xenorat | e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

Analysis

max time kernel
115s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release.zip
Size

6.4MB
MD5

89661a9ff6de529497fec56a112bf75e
SHA1

2dd31a19489f4d7c562b647f69117e31b894b5c3
SHA256

e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd
SHA512

33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f
SSDEEP

196608:SYNI1S7C6S230UwVLW83FUSA7WQZzwM3/C2cM7m2:rNIs7CDvB1USA7WS/vcx2

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

localhost

Mutex

testing 123123

Attributes

delay
1000
install_path
nothingset
port
1234
startup_name
nothingset

Signatures

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat client.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2868	chrome.exe
2868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2972	2868	chrome.exe	91
PID 2868 wrote to memory of 2972	2868	chrome.exe	91
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 928	2868	chrome.exe	92
PID 2868 wrote to memory of 3660	2868	chrome.exe	93
PID 2868 wrote to memory of 3660	2868	chrome.exe	93
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94
PID 2868 wrote to memory of 2988	2868	chrome.exe	94

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Release.zip
1⤵
PID:3628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9a41ccc40,0x7ff9a41ccc4c,0x7ff9a41ccc58
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,6816610975434057197,14387954061850978602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2212,i,6816610975434057197,14387954061850978602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,6816610975434057197,14387954061850978602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,6816610975434057197,14387954061850978602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,6816610975434057197,14387954061850978602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3720,i,6816610975434057197,14387954061850978602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,6816610975434057197,14387954061850978602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,6816610975434057197,14387954061850978602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5296,i,6816610975434057197,14387954061850978602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5304,i,6816610975434057197,14387954061850978602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  PID:4728

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1076

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:512

C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe
"C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7718e5e05e93799d2b6969dae3bf6c6f

SHA1
49ba993b0dd55c39645c9b842767575b9d7f4145

SHA256
917f44c9f35221467cc5f0a3071122003ed71278a593d815d7f12df783acc1a8

SHA512
cfb1c740e0a6498a22a7e670f84244294ba4bae2e17009946949567ac51c99e740e6f61508399bf98909226db8af6e340ae3e0bf0780f5cf333186f36c1b49b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fd85ee2b4e105023e38cec1c6d1f04ad

SHA1
12782db05db109e1937563dce6ef46863c463a79

SHA256
acceb202534f331c3ef68c630eaddc17272e3c9b7e3ab1521cc61e79e8860d4a

SHA512
74c7bf47b7f36c05d15edadd5f15fced7bb9e3483c07bf70480bfe1810f7749392ab43d079dc7e4bfa9535b792dd8a35148e78a69ab5bf32291ce1634aa84283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
092a1a2ce96db1ca45b0c59ffa6a91ef

SHA1
6d3741a3d716adbb43d7990baab953301c230f16

SHA256
948385596152b522359e3473c73e817b629465b3a2944ad1ddc60e1eac855aa8

SHA512
f5ba684dbfa109613f6995129a720fb252b9ed0af04a9aa463f77a9f5952c8a3ac3ad04c1f7f20ae4400750d450f3eab17bbf021eebddb42c8c166ca7327bf63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
12cbb069c92be2a1961d8e0b284b2690

SHA1
c9c289a44022e55afe7a7c933ed76a867e1a60a5

SHA256
0783d29674cebdead79ee4719219e3b390cef36d97230821d1744332e5715bd1

SHA512
fe490cfcf18a1b2aa6bc0577700570fe8549043bab3073215ef6a204e38f81c207e1324396c0d4c884b0a6758f8e484932da483d6bb72058e539d177f20fd690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e562533efdc9733c7cd92d7329234214

SHA1
8f98ce230302be6b1380b4954c7a407b1fb24d30

SHA256
23b52719b3e2e31f46c2627a71b2ca7d1e2185f4b82875ae8a544f8c30bd4e44

SHA512
2da0844e1fc72573087999e03908a462690e2d5e27b37493a3faeec6f07b9dbd0e20453a78f386ca96fa5d15810b21426a0b14e4fccd8a74ad81cfaa15d5aef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
442302d8f1ca191f19e79f77ad69d710

SHA1
208c859897674f2acb94d8b6513f475e24870003

SHA256
d663df936da6b538aa5cfe2e91822438cac4c4c34df642d1e24c23fe565ddea2

SHA512
df7ddebf198be302b99bb19d39fbbb15f2853205440c19c7e0ef41a58664ae3c7d77ea2873af8cf0280034dd275aefac52a95caac6ff5a31189d3ef638ac37e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4f03b55ff384ca8f75ce09eb19bb4161

