Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/m...

windows10-2004-x64

10

Analysis

  • max time kernel
    1049s
  • max time network
    965s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-05-2024 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/moom825/xeno-rat

Score
10/10
xenoratratspywarestealertrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    nothingset

  • port

    4444

  • startup_name

    nothingset

Signatures

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/xeno-rat
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718
      2⤵
        PID:4332
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        2⤵
          PID:4948
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4468
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
          2⤵
            PID:1712
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:2948
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:828
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
                2⤵
                  PID:4144
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:552
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
                  2⤵
                    PID:1196
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
                    2⤵
                      PID:3992
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
                      2⤵
                        PID:3928
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
                        2⤵
                          PID:212
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5324 /prefetch:8
                          2⤵
                            PID:4148
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
                            2⤵
                              PID:4488
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1108
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13240116136852011269,11002799857283255730,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1308 /prefetch:2
                              2⤵
                                PID:3372
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2084
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3008
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:3528
                                  • C:\Users\Admin\Downloads\Release\xeno rat server.exe
                                    "C:\Users\Admin\Downloads\Release\xeno rat server.exe"
                                    1⤵
                                    • Modifies registry class
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SetWindowsHookEx
                                    PID:5444
                                  • C:\Users\Admin\Downloads\Release\dfgddfdfghdfhgfdhd.exe
                                    "C:\Users\Admin\Downloads\Release\dfgddfdfghdfhgfdhd.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Enumerates connected drives
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5532
                                  • C:\Windows\system32\AUDIODG.EXE
                                    C:\Windows\system32\AUDIODG.EXE 0x3dc 0x468
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2948
                                  • C:\Windows\system32\taskmgr.exe
                                    "C:\Windows\system32\taskmgr.exe" /4
                                    1⤵
                                    • Checks SCSI registry key(s)
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:5204

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    ce4c898f8fc7601e2fbc252fdadb5115

                                    SHA1

                                    01bf06badc5da353e539c7c07527d30dccc55a91

                                    SHA256

                                    bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                                    SHA512

                                    80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    4158365912175436289496136e7912c2

                                    SHA1

                                    813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                                    SHA256

                                    354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                                    SHA512

                                    74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    1KB

                                    MD5

                                    9edf231e999db2462ec46a149b7adcb3

                                    SHA1

                                    c715bb3d1a4bbc3e4eb355df865fc0c910454341

                                    SHA256

                                    f990ccfa3a95c62ed47c90ffa4eeaa1136585a50cf2a684be174c0f69f80f100

                                    SHA512

                                    7995845ff98c8030834e6d47c43cec772559792d013aa71ce9b2cf57931f174c192ec4d99e735a511d02e3f4b7cb1320a5ddfa7f642c960358b83220204bfe50

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    579B

                                    MD5

                                    abcec1c7edbf55c225ee392b2de21ce7

                                    SHA1

                                    383a3bb1c4fb18e9e6e1c381ce0e8b50fb549033

                                    SHA256

                                    3e72162865c8d9549acdcc915949cacac97a155ef6f745a32546592848ac1323

                                    SHA512

                                    34c73ba0a23aa96e8c0b6f1f24ba784a444bc54183454bd4dd3bb767f59f726550ec28508555172c547c440c517360458dfff5c104868c14906733d4b6a8fcad

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    da4ac698fb162124a89033323728ef9f

                                    SHA1

                                    57088cadf6b43e20f9b45c56956cce636e9f23a0

                                    SHA256

                                    d83647b4e27316830b9b91b086e23468a910309b87363f39f78369ca3714391b

                                    SHA512

                                    c5d48ab31653ba92dc2f832dacabc62acb813f248339079b8ba84056cf9134a1d1b1a20e244eb3cd2dc22184de2aa5e0a862b04524e13232c6475938aca0c8d8

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    e024fd29b3b9c2fc543642c33f59dd8f

