Overview

overview

10

Static

static

10

nignig.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    996s
  • max time network
    1000s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-04-2024 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nignig.exe

  • Size

    51KB

  • MD5

    2553697d3450b13cc2d7cd0c65ef609f

  • SHA1

    a6954b0309a0e3cd1186c174beff53e5cbd05e64

  • SHA256

    2967987bc0068a46ec1a2809804780d0ae9e746faf58c2319ca315cf36306c13

  • SHA512

    204b7d0dfc66926935c1a48939c7cc09f2f6eaf87209bf908516bf5faa416f91e9b52d0dcf57c983738c991cd1747475b5f1c6752fa0d3f44cb5a48e46acac73

  • SSDEEP

    768:tivdjHrddilbVauou79Eo32q4XBR2HjBSkGu2yPo+LGZYebFDaxk6RNSgNOU:+pHmVauo3DjRUDj6CSYebFUlf4U

Score
10/10
xenoratratspywarestealertrojan

Malware Config

Extracted

Family

xenorat

C2

centre-clan.gl.at.ply.gg

Mutex

nignig_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    temp

  • port

    40354

  • startup_name

    discord

Signatures

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\nignig.exe
    "C:\Users\Admin\AppData\Local\Temp\nignig.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:788
    • C:\Users\Admin\AppData\Local\Temp\XenoManager\nignig.exe
      "C:\Users\Admin\AppData\Local\Temp\XenoManager\nignig.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3796
      • C:\Windows\SysWOW64\schtasks.exe
        "schtasks.exe" /Create /TN "discord" /XML "C:\Users\Admin\AppData\Local\Temp\tmp49AB.tmp" /F
        3⤵
        • Creates scheduled task(s)
        PID:2112
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=C:\EdgeAutomationData
        3⤵
        • Enumerates system info in registry
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:3772
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler --user-data-dir=C:\EdgeAutomationData /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\EdgeAutomationData\Crashpad --metrics-dir=C:\EdgeAutomationData --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fffc8f746f8,0x7fffc8f74708,0x7fffc8f74718
          4⤵
            PID:1792
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --no-sandbox --user-data-dir="C:\EdgeAutomationData" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2160 --allow-no-sandbox-job /prefetch:2
            4⤵
            • Modifies registry class
            • Suspicious behavior: EnumeratesProcesses
            PID:4520
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\EdgeAutomationData" --mojo-platform-channel-handle=2192 --allow-no-sandbox-job /prefetch:3
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2504
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\EdgeAutomationData" --mojo-platform-channel-handle=2500 --allow-no-sandbox-job /prefetch:8
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4132
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 --allow-no-sandbox-job /prefetch:1
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1448
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 --allow-no-sandbox-job /prefetch:1
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4984
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 --allow-no-sandbox-job /prefetch:1
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3224
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 --allow-no-sandbox-job /prefetch:1
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:100
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 --allow-no-sandbox-job /prefetch:1
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4968
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 --allow-no-sandbox-job /prefetch:1
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1032
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 --allow-no-sandbox-job /prefetch:1
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4500
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 --allow-no-sandbox-job /prefetch:1
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3928
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 --allow-no-sandbox-job /prefetch:1
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3212
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 --allow-no-sandbox-job /prefetch:1
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4856
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 --allow-no-sandbox-job /prefetch:1
            4⤵
              PID:5300
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 --allow-no-sandbox-job /prefetch:1
              4⤵
                PID:5308
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\EdgeAutomationData" --mojo-platform-channel-handle=5456 --allow-no-sandbox-job /prefetch:8
                4⤵
                  PID:5540
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                  4⤵
                  • Drops file in Program Files directory
                  • Suspicious use of WriteProcessMemory
                  PID:5552
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7ff699e25460,0x7ff699e25470,0x7ff699e25480
                    5⤵
                      PID:5628
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\EdgeAutomationData" --mojo-platform-channel-handle=5456 --allow-no-sandbox-job /prefetch:8
                    4⤵
                      PID:5820
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --field-trial-handle=2148,10368150546688387232,5021529299318385642,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\EdgeAutomationData" --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 --allow-no-sandbox-job /prefetch:1
                      4⤵
                        PID:5984
                    • C:\Windows\SysWOW64\schtasks.exe
                      "schtasks.exe" /Create /TN "XenoUpdateManager" /XML "C:\Users\Admin\AppData\Local\Temp\tmp5AEA.tmp" /F
                      3⤵
                      • Creates scheduled task(s)
                      PID:5520