SHA1
55d4ff8ab928882ff074c58a842c0690bab8f826

SHA256
842cf48c454b513181c98ba169d7426ef24dc2503362642bd7ed59137baf7a9a

SHA512
a40f632bc4601383d2f0659bbeb227be90b191f27e00143df9ff41927561969b9f8515c526e0e13b4139d96b293b567ee8c80971fd4473e1e8535d69abf17990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\afc9befa-8782-4c09-af3e-d398ad2844f9.tmp

Filesize
8KB

MD5
a900bec8bfed2a80a5c564a7c4c3c4f2

SHA1
cd365f23209cc26ac42dc21af2720f9cc2d17707

SHA256
880eb7a2b124a4a22e8b0daeffb54d8d3187840460f695f874e767afdda97207

SHA512
bf1521fb5b198291420b11070d880b29e57dd002acb8ba6e0eb21a4b42213188d4796eb148acebe0294b21cf698d8aa91e3ef6ad73704e81203ddffdad9d6e8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
1605f31908fc3822bcd21669f9a889db

SHA1
0633c591ff77c5b7a9c8e1f0fd2eba35cf6f1867

SHA256
73651d84ca62f0bd7851cce0ae4371b559fe1e15eddf14aea7719846265d9e56

SHA512
2cad7fcbe1574c9519e2e8d8c4648c4129ce801ad4c5bc8b87dbbae9c54d1d01e6654b77e02a08ee4b1c71b3d8ad0bd7415fb66a5651a1c1c4e13e51765163bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
ae5f6c553a6a0e4f7d51d0067a8e65e7

SHA1
cdba2ceada0a94985e9211b5cac8204ab2501666

SHA256
cbd55f5078468d6db09bd3339a837e1ab79e2ca74da6f2a69aaf59494f3999f9

SHA512
848e8ff189280dd76a4e0dbbaa319aa6853c6d1dc5dec7d6dec16bb262934101be37fd5233e9cf4965d58a5a29625366dd77b703c3d0482747ec8cc5c1b8678c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
58882e596925f436c325124750850b52

SHA1
91ea4e1ef00933f6c6161b1c691d0919d57895e5

SHA256
9d127a19dc6437f0e3c28a084d2290f6f855c66544c7c8114134caac362e8033

SHA512
97cae018ddbdd1973b53c4035bca511b7568c2045695ac395d347b094547fe38f0b8aa471b0a382e09d0d174c4917bea3c18347c7ef888f46694d466cbd207cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
77e0ca14d74a4ae1908a1e10e24f05f1

SHA1
6eea998b48de6de9b29f055314259335df58dbd2

SHA256
0e979d4bb4d8f9c258cf9f33a27c5f9a8207e1b26f995da65b1cfdc9d2b934c5

SHA512
517e9ba9837726322cc4fed3dc9096e78e70ca9421378ee633cf07a1bb31ee021374039144e64cedebae67ad011a720b40106619a241466d5f7c9e7e584c0054

Download Submit
C:\Users\Admin\Downloads\Release.zip.crdownload

Filesize
6.4MB

MD5
89661a9ff6de529497fec56a112bf75e

SHA1
2dd31a19489f4d7c562b647f69117e31b894b5c3

SHA256
e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

SHA512
33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

Download Submit
memory/512-320-0x0000000000DF0000-0x0000000000FF2000-memory.dmp

Filesize
2.0MB

Download
memory/512-321-0x0000000006150000-0x00000000066F4000-memory.dmp

Filesize
5.6MB

Download
memory/512-322-0x0000000005A80000-0x0000000005B12000-memory.dmp

Filesize
584KB

Download
memory/512-323-0x0000000005A10000-0x0000000005A1A000-memory.dmp

Filesize
40KB

Download
memory/512-324-0x0000000008400000-0x0000000008414000-memory.dmp

Filesize
80KB

Download
memory/512-325-0x00000000084C0000-0x00000000084DA000-memory.dmp

Filesize
104KB

Download
memory/512-326-0x00000000084F0000-0x0000000008502000-memory.dmp

Filesize
72KB

Download
memory/512-327-0x000000000A3F0000-0x000000000A412000-memory.dmp

Filesize
136KB

Download
memory/1156-328-0x0000000000720000-0x0000000000732000-memory.dmp

Filesize
72KB

Download