                                    SHA1

                                    1e82ed4c4b54c8ffc5ebe4ed294f09ef4d37109b

                                    SHA256

                                    9ae793d9b9366f611c562a25aaac33cbc7529c8d836068ef7a718627388af147

                                    SHA512

                                    bb57f612dbdbbeb27b1dc41c52725ef170d298216d54060efc4577da2b24a4a78b79d511a73b78e3d5c7f56ab6737f94120378c65111dac8880eb9b69af22a9d

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    2ca5bea05d0912598992ba1669677a23

                                    SHA1

                                    c3d020f55111d8287a1ae3f415b84c088b17485c

                                    SHA256

                                    710506a0afec327f1d6954d3eb5ea50784ba694e9bf8b70368705bcc118c615e

                                    SHA512

                                    58630421469587d97b21cbf0b7b1330111b9fd66b1496ddb74ef26a05a62fb1c7febe3863932953849b1019fb49f4f97a6d8151f9dac2182bed856c397f5ae39

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    1KB

                                    MD5

                                    f0f744e0df3875d8d1c8443aae3d4f5a

                                    SHA1

                                    5e6f2cd519b34864ebd7a2885fe15256af543f28

                                    SHA256

                                    c588787c5e1d424290f1fce55bf9262e32c6d6e2657aa1a43fb57ff5fd1ba025

                                    SHA512

                                    d81955b0680f29eb30899ded764a4b9859fc4b4d7c66f095eb89ace2a5de72f9352236e9e64f8ed4f8393c907955a30b27128aa8245f650e42ecaf89e750ec50

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    1KB

                                    MD5

                                    77755f2a0a7f8c763f41aa43c1531fe7

                                    SHA1

                                    1513f0ea68f330dfd05dfb462208fd65c1633557

                                    SHA256

                                    b65a62d8199ef77f0e73b43832a2eb1b4efbbbe6cd7d99058faeb45657994a90

                                    SHA512

                                    8dd5ce3836fd13343960f3128a856b102d8315f0b8a742a59aa4e2f386c5b3d646d044e5729586b1b0251d1774b720e8cad11f47dfaf4d6bebe1a6b8481f40dd

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a112.TMP
                                    Filesize

                                    1KB

                                    MD5

                                    f7dff535c8df05e5b1a9202d3ece50ae

                                    SHA1

                                    ad4ad8588746866b9507b9ef86918e530bb7f422

                                    SHA256

                                    b60fa616b6dff208c661c3933c2aac01fdc83d9d182fa47ad22d58591047ed79

                                    SHA512

                                    97c0488d4659e0d672b8822ddd9d9ed3b58f2b9dabbe5031e9b013e622af4c13cf9628816ce090540f2059f2151dd64883cafb24276a5e88efb717f08942874e

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    206702161f94c5cd39fadd03f4014d98

                                    SHA1

                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                    SHA256

                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                    SHA512

                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    46295cac801e5d4857d09837238a6394

                                    SHA1

                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                    SHA256

                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                    SHA512

                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    88a882d36e5ebdb6ae60da29fb551b62

                                    SHA1

                                    87081be263523b6c0e933dd5f24d49228dd9da6a

                                    SHA256

                                    b07f3ea5257ee4af4ae5185745505c4ea379f3db23049cf072c2d727d718f5d2

                                    SHA512

                                    723e893083c8cd4d42be830da9045dbda41333bcdaabf6dce8a454608b6ff0a1be8cc66650d820c65d883dfeb59d50f6074e1b6121f7b952f9667c47c834e176

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    12KB

                                    MD5

                                    6d4216d1e15f3379a2efa825dd84029c

                                    SHA1

                                    9fcc51d2cd08093dbc0ff339faba5ab71344ce20

                                    SHA256

                                    f1fbf41c0d1997927478b5c4e111e1496a337d3b4cece0c693f3c859dd746ac9

                                    SHA512

                                    9ff7c3d3d0bd85a755c5bff784d241cba45516d55f326dce39217a0017f4810a84c0689f88d86ae431881492ae02643d654a239df39d551c2d556553eba9f095

