Malware Analysis Report

2024-08-06 18:22

Sample ID 240529-xqx3lsfb55
Target xeno.exe
SHA256 7aad3fb29bcdcfd26a097bb164fca235000f461e1fa0a9c7434a770a3b1b36e1
Tags
xenorat rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7aad3fb29bcdcfd26a097bb164fca235000f461e1fa0a9c7434a770a3b1b36e1

Threat Level: Known bad

The file xeno.exe was found to be: Known bad.

Malicious Activity Summary

xenorat rat trojan

XenorRat

Xenorat family

Executes dropped EXE

Checks computer location settings

Unsigned PE

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Creates scheduled task(s)

Enumerates system info in registry

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Scheduled Task/Job
T1053
Persistence
TA0003
Scheduled Task/Job
T1053
Privilege Escalation
TA0004
Scheduled Task/Job
T1053
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-29 19:04

Signatures

Xenorat family

xenorat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 19:04

Reported

2024-05-29 19:05

Platform

win10v2004-20240426-en

Max time kernel

85s

Max time network

98s

Command Line

"C:\Users\Admin\AppData\Local\Temp\xeno.exe"

Signatures

XenorRat

trojan rat xenorat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xeno.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614830891924297" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2848 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\xeno.exe C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe
PID 2848 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\xeno.exe C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe
PID 2848 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\xeno.exe C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe
PID 4628 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe C:\Windows\SysWOW64\schtasks.exe
PID 4628 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe C:\Windows\SysWOW64\schtasks.exe
PID 4628 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe C:\Windows\SysWOW64\schtasks.exe
PID 1952 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\xeno.exe

"C:\Users\Admin\AppData\Local\Temp\xeno.exe"

C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "Console" /XML "C:\Users\Admin\AppData\Local\Temp\tmp47F6.tmp" /F

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b8f3ab58,0x7ff8b8f3ab68,0x7ff8b8f3ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5040 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4308 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4972 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4412 --field-trial-handle=1960,i,3290770518313725379,11361094276464737327,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 taking-headquarters.gl.at.ply.gg udp
US 147.185.221.20:3069 taking-headquarters.gl.at.ply.gg tcp
US 147.185.221.20:3069 taking-headquarters.gl.at.ply.gg tcp
US 8.8.8.8:53 20.221.185.147.in-addr.arpa udp
US 147.185.221.20:3069 taking-headquarters.gl.at.ply.gg tcp
US 147.185.221.20:3069 taking-headquarters.gl.at.ply.gg tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 147.185.221.20:3069 taking-headquarters.gl.at.ply.gg tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 pornhub.com udp
US 66.254.114.41:443 pornhub.com tcp
US 66.254.114.41:443 pornhub.com tcp
US 8.8.8.8:53 www.pornhub.com udp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
GB 64.210.156.16:443 ei.phncdn.com tcp
GB 64.210.156.16:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
US 8.8.8.8:53 41.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 16.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 17.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 media.trafficjunky.net udp
US 8.8.8.8:53 prvc.io udp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
GB 64.210.156.20:443 media.trafficjunky.net tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
US 104.21.56.52:443 prvc.io tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
US 8.8.8.8:53 ss.phncdn.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 eg-cdn.trafficjunky.net udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
PL 93.184.223.43:443 eg-cdn.trafficjunky.net tcp
US 8.8.8.8:53 qckload.com udp
US 8.8.8.8:53 20.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 156.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 52.56.21.104.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 43.223.184.93.in-addr.arpa udp
US 34.225.210.0:443 qckload.com tcp
US 8.8.8.8:53 www.securegfm2.com udp
US 8.8.8.8:53 dg-videos.b-cdn.net udp
DE 18.197.208.17:443 www.securegfm2.com tcp
FR 185.93.2.244:443 dg-videos.b-cdn.net tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.200.27:443 storage.googleapis.com tcp
US 8.8.8.8:53 0.210.225.34.in-addr.arpa udp
US 8.8.8.8:53 17.208.197.18.in-addr.arpa udp
US 8.8.8.8:53 244.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 27.200.250.142.in-addr.arpa udp
US 147.185.221.20:3069 taking-headquarters.gl.at.ply.gg tcp
US 147.185.221.20:3069 taking-headquarters.gl.at.ply.gg tcp

Files

memory/2848-0-0x0000000074BAE000-0x0000000074BAF000-memory.dmp

memory/2848-1-0x0000000000C90000-0x0000000000CA2000-memory.dmp

C:\Users\Admin\AppData\Roaming\XenoManager\xeno.exe

MD5 b88f9cd14eca3f33c2819b1c96c552fa
SHA1 707c68257c2ea97fa4591f58be326e1308fd1106
SHA256 7aad3fb29bcdcfd26a097bb164fca235000f461e1fa0a9c7434a770a3b1b36e1
SHA512 7ef211c52ae69c8680ed7fdf8dadd2f2fe64f6669f8f52394e58b53e273f3532126449dab2cb0a3a82cb2d5bd6eb1b0a184686d81f7d3338616eed3f0d2ac65c

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\xeno.exe.log

MD5 916851e072fbabc4796d8916c5131092
SHA1 d48a602229a690c512d5fdaf4c8d77547a88e7a2
SHA256 7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d
SHA512 07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

memory/4628-16-0x0000000074BA0000-0x0000000075350000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp47F6.tmp

