xenorat | e14421ff6b1d53b35cf713c08e3025c8db7f8a55b7e40b5e8c787bb6bf441030

Analysis

max time kernel
156s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
18-07-2024 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NovaDebug.exe
Size

45KB
MD5

09e75c0a0f5f0e839d23ac80a6b38d56
SHA1

d36e6d2f7e59f451cae5d9b18fbe0c14bf73f134
SHA256

e14421ff6b1d53b35cf713c08e3025c8db7f8a55b7e40b5e8c787bb6bf441030
SHA512

bd1a267b2d2e74d5a7da323dfdd77382458722af89cbc75d8a6ada9e7125bb0118458f2a5b7b17a31d05b527a9edcf43428c057bddee3498621869bbdaa3365f
SSDEEP

768:9dhO/poiiUcjlJInIzH9Xqk5nWEZ5SbTDaLWI7CPW5P:zw+jjgnKH9XqcnW85SbT6WI3

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
1294
startup_name
NovaDebug

Signatures

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat

Executes dropped EXE 1 IoCs

pid	Process
1216	NovaDebug.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133658028012536116"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\NovaDebug.htm:Zone.Identifier	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1212	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
676	chrome.exe
676	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1216	1628	NovaDebug.exe	81
PID 1628 wrote to memory of 1216	1628	NovaDebug.exe	81
PID 1628 wrote to memory of 1216	1628	NovaDebug.exe	81
PID 1216 wrote to memory of 1212	1216	NovaDebug.exe	83
PID 1216 wrote to memory of 1212	1216	NovaDebug.exe	83
PID 1216 wrote to memory of 1212	1216	NovaDebug.exe	83
PID 676 wrote to memory of 3600	676	chrome.exe	88
PID 676 wrote to memory of 3600	676	chrome.exe	88
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2204	676	chrome.exe	89
PID 676 wrote to memory of 2216	676	chrome.exe	90
PID 676 wrote to memory of 2216	676	chrome.exe	90
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91
PID 676 wrote to memory of 3816	676	chrome.exe	91

C:\Users\Admin\AppData\Local\Temp\NovaDebug.exe
"C:\Users\Admin\AppData\Local\Temp\NovaDebug.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Users\Admin\AppData\Roaming\XenoManager\NovaDebug.exe
  "C:\Users\Admin\AppData\Roaming\XenoManager\NovaDebug.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1216
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "NovaDebug" /XML "C:\Users\Admin\AppData\Local\Temp\tmpAE12.tmp" /F
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5938cc40,0x7fff5938cc4c,0x7fff5938cc58
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4692,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3472,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3320,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3436,i,2780736551224887729,12862122129064849051,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:1204

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
25cec3c4ab77652726df09959bbd6642

SHA1
959695e2d17a79f51b932cb310f8aa68e57b7d79

SHA256
d2986c8ef12b873a4ac63c9c4b8b229747dc4ed3962638ab97324d91a50bff89

SHA512
1b781546e875f6b2e9bdf23816349a59788c6de871f0f96ea16a4c18877eb77551495ee996fbec9d442ce6ccb2dfdad3a3489067d8b4c715ff7aec7409ffa4f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
e6cb7c8921c08a0bc0caf882fe8324d3

SHA1
4c7f77fe8101be60110ee02cf3d266e678ab0da4

SHA256
40f62d9eb9d27ab22af89f8b44ecaa09557184927f056e4f601047c05d18e467

SHA512
fd3279a317e06967888c7dd5d50549f9f80d3276bb83948bf149b06f40bdee5d1cf29322272eaad2e44d0cedd0ff06dd86b658f915687a5993f716f56d59720d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7c71fd1d7623b09eacb4b2d7e55b2413

SHA1
c975cae4c50fc34fd361fd9597e90b1e793c7c23

SHA256
caf103f1d65020f696d2d257309b9e6e076d58251d7adbaec11e02a6c2ff704d

SHA512
012c61729e03a0837d763da8d849eb0e31bfa6966e8bb03b592edf9e22b7746ed16b8804f6b02157c26d6fa22382b170f0bf358039ade7d8fe277b4a1e1bdf99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
006465a64e27c0f89c1dae26a6215e50

SHA1
d95af215149ae960e98c426da87cf1be20c21e7c

SHA256
7b1a75ce4d850a807acb365d39463e246fd46df9efc2971bedc932741560200d

SHA512
ee622caa73a457f6f570233d15d07bbd2aa239ba4c819fe4e7f01b6b15042b3dda93a495da03ea41447b170309cb88cad53ca7a97fc42b2cd56e623c5919bdb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
548e5485609497cecfb824c68c2db1e0

SHA1
a2a693efed9bb319c6667fe1219cec21b0eff097

SHA256
db9cb9de5570a352a05c0228a09cf06d45e056ecee29cc02036c96ada2ff64ea

SHA512
9de56adf5e5c50aaf3cb9923e53f68abb690bb8e7e2280cf0f954f941c11b2017324d93b9c06b9279a9c25836e6b330cc8dfe54f5e38d97cd0de8d69f82a9154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4b2cf3eb36aca1cab15dd8d9cc90fba0

SHA1
1ebb6850d0b47cdba4b8c6d7f808fab8cb5e0547

SHA256
83ac651def68ac9d45811566c2e59b0fb2ec9ac6f8421825915945cdd3ef0be3

SHA512
e942b99086d3640110947ffd108adece84bb7153658e4b915ff46016ac41c37f5da7f067c2210ae7d2a7c5af2bd89efb797ece3d775aa7beb100f3e123958d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
debcf0a6ef9160d1940e49c6d1ebeaff