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    34b5c4f52473810dff7c572f97af4964

                                    SHA1

                                    864f805775b93bd27989cfbae9c4160d5e27ad6e

                                    SHA256

                                    966d89dbc64caa759157efe7bc914d5e7c40797a80cc672fc21cf1e95b121ce8

                                    SHA512

                                    5dc4013e214a1e4e28d47713d2fda52f102958e29405eb60030dea765bd2941d50368cfd8601f73f27564ef560ed23668d7eee967df599c59cf9ac2883e1a978

                                    Download Submit
                                  • C:\Users\Admin\Desktop\dfgddfdfghdfhgfdhd.exe
                                    Filesize

                                    45KB

                                    MD5

                                    e069304f72f1993e3a4227b5fb5337a1

                                    SHA1

                                    131c2b3eb9afb6a806610567fe846a09d60b5115

                                    SHA256

                                    5d00cfc66ae11f68bae4ac8e5a0f07158dae6bfd4ea34035b8c7c4e3be70f2c5

                                    SHA512

                                    26f18e40b1d4d97d997815fe3921af11f8e75e99a9386bbe39fb8820af1cbe4e9f41d3328b6a051f1d63a4dfff5b674a0abafae975f848df4272aa036771e2e9

                                    Download Submit
                                  • C:\Users\Admin\Downloads\Release.zip
                                    Filesize

                                    6.4MB

                                    MD5

                                    89661a9ff6de529497fec56a112bf75e

                                    SHA1

                                    2dd31a19489f4d7c562b647f69117e31b894b5c3

                                    SHA256

                                    e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

                                    SHA512

                                    33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

                                    Download Submit
                                  • C:\Users\Admin\Downloads\Release\dfgddfdfghdfhgfdhd.exe
                                    Filesize

                                    45KB

                                    MD5

                                    42faf67435979c1245010683d8e916b5

                                    SHA1

                                    b93b780736398c6e4001c150276ccb24982ed67f

                                    SHA256

                                    eef18c81faeee1877aa9cd8d8aef18b643a434fd3da221cc724070ec863e5fcd

                                    SHA512

                                    ff0fd19b423da9c89a6729790f5f39bac4e2dd03d62ad8c8fcf9628afb7e57a58b0a4700ee8811ba6c6191390c7cf3816342852fb90fc583ba261fd4637fcd86

                                    Download Submit
                                  • \??\pipe\LOCAL\crashpad_4016_CWXGKRECIPQEINSE
                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    Download Submit
                                  • memory/5204-339-0x00000166AE630000-0x00000166AE631000-memory.dmp
                                    Filesize

                                    4KB

                                    Download
                                  • memory/5204-350-0x00000166AE630000-0x00000166AE631000-memory.dmp
                                    Filesize

                                    4KB

                                    Download
                                  • memory/5204-349-0x00000166AE630000-0x00000166AE631000-memory.dmp
                                    Filesize

                                    4KB

                                    Download
                                  • memory/5204-340-0x00000166AE630000-0x00000166AE631000-memory.dmp
                                    Filesize

                                    4KB

                                    Download
                                  • memory/5204-348-0x00000166AE630000-0x00000166AE631000-memory.dmp
                                    Filesize

                                    4KB

                                    Download
                                  • memory/5204-347-0x00000166AE630000-0x00000166AE631000-memory.dmp
                                    Filesize

                                    4KB

                                    Download
                                  • memory/5204-346-0x00000166AE630000-0x00000166AE631000-memory.dmp
                                    Filesize

                                    4KB

                                    Download
                                  • memory/5204-345-0x00000166AE630000-0x00000166AE631000-memory.dmp
                                    Filesize

                                    4KB

                                    Download
                                  • memory/5204-344-0x00000166AE630000-0x00000166AE631000-memory.dmp
                                    Filesize

                                    4KB

                                    Download
                                  • memory/5204-338-0x00000166AE630000-0x00000166AE631000-memory.dmp
                                    Filesize