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\EdgeAutomationData\006ce2a4-d773-4c49-b56c-693a6b669c10.tmp
                  Filesize

                  11KB

                  MD5

                  2661dfbaef13e1b4d59971a78cc01ac2

                  SHA1

                  35c1fd4d73acad89a76d630824f32c674239ba6b

                  SHA256

                  d88cd588ecd8ef9a8a7d593c3a9e6bc75b770fa16edb1decc577738f8a81cb14

                  SHA512

                  0f963dc4e070b0d11e72ad43703126ff160f5cafc14ca523646ab4ace91020278b1dccff2d8f440d9a4c328dfcf7c9c16f5831f6eb1cc2e3ce32dc310b3b7c6b

                  Download Submit

                • C:\EdgeAutomationData\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  8fcdd02938c94287f762fd2d3eabf430

                  SHA1

                  7be543ca2a1251477f1d120cb6608d34b5a43f81

                  SHA256

                  9bfb6e19ae3350abc7a19f010c0e963df34f1b0a60e5ff579bbcb2a28457e45d

                  SHA512

                  c70f6ac1bc7a26d0d614b2a77730cf91553dd602be01ffc0dd5f4bf05417edaf93560c3e30b7a86a205eebab6628e2b9aff7c4bb398975b38522321bf65c7be0

                  Download Submit

                • C:\EdgeAutomationData\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  a5133a53e33dd3b0229acd019d71d99f

                  SHA1

                  ec3a8ad3dda7ea5871c0e9595b59b6685a61ec9c

                  SHA256

                  33c9b49c72d3af0fac346bd5836f442574c54a90dfb9936ba646e68a7cddd946

                  SHA512

                  0c932f7e030955a97448b7a709406fc9b228602a56b1c4005ea0f6d1ab61f022fb495b56e43e05f38a99cfde59383129c8b36f84450022446978acbead1446db

                  Download Submit

                • C:\EdgeAutomationData\Crashpad\throttle_store.dat
                  Filesize

                  20B

                  MD5

                  9e4e94633b73f4a7680240a0ffd6cd2c

                  SHA1

                  e68e02453ce22736169a56fdb59043d33668368f

                  SHA256

                  41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                  SHA512

                  193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                  Download Submit

                • C:\EdgeAutomationData\Default\Cache\data_2
                  Filesize

                  8KB

                  MD5

                  0962291d6d367570bee5454721c17e11

                  SHA1

                  59d10a893ef321a706a9255176761366115bedcb

                  SHA256

                  ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                  SHA512

                  f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                  Download Submit

                • C:\EdgeAutomationData\Default\Cache\data_3
                  Filesize

                  8KB

                  MD5

                  41876349cb12d6db992f1309f22df3f0

                  SHA1

                  5cf26b3420fc0302cd0a71e8d029739b8765be27

                  SHA256

                  e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                  SHA512

                  e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                  Download Submit

                • C:\EdgeAutomationData\Default\Local Storage\leveldb\MANIFEST-000001
                  Filesize

                  41B

                  MD5

                  5af87dfd673ba2115e2fcf5cfdb727ab

                  SHA1

                  d5b5bbf396dc291274584ef71f444f420b6056f1

                  SHA256

                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                  SHA512

                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                  Download Submit

                • C:\EdgeAutomationData\Default\Network Persistent State
                  Filesize

                  59B

                  MD5

                  2800881c775077e1c4b6e06bf4676de4

                  SHA1

                  2873631068c8b3b9495638c865915be822442c8b

                  SHA256

                  226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                  SHA512

                  e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                  Download Submit

                • C:\EdgeAutomationData\Default\Network Persistent State
                  Filesize

                  180B

                  MD5

                  00a455d9d155394bfb4b52258c97c5e5

                  SHA1

                  2761d0c955353e1982a588a3df78f2744cfaa9df

                  SHA256

                  45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

                  SHA512

                  9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

                  Download Submit

                • C:\EdgeAutomationData\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  092908da3699f31aa56023174881ea83

                  SHA1

                  dad98e8f05a3ee0d2db9650e74e258673d47a1d7

                  SHA256

                  3af49ad1706f122410421139df395e9939fe337d40053ef42a84ba1178edff07

                  SHA512

                  5e0bd365dad39adb7a4e1277753d20541cc7199e0d31b27d7ad71b95a74ec49c2a09f529de96522624c92ce73d822a8ce67a573c49235d06c904f10383f8dc83

