xenorat | hxxps://github[.]com/moom825/xeno-rat/releases/download/1[.]8[.]7/Release[.]zip

Analysis

max time kernel
82s
max time network
83s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12-08-2024 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/xeno-rat/releases/download/1.8.7/Release.zip

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

localhost

Mutex

testing 123123

Attributes

delay
1000
install_path
nothingset
port
1234
startup_name
nothingset

Signatures

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat client.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679800130387260"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Release.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4540	xeno rat server.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 3924	3888	chrome.exe	82
PID 3888 wrote to memory of 3924	3888	chrome.exe	82
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1260	3888	chrome.exe	83
PID 3888 wrote to memory of 1176	3888	chrome.exe	84
PID 3888 wrote to memory of 1176	3888	chrome.exe	84
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85
PID 3888 wrote to memory of 800	3888	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/moom825/xeno-rat/releases/download/1.8.7/Release.zip
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa90ccc40,0x7ffaa90ccc4c,0x7ffaa90ccc58
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,754410806686686637,17783816137724216030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,754410806686686637,17783816137724216030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,754410806686686637,17783816137724216030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,754410806686686637,17783816137724216030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,754410806686686637,17783816137724216030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,754410806686686637,17783816137724216030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5016,i,754410806686686637,17783816137724216030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5600

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2384

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:4540

C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe
"C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:6132

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3032

C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe
"C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d881fe4df7a650d799f11987457343ae

SHA1
a6d435909ed10eb711f8395004b50cc0c69c4377

SHA256
382f18bdd9d443a37ff151414e4535ab0b5a3203dcd4433ab4380e004dc496c6

SHA512
024e32d222f293b5cd60c3e46243d022a185940704255cbc4b3b9a55a4a5fd4bbf680516edead660d3539f33a56a68aa892a20d5d05a7d7d1e316de19843050e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3b297f0e97220baa72c2245f2f21f62c

SHA1
0d666a54d5c4c79e70da28061562489ea5809e87

SHA256
e118fcc056d57ca9e46e8352a8a35ff3f2107227aceea188d10b01fd8b7a09fe

SHA512
fa23b16a4ea25c23c5bf7147d7fa11e36737a2a6f2ed97de8b447606d21ad85dc7a3436c5311e567bd68e5c6cb91981c6fe91d49045974763aeccc460018dd32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
455eee993052a4b037819f2c6533cba7

SHA1
0d4707ea79bae5a1aaac9cd2ace8f0d87db991e9

SHA256
3f10b87c9616fdfb88d198eb469328dcb1c6c852188882ad0c4e910deac0bbb4

SHA512
1df1aabf0a71d868353568307263bc1ae728c7df76129540d7c525a34199b11cdb732445a6cf35a56739969dfa29ad45bc7e922dc3244a14cf218881ccf7866e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
406f6dfe371eef834b7d9a511fe4f42b

SHA1
7efc35e07996e22547a9b18cd3081b11e0a0606f

SHA256
94aec23aef21e0b4a848bb7b745b8debc173c497b7bec3fa6c6fd6acf1df6e40

SHA512
f476961fc4eb31f12f8b6b7fee7c5671a2ea57860c1e13379b1468e5c435d5b349c5813c555d5e83de0a6ad7c4afcd1b79539c5286e320ebbdbac20e918333ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8c05641b0c63dd6ba36f98c8f15bb475

SHA1
21356d00d3eaf65f31541f6dbe04e4ef8bec6d92

SHA256
c7b9f4ad41cad3acdd13a9eb26d7c1ac8f8813fafd92e771422b1e2967f4e4dc

SHA512
1c11d28005b8dfa640386aa52b61580fb8fa1f617a8b92d4883a2c5f143538b2d5529cae1e920db73cb08becbc52497b6b7b56a5c7c6bf4e6c96ed8504d11344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc6adb401872c1a5eba76a9e11fdd546

SHA1
77af78f5739c71c16e89a94321cd1b9244d53ef8

SHA256
2d836e8a330f28d59d1e1a4ffd5f769b01bb22d225fb2207923bb077479061a0

SHA512
1bff30b9d6799e7cf2d51523fd60273e5ea6b05e9b588358c75872f4ebea437ffbfc59edd8f55d86bb5802b35d50388fea9c505e58971b9c526f3bbf47fb2ac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c76ca9fc02ab49a00d6178e10fb9cbc3