                                    4KB

                                    Download
                                  • memory/5444-222-0x0000000006330000-0x00000000063E2000-memory.dmp
                                    Filesize

                                    712KB

                                    Download
                                  • memory/5444-223-0x0000000007F00000-0x0000000008254000-memory.dmp
                                    Filesize

                                    3.3MB

                                    Download
                                  • memory/5444-215-0x0000000005880000-0x0000000005E24000-memory.dmp
                                    Filesize

                                    5.6MB

                                    Download
                                  • memory/5444-302-0x000000000C470000-0x000000000C482000-memory.dmp
                                    Filesize

                                    72KB

                                    Download
                                  • memory/5444-228-0x00000000083C0000-0x00000000083DA000-memory.dmp
                                    Filesize

                                    104KB

                                    Download
                                  • memory/5444-216-0x0000000005050000-0x00000000050E2000-memory.dmp
                                    Filesize

                                    584KB

                                    Download
                                  • memory/5444-227-0x0000000008280000-0x00000000083A4000-memory.dmp
                                    Filesize

                                    1.1MB

                                    Download
                                  • memory/5444-214-0x0000000000460000-0x0000000000662000-memory.dmp
                                    Filesize

                                    2.0MB

                                    Download
                                  • memory/5444-321-0x000000000BDC0000-0x000000000BE5C000-memory.dmp
                                    Filesize

                                    624KB

                                    Download
                                  • memory/5444-221-0x0000000009A60000-0x0000000009A82000-memory.dmp
                                    Filesize

                                    136KB

                                    Download
                                  • memory/5444-218-0x00000000057F0000-0x0000000005804000-memory.dmp
                                    Filesize

                                    80KB

                                    Download
                                  • memory/5444-220-0x0000000005860000-0x0000000005872000-memory.dmp
                                    Filesize

                                    72KB

                                    Download
                                  • memory/5444-219-0x0000000005830000-0x000000000584A000-memory.dmp
                                    Filesize

                                    104KB

                                    Download
                                  • memory/5444-217-0x0000000005210000-0x000000000521A000-memory.dmp
                                    Filesize

                                    40KB

                                    Download
                                  • memory/5532-304-0x00000000070D0000-0x00000000070D8000-memory.dmp
                                    Filesize

                                    32KB

                                    Download
                                  • memory/5532-327-0x0000000008ED0000-0x0000000008EEE000-memory.dmp
                                    Filesize

                                    120KB

                                    Download
                                  • memory/5532-326-0x000000000A220000-0x000000000A74C000-memory.dmp
                                    Filesize

                                    5.2MB

                                    Download
                                  • memory/5532-325-0x0000000008EF0000-0x0000000008F66000-memory.dmp
                                    Filesize

                                    472KB

                                    Download
                                  • memory/5532-324-0x0000000007610000-0x0000000007660000-memory.dmp
                                    Filesize

                                    320KB

                                    Download
                                  • memory/5532-323-0x0000000009B20000-0x0000000009CE2000-memory.dmp
                                    Filesize

                                    1.8MB

                                    Download
                                  • memory/5532-322-0x0000000008D70000-0x0000000008E6A000-memory.dmp
                                    Filesize

                                    1000KB

                                    Download
                                  • memory/5532-320-0x0000000000590000-0x000000000059A000-memory.dmp
                                    Filesize

                                    40KB

                                    Download
                                  • memory/5532-308-0x0000000005550000-0x000000000555A000-memory.dmp
                                    Filesize

                                    40KB

                                    Download
                                  • memory/5532-303-0x00000000056B0000-0x00000000056BA000-memory.dmp
                                    Filesize

                                    40KB

                                    Download
                                  • memory/5532-301-0x0000000005700000-0x0000000005766000-memory.dmp
                                    Filesize

                                    408KB

                                    Download
                                  • memory/5532-300-0x00000000004B0000-0x00000000004C2000-memory.dmp
                                    Filesize

                                    72KB

                                    Download