SHA1
4f748c26e4f98b957c8457cb5b71b76df6e4bda5

SHA256
f564e5721204ffe6267fbe38e5442c15f003f0fbe28769c1eeaa5e2f24c8314b

SHA512
46d790b8224d9b93936a9c79c6ff6393618fdbf65bbddc7e9b969ef9259d26450a05c9255e76bbf482c23ac6c7c8c8a3f53a9eb3e1ea5e10d4bf53ff59f4feb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
65e56fcf6f2e85136c50ca9a987f62f5

SHA1
2b2d47378dd80ce75d77c238e4f3aa2af676588b

SHA256
d47741ef033d4991f974545517aa3e40d5a09adb60ec66176ca77af02dbf5192

SHA512
7926ee888b6d334bbaba80106b1cfb4d27f9739d8453530eeb04d2360a6ec6aaacf2aa087c24b128fb3aacc4f241ee3e01ac49a3597580abec1e768e2b1fb507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80559dc3baefa25059f1252bd9f96f7f

SHA1
8184036e8c81d2fa66d3013ca6d7c0ea717ee5aa

SHA256
8171d66701a4fb76d2b5683e4006228b52526bc960e5d44a173a3c4fbdb1f559

SHA512
be87a0710fb27d51e2a919e84e5a697ae1a0b4b0c3e28131eab8d811b77ea7029e7faf178b773e1e4742e080760443b9dc9970accdc4f2eb1461c46e541d0a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ff659f4e99e092784b63046a5d99f5d

SHA1
1ce52ff46f87641d55f41445611b3578ee6096df

SHA256
1355dabe902038afeec1087298b6aaeab195a211da4a43434192624e9d2b66fc

SHA512
f4ad827a431d02a1454acaee190ab1919378b29f77720c6e2ed61ec8d6026ce7d72acbe1313868bfe32472c23a9c0be74afdf00a26d3a48215ce43051d105f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7084ed7787baf630f12038d66edc1acf

SHA1
722e661b2a139a828adade33e474c3c7aa8d19be

SHA256
2c8a5b81e8b3789ea6be3a60b857412a38015e829dda6e1e05c4c6dffd5bcf81

SHA512
e2794212024ad388504cbab1e951775e76c7e68d03bb6b3ce55e5d2ef169eeaf0b9502843557bd22e16fda6d80eb1676a882a3ccead0a279aa8619f7ab4a4055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
184KB

MD5
19ed69145c79ce56eaf7a58cafdc99ae

SHA1
6e89de5e3f9264f60a5ce8017361f5d615ad06ff

SHA256
728aee27fe4b0545f76f639b13327411ec4bb63324db2baf3c96c659f944fe4d

SHA512
2e1a5f1eb71e0d306fd49ca9b76101c5b8d8e943de7d8fafaf5781de4b84310808f6db2dc89a009763d12ec470e9b40608097e2ec56ddedf311b1c23926a86c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
cce35e6cd51870339c839bde3819d11e

SHA1
5ac0cf1becba44a51f20db2c093eced579aa70e3

SHA256
ba8a222cdea68506e36002d41fdbe680df524284e074297ce91164095ede9bb1

SHA512
9804e500b6b78e7963b14a4bc3defed66958f6f20f054187cd3c048f7ddce51bf81073d97c1ed08dd5e2cac612fc740c77baf7a1cc07aa71f17d155585a2f62d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpAE12.tmp

Filesize
1KB

MD5
b7c99dc09c1ff341236a76f805fc75b2

SHA1
767a6d13ae843c9aa036c2f698254694c3a6fd22

SHA256
b7145535737b8d1541a81110ecfff5f0fa1cf18becc79451b449b1b593f84f47

SHA512
54cc8402d38fbaaf1bbc6846488232e8ea3be5635cf4bdeed506f5d62c33802d03eeddc5d855853fab70650f9d724c1c539eb1239982cb137a0c3de820efa3e3

Download Submit
C:\Users\Admin\AppData\Roaming\XenoManager\NovaDebug.exe

Filesize
45KB

MD5
09e75c0a0f5f0e839d23ac80a6b38d56

SHA1
d36e6d2f7e59f451cae5d9b18fbe0c14bf73f134

SHA256
e14421ff6b1d53b35cf713c08e3025c8db7f8a55b7e40b5e8c787bb6bf441030

SHA512
bd1a267b2d2e74d5a7da323dfdd77382458722af89cbc75d8a6ada9e7125bb0118458f2a5b7b17a31d05b527a9edcf43428c057bddee3498621869bbdaa3365f

Download Submit
C:\Users\Admin\Downloads\NovaDebug.htm

Filesize
242KB

MD5
1234bdc074b2a621afd8e68e4cb2d25a

SHA1
b84c7b8e14903e62e8a121538075628ec095be21

SHA256
5c1894f0cec1061476fbe9ad1b7924b1e11236fb4fa0a552b27e98800e26d6dc

SHA512
d62e053c2e0bce4a62db7fac9c8040ef97cdc11a0301a5170d63064fd01e3d1ac6301829809671b0df9140e1d206c3dbf497b3b2bb763aaccf9f1efdf74e6a70

Download Submit
memory/1216-18-0x0000000074820000-0x0000000074FD1000-memory.dmp

Filesize
7.7MB

Download
memory/1216-17-0x0000000074820000-0x0000000074FD1000-memory.dmp

Filesize
7.7MB

Download
memory/1216-14-0x0000000074820000-0x0000000074FD1000-memory.dmp

Filesize
7.7MB

Download
memory/1628-0-0x000000007482E000-0x000000007482F000-memory.dmp

Filesize
4KB

Download
memory/1628-1-0x0000000000140000-0x0000000000152000-memory.dmp

Filesize
72KB

Download