                  Download Submit

                • C:\EdgeAutomationData\Default\Preferences
                  Filesize

                  4KB

                  MD5

                  99c37ea63bc54249b5a6b22c38c54118

                  SHA1

                  f5b44459b5424072c44613aeb149398db1237fad

                  SHA256

                  06be1dc376ecc0b9f135f8046bcf40ff58e1454148ce9da16d9abe47215f5aa4

                  SHA512

                  e879b454feb9827940fde69a769c0679934266cb172b3f74405dd3f786fc53a4e168a215de3cb1ceca2e9bbc93b28665c62fcf92dca67881200f897e9aa88863

                  Download Submit

                • C:\EdgeAutomationData\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  577635818209d72bf76b9a133077aa2b

                  SHA1

                  b27d64e5ff9a85e459e7cc24a46b2945a3c3e6eb

                  SHA256

                  6e004bc521c8510f9ec29a3adb134b28a5f721aef6ecc48350074bd1e269faa2

                  SHA512

                  be882f381ec6af20581e1188cd594ee4975c1afe3b66d697cb62adbb951cc3ec1fb0ccad92a9578fbe286129d8897af63970fad8e7c353a12eed6942a5399844

                  Download Submit

                • C:\EdgeAutomationData\Default\Secure Preferences
                  Filesize

                  24KB

                  MD5

                  d94958798a0077c242df0fe2a7f8cc63

                  SHA1

                  6ca7becc4b17f5e18b0cc87489feb963284bf294

                  SHA256

                  5ed47a61526fabbbeeeaea14d4134143e5062dbafd0a951fc1b7e6f39702c4d3

                  SHA512

                  d97f6ffeb67989b99eef1bd1232a78c5792abdbb4445d51f83b04af82d48ff869726f9bfc78e3da9f5cb063f9ffb1f339de43a97b53309c01ec7ea8d4cfb3dbd

                  Download Submit

                • C:\EdgeAutomationData\Default\Secure Preferences~RFe57ea6f.TMP
                  Filesize

                  24KB

                  MD5

                  cd59fef1bb18299ab5994c43ac287770

                  SHA1

                  60bd103d91d78896a4e9bd81a29e08bd4ce4fd0f

                  SHA256

                  620a6a54408f7138756b38f9124f92d2c410aebde8173af08774a93300559263

                  SHA512

                  451613d90ce625981f7be9ed967f90724fad3be544308b7bfb2f3e04f181ebe3536038d038c92e937634d4368ca0c6a0843dac169e6c5e2064235583240c44dd

                  Download Submit

                • C:\EdgeAutomationData\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
                  Filesize

                  8KB

                  MD5

                  cf89d16bb9107c631daabf0c0ee58efb

                  SHA1

                  3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                  SHA256

                  d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                  SHA512

                  8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                  Download Submit

                • C:\EdgeAutomationData\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
                  Filesize

                  264KB

                  MD5

                  f50f89a0a91564d0b8a211f8921aa7de

                  SHA1

                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                  SHA256

                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                  SHA512

                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                  Download Submit

                • C:\EdgeAutomationData\Default\Sync Data\LevelDB\CURRENT
                  Filesize

                  16B

                  MD5

                  46295cac801e5d4857d09837238a6394

                  SHA1

                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                  SHA256

                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                  SHA512

                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                  Download Submit

                • C:\EdgeAutomationData\Default\bb586592-c29d-4ef8-a3ad-4f986e600613.tmp
                  Filesize

                  4KB

                  MD5

                  5b55a69865be60a31b3efd6433f9febc

                  SHA1

                  78b0e565cabb6bfaa8004b3f1d3a511179e74996

                  SHA256

                  cf3bda7e57a6daaed44bde26ecd4dcdd193e25b7312d2f8f30463c47cf9b887c

                  SHA512

                  9adfa5a5006f27c42f2931ff943371fd3e8755d9659c6528eeb8bec9a0c4d30a2a9e4d7f04eb8504aa5b1a12cdd6bd9563825c97875d41e4a45f1e039ad4ec21

                  Download Submit

                • C:\EdgeAutomationData\Default\data_reduction_proxy_leveldb\CURRENT
                  Filesize

                  16B

                  MD5

                  206702161f94c5cd39fadd03f4014d98

                  SHA1

                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                  SHA256

                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                  SHA512

                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\nignig.exe.log
                  Filesize

                  226B

                  MD5

                  916851e072fbabc4796d8916c5131092

                  SHA1

                  d48a602229a690c512d5fdaf4c8d77547a88e7a2

                  SHA256

                  7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

                  SHA512

                  07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\XenoManager\nignig.exe
                  Filesize

