188c3cbc664b20e18f1e95d50c12641da04269d713b9650bc8e9658e8b5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b0669332a529bac364bea03f2d085ab

SHA1
452820a838ea6c31a3ad3ad48df09f0d51741e93

SHA256
a0f479a64d432ee5f0673dcce775d80d74cf0fa2de8951145963be6af94d5ebe

SHA512
80eb1aca43cf79f489c5438efc25560b4f81ba851ae0fd7f4a6d887a2b0417b503f01ca1bae0b545c38dfd64bc80990baee4a43ae4ef6f0835d2e5f59a487f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
fa8199e811f5c87a65b7589e61a6388c

SHA1
a7c51335a07baa8a58b2116d3cfab8c15bb14395

SHA256
602e8609ea6009b217dc692ab96eb14e3db8753aeb8c308f62cbef5abf37bedc

SHA512
8bc56ea4db767a9b5ef0d67e1a3452a47f14b089d11140ce303d0293a62aa854e67ad4e970a2dc1fcdb2c33901bfdbc0eed3b988903c8091eafdf2f1a2a11bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
1bf8d224594bd16e28f14e6dca6338bc

SHA1
c5efed3ea440f36bf07dfae1c7eef9f9710bee41

SHA256
af0c1cba43a0117eff75ead48dbac306b645923cb0e7f18c60024a9e9bc4de0d

SHA512
74c7164516eddc491142c946d86288e9950fa042548941989bed2e20b25dee3a5831c9f63a1e2aaffa9136d76d2cd7a9d5bff0bfb2e78a65266ec70bbbf78690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
dcea5eb76909972b69e2af5562dad41d

SHA1
11cea62dee79b3902a6e38e7b44adbac225d7106

SHA256
575362debde2e336bc7d2648e5720c3cba0b6a3485d9792d3b07377f0ac5f17d

SHA512
152965b16e87d08bfced774a46538dd44f9ca63d63dd0ba5348733598e2f146522fe68d461d67b65d44e203c18e5fe1ad257f82cb34c40d5d1284be42669d220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
4d00b0e21340a91d85bf2fea25cda332

SHA1
dbecb315a8727735cbedf57dc2d1ffcb79a88d74

SHA256
fcda1b19e1d68f672a764fa692b157992ced4d37495dabd4eb4a7e1d3df8b8b4

SHA512
9d344fcbefa0b36eac4b5b04fd6a8c8c9b3905a0e081c14d4b8ba06c72e876df820c0d2987f8ff65b9e8c1e86abb468a8bad6e1a0bc6b759d3857646abdec01d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a7c63cbe32824b19b18ce75775950017

SHA1
7a683f2dd3bbf5bbfd77a778df35007095b7f493

SHA256
47753c13a208a70b3231c27557387342682ff8d6e1e329c38da3e33333e83866

SHA512
8ef7868fca0d135789f8bcb99a5d75389d6b7f32b4bd659db74fe28c70321f27be993378e851950ddef996cd4c80a2eccafcfc8adf9032c4b3dc4cc230e68037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Vape Launcher.exe.log

Filesize
226B

MD5
916851e072fbabc4796d8916c5131092

SHA1
d48a602229a690c512d5fdaf4c8d77547a88e7a2

SHA256
7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

SHA512
07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4137f9ead44d31212fbf91c99bfbaecf

SHA1
1a0f2a5b66f946afb1ca2538e594a95ec82bdd04

SHA256
36dafb071ef31d768629b3cd36193bb1bc1128d60b5ac23e17c958964e42b924

SHA512
9dfdc1eed00f03b855f85aa2b5eae29a0b26e2bb730966c784fd958179cdf4d4a162763f3edb6d4e2347b4a7366dbce14294ccbe4b5f7cbdedd7ad21edaf19d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c75b53b66d008438e615904b3f55bf8

SHA1
d8766a18cd80a4cdc7cc9a7a2bc8eb374a1e7ff8

SHA256
a17187e0a4b02596959795f006b4c181fc6623623c6f9142b20c24377a2aea5f

SHA512
8cd2523c1dbab4ed9f24727dc275e589014398f29549f01646e2aed616942f04a6165914ece4315e42c5ce246f12c10877a0e9f18a37e6cc0d2aa7ef60895f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f5fc423a1de4c1a8a402a9031e6451d

SHA1
6b82c9d601483fe3859ba7fd30376f726e8a350d

SHA256
3d44019fb56623e16108f5fc7706632d94ac3b1cdbf943971971bcf535ed44dc

SHA512
5b09ffea982247633b40fbb9ec83dfb1181296609d54649f78a03a3b707b03606df4cd535ed71fd42fa4e6dcaf713252393bf4de48d7cf07fca495f47f02e7ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
0515900730ef1b26dd9caf1ee026df91

SHA1
2d4f596a0e0e892e3e35dff8da0bc8a5b18777a2

SHA256
abb99aaffc7269a5e413897b36e5ea92508ee46e71acb9b3c9e3f68b008f9a4e

SHA512
8623aea9e696d1e2552edeb7f7c6db5cb6bccdc99b600308ee23b9826ead152c6904fdcaaa24bf6245172ecc138175c4833bec59a24b5c1ad345cab6e2fa4f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
99204f6cae8442fb96b508e2d408c228

SHA1
5a7509fca6b203bf85192879cae5431cc5ed83ac

SHA256
fcfd1c952bde700dd4c4fa7645e48795683f949bbe84f2098cfd461cc1cf686e

SHA512
b4f77dfd74cfd1d165d95c8bbc6d81225e1ce67c781cfc1672b93874ae1659707ba3038483e1344b0b559373f86a6e8ce4890a0ce2d51afc1aada3c895293ce3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpD0BD.tmp

Filesize
1KB

MD5
f0ff982795f69860a4e16fe0b832dd66

SHA1
0a2975047fb99cf62480360495c67f172f18f086

SHA256
a1c2416ad9169bba2bcd7d3cb1015fdc00f3b847901e153000914221c184af8e

SHA512
2cb970a34b8f2f90ea44c95699600542a0c695eebf073ee9ffe0e0f1085e2c233478b6ad549987985afc5f87447760616d08b59c1e87185bb6bba1bdc15812c3

Download Submit
C:\Users\Admin\Desktop\Vape Launcher\Vape Launcher.exe

Filesize
45KB

MD5
6eeb807c40d25bd3f8a7667377920eb6

SHA1
69c18c77847f20cee212286e1530256610d42da0

SHA256
af403f0a35ed4789e02a55012056ad565d33f464245a2aa411cb06cd2abfd176

SHA512
ed82a34890205e6fe37dacb9d647666c65dcb5c979f1a456540799eab87887aca1a62d52335480b0ef85a4dd0183ba3cf3c35863fb2c51466368adc8467ed708

Download Submit
memory/4572-4-0x0000000000A10000-0x0000000000A22000-memory.dmp

Filesize
72KB

Download