SHA1
0748f2915a32ac7befa2a710fed67830c7edcbf0

SHA256
8363823a04e1580459cd995ad8f1d710ad43b92bd13bbfc36fd4440d439ca7a9

SHA512
bc173fe9d5465b7c9c4328067beff07297136280b5e10ec66f9e8e672f0d4f7ce2035f86b518f8beaf462b20ab2968f20afe4a08282826c3fce625adc49e3885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c961645eb25b5ab5b6faa7b9dede176c

SHA1
54a758ebf38f8599e91b9b5d60513b4b9000801b

SHA256
951e5bbe336b8f78e6af47da66391f711aa4aaf68ce61f4d67f12c5710b87c68

SHA512
b34dfef15733bc43b5bc11d26972d50aa3ccc0425e59a4e763acdfafd47c53e04b15cc7a9c9c10376b42444cfecc5c6623048ed79a908656593a5977306f9d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
a0b36499e7969c45ac809b25d863c529

SHA1
969298132fdb81238cec883883fbc5f3619091a2

SHA256
def0441b4fc628e3572777d546164ab8525efa58ec0698c46d2174c8650e4f93

SHA512
029ea66a1f3bb19b73d270070da176dea90564fab8f455ff12502dcaf9e94e93a63f35e522d724c7e8c9df44f9fbe6e3792a9ac6a677550f2c32539ba2b62a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f50f48c040eec6ee9921bcea5637f22d

SHA1
fb0365e3986bd0ac91a8dbcf67f6a5a40740b72f

SHA256
b321a2f551673c7290668eaae795151cceacc13c79a4313e0f4a75b1b2a61a39

SHA512
24b3e48e839bbe669fafce164072f8b8291fa6268c833c63f7bc1888767dbb2a1e52440f74da5921655fa0b3a82af2c85b617ccd7c175879e973a3fcdd4d14d2

Download Submit
C:\Users\Admin\Downloads\Release.zip.crdownload

Filesize
6.4MB

MD5
89661a9ff6de529497fec56a112bf75e

SHA1
2dd31a19489f4d7c562b647f69117e31b894b5c3

SHA256
e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

SHA512
33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

Download Submit
C:\Users\Admin\Downloads\Release.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/4540-64-0x0000000008250000-0x0000000008262000-memory.dmp

Filesize
72KB

Download
memory/4540-94-0x000000007476E000-0x000000007476F000-memory.dmp

Filesize
4KB

Download
memory/4540-62-0x0000000005AA0000-0x0000000005AB4000-memory.dmp

Filesize
80KB

Download
memory/4540-65-0x000000000A150000-0x000000000A172000-memory.dmp

Filesize
136KB

Download
memory/4540-61-0x0000000074760000-0x0000000074F11000-memory.dmp

Filesize
7.7MB

Download
memory/4540-75-0x0000000074760000-0x0000000074F11000-memory.dmp

Filesize
7.7MB

Download
memory/4540-76-0x00000000082E0000-0x0000000008392000-memory.dmp

Filesize
712KB

Download
memory/4540-77-0x00000000087A0000-0x0000000008AF7000-memory.dmp

Filesize
3.3MB

Download
memory/4540-60-0x0000000005820000-0x000000000582A000-memory.dmp

Filesize
40KB

Download
memory/4540-63-0x0000000008230000-0x000000000824A000-memory.dmp

Filesize
104KB

Download
memory/4540-59-0x00000000058C0000-0x0000000005952000-memory.dmp

Filesize
584KB

Download
memory/4540-99-0x0000000074760000-0x0000000074F11000-memory.dmp

Filesize
7.7MB

Download
memory/4540-100-0x0000000074760000-0x0000000074F11000-memory.dmp

Filesize
7.7MB

Download
memory/4540-58-0x0000000005FB0000-0x0000000006556000-memory.dmp

Filesize
5.6MB

Download
memory/4540-56-0x000000007476E000-0x000000007476F000-memory.dmp

Filesize
4KB

Download
memory/4540-57-0x0000000000C90000-0x0000000000E92000-memory.dmp

Filesize
2.0MB

Download
memory/6132-110-0x0000000000A40000-0x0000000000A52000-memory.dmp

Filesize
72KB

Download