MD5 1e78117969f90bf8f7b3c698c5037874
SHA1 8cf49de603072420bd6f788f59da0ea363a32352
SHA256 8ef88e1b240d1bc3b39921b7b4f8fa9bb06d2b8ec2c7e30e62decdb40a309172
SHA512 ef8d712fe12aa0e5e3210ca2762e8ebe73f169deed848cb7b5e213b75853708d1bc4ac50b03c473b8cb25cc245e9e4c8ca6257bbaa7b094478e41b6296f50815

memory/4628-18-0x0000000005C30000-0x0000000005C96000-memory.dmp

memory/4628-19-0x0000000005BC0000-0x0000000005BCA000-memory.dmp

memory/4628-20-0x0000000006080000-0x0000000006112000-memory.dmp

memory/4628-21-0x00000000066D0000-0x0000000006C74000-memory.dmp

memory/4628-22-0x0000000074BA0000-0x0000000075350000-memory.dmp

memory/4628-23-0x0000000074BA0000-0x0000000075350000-memory.dmp

\??\pipe\crashpad_1952_VFUTSYGYUMWXPIKV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ea76a8f27c82c343d0878bbdc5b61746
SHA1 d5003d05860c746f3ed231a4e0c90b0fbb6847b1
SHA256 06f03fdd442560a2f285bd0bafcfde2443ac1e7434d75185e70667e898640ce3
SHA512 1d20d14a3e98cefba74514b1586b7708b9a98ab02c4e28a41b671dc5eff4fb45427e12d75ac7868176c72fab2b57b3d54dbde1b37c00bc8febcbbe6a117ca3a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e375a2ad87f6d20d0b7f5a68777e36e6
SHA1 5134e75b96beb2ae6676d4226845112ac636d303
SHA256 8104133cded209a46163db66ae717b9f65cb537830d615fa63c598d6771b2971
SHA512 d7ef03d93350dc2f4ff75a08e182a5f43566a67e3779d8ac6c96a7ef3c871c6fe6ac507a3eef0ad69aca8a9ce8dcbced3e39f287f46820530eeaf131c858aec6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8a6b95cfdbc705613c84746382612267
SHA1 c609fff83163d53d6d46d5db3f59460505f8acdd
SHA256 f4cb5630872b6fa4aceccdfb21a16941cb15d1e9bfdfa72c41bba83a42edb770
SHA512 9d7c819d4215513882f2a3ad94910046d2e6262de00fc3d18bc5dd821c3255cdad647c9424bd794f209f6658b8c009fbace4c0eb9252e55100d26900621b8219

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5d6f86ca66f0033b8d0cf5a2fa956464
SHA1 cb1d3a3f8593f085b095f43d2b4c8fe37c4e064a
SHA256 3b417a1cebd681e70d5d36abf2c67b234526993b0ad0410cc066f64a0985b1b3
SHA512 2402fb7e5a336a7f654c8db064cf15c450e96351a091a6a18d2b2d53d7625e634238b6984bef8021b54eb9ec9e0af6d142dfbb7bea7e1aea97db9f0e2d8bcb8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1c8b05edcbc590736da448293dcfcd4e
SHA1 c7036475a746d84f01a7d399db2257cad007e967
SHA256 7416c2fe0e81f82fa351a4d484f15f941799767a6dc49297ae60bc900783f319
SHA512 ca71134631cb284b8de193eaba4f09c254903747076bb56520a60b97486080bbea79942a477f02bdfb10bb4ead748a996de7995926fac4a49dbf96bdda0ef862

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2407761ca8bba74e17b2bff49dbbfdfd
SHA1 35b0669b595038f4195e181990b1e9e3affa267b
SHA256 7913ac7a104a3884cec0f43b7abebf922bfc9935d20f2c545ea9e639dbfc7b01
SHA512 bb217d1cc6bc711c9a4dd2c2cb3e0cfefa00e13ff3d015882a303f93f8058fbc269dff371b535efda0ba15cabaa2fe5799aa61310fd4ae010ac236fc011f3cfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 88f4684b8bfd527a0bd89f4c5d7d0e31
SHA1 b8984b94ccc235b96f00ba740d4263d99906e918
SHA256 74ff8c51b7d890e123e2b5a69e1c0209d14a9aac18d0c7dd165182c7f8658b1c
SHA512 51647a8e87f4a78b563668bdc04685f2145fb99dc6cd60f3a92c631bd90359a6a096a40df15e8358d3534f6ebf000fc1c1998965b2485c03200a9c1ad6421639

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c8ee6ed9697279555d669909f9cea23f
SHA1 eb80aec91be69e4ba62f8aaf5725d84911320785
SHA256 00ab5e0dd58a0acabd8d299e4cc646194cdadcd76481dad7f6854413ecc0f9ce
SHA512 425cf0efb50ff679fb22bff77811803dcafa088fd31196d9a60450e631285d30eeec77862a00fefe3ed6bf7d9bd1f65969cd05005820f8a2c69a19606ac7acee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 067022e3b93359839be0f33d1bc746e2
SHA1 d7677022d8ce7e90d52f2728e97ea885ca41a5a8
SHA256 5291a20c3c967f9e2b8f1e94e4d697a96c4dcf593153a7e94a2c2b01ad24464e
SHA512 bdeb209c13230d3403e66dadd33eb39202424edda0a5240bb7098718a7e40e390211d7aa523f1c420a735b7a75e428fe2a006aa111be3dcec43c68aecb4f7fcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8d2b24350880d295263b356e98405d8
SHA1 e17997ebd9523a6d3e1a24b99e8f551ff46ebf20
SHA256 c50984a95a84c951078cb5add3b360bf2e42835980bc6567d0abf7c62b81a390
SHA512 03368889c0ada2b46d480510ffbdf6952d940a69711b874332275345f2f28180e129c1de5ddf856e0b86bdec93652284f7046d6c90a2e8e0fd41606a2e1dcd4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/4628-312-0x00000000063E0000-0x00000000063EA000-memory.dmp