                  51KB

                  MD5

                  2553697d3450b13cc2d7cd0c65ef609f

                  SHA1

                  a6954b0309a0e3cd1186c174beff53e5cbd05e64

                  SHA256

                  2967987bc0068a46ec1a2809804780d0ae9e746faf58c2319ca315cf36306c13

                  SHA512

                  204b7d0dfc66926935c1a48939c7cc09f2f6eaf87209bf908516bf5faa416f91e9b52d0dcf57c983738c991cd1747475b5f1c6752fa0d3f44cb5a48e46acac73

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmp49AB.tmp
                  Filesize

                  1KB

                  MD5

                  648afa83e3dbfbb5b7f97fd39a29f4f7

                  SHA1

                  fdabd58126c64246501deb458706a5e474eae04d

                  SHA256

                  106aa526ff18e9713b5f8da66fb27459fdbd3580e9d72372ae0461523fd9eb26

                  SHA512

                  16eba1b1a5b156f02bf891769f90562a022d1a047bb691cc179716b81cf8776e860ac76f0552a0998afb5e8b73c5490ca0706d04ebd4307be882d993d7af1026

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                  Filesize

                  3KB

                  MD5

                  5b1d6b3d360a3f761dc48bae978e944e

                  SHA1

                  7fceda81bad266c75da5d7089222321131d1e215

                  SHA256

                  beea5da43909599ffeb8aa89d1a08f15c7732a6c48465891b09623da6e789997

                  SHA512

                  e330c5eec78641717237a264b93813260e5c3b1a77725ab8e9678819ce164c10bf81a0bb43d45cee9d8eaa87189114aa515887b01a49002ad7ec1db69c9521ac

                  Download Submit

                • memory/788-0-0x00000000004D0000-0x00000000004E4000-memory.dmp

                  Filesize

                  80KB

                  Download

                • memory/788-16-0x0000000074EC0000-0x0000000075670000-memory.dmp

                  Filesize

                  7.7MB

                  Download

                • memory/788-1-0x0000000074EC0000-0x0000000075670000-memory.dmp

                  Filesize

                  7.7MB

                  Download

                • memory/3796-23-0x00000000055A0000-0x00000000055B2000-memory.dmp

                  Filesize

                  72KB

                  Download

                • memory/3796-24-0x0000000005A60000-0x0000000005AF2000-memory.dmp

                  Filesize

                  584KB

                  Download

                • memory/3796-22-0x0000000004960000-0x0000000004970000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/3796-281-0x00000000051D0000-0x00000000052CC000-memory.dmp

                  Filesize

                  1008KB

                  Download

                • memory/3796-284-0x0000000007CE0000-0x0000000007EA2000-memory.dmp

                  Filesize

                  1.8MB

                  Download

                • memory/3796-285-0x0000000005080000-0x00000000050F6000-memory.dmp

                  Filesize

                  472KB

                  Download

                • memory/3796-286-0x0000000005100000-0x0000000005150000-memory.dmp

                  Filesize

                  320KB

                  Download

                • memory/3796-287-0x00000000083E0000-0x000000000890C000-memory.dmp

                  Filesize

                  5.2MB

                  Download

                • memory/3796-288-0x00000000054F0000-0x000000000550E000-memory.dmp

                  Filesize

                  120KB

                  Download

                • memory/3796-290-0x0000000007B10000-0x0000000007BAC000-memory.dmp

                  Filesize

                  624KB

                  Download

                • memory/3796-21-0x0000000074EC0000-0x0000000075670000-memory.dmp

                  Filesize

                  7.7MB

                  Download

                • memory/3796-20-0x0000000005600000-0x0000000005666000-memory.dmp

                  Filesize

                  408KB

                  Download

                • memory/3796-17-0x0000000004960000-0x0000000004970000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/3796-334-0x0000000005000000-0x000000000500C000-memory.dmp

                  Filesize

                  48KB

                  Download

                • memory/3796-335-0x0000000005010000-0x000000000501A000-memory.dmp

                  Filesize

                  40KB

                  Download

                • memory/3796-336-0x0000000008EC0000-0x0000000009464000-memory.dmp

                  Filesize

                  5.6MB

                  Download

                • memory/3796-337-0x0000000004A30000-0x0000000004A38000-memory.dmp

                  Filesize

                  32KB

                  Download

                • memory/3796-340-0x0000000004A50000-0x0000000004A5A000-memory.dmp

                  Filesize

                  40KB

                  Download

                • memory/3796-15-0x0000000074EC0000-0x0000000075670000-memory.dmp

                  Filesize

                  7.7MB

                  Download