Malware Analysis Report

2024-11-16 13:05

Sample ID 240826-qxzfpaxfpm
Target trojan.py
SHA256 b7edf054bc4923240bac135058249de85b62184ee75bdbd68bae0e380e1420bf
Tags
discordrat discovery persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b7edf054bc4923240bac135058249de85b62184ee75bdbd68bae0e380e1420bf

Threat Level: Known bad

The file trojan.py was found to be: Known bad.

Malicious Activity Summary

discordrat discovery persistence rat rootkit stealer

Discord RAT

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Modifies registry class

Modifies data under HKEY_USERS

Checks processor information in registry

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 13:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 13:39

Reported

2024-08-26 13:57

Platform

win11-20240802-en

Max time kernel

1050s

Max time network

1045s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\trojan.py

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\release\Client-built.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\release\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133691532057721338" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{1E40BBAD-1032-48D1-8160-794A6306C80C} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\py_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = ffffffff C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 50003100000000000259777c100041646d696e003c0009000400efbe02598b781a59f06c2e0000004e570200000001000000000000000000000000000000938b9b00410064006d0069006e00000014000000 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\py_auto_file C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\.py\ = "py_auto_file" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 7e003100000000000259d57b11004465736b746f7000680009000400efbe02598b781a59fc6c2e000000585702000000010000000000000000003e000000000026efd1004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\py_auto_file\shell\Read\command C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\鞺뭻က谀疺\ = "py_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 780031000000000002598b781100557365727300640009000400efbec5522d601a59f06c2e0000006c0500000000010000000000000000003a00000000004aa6550055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\py_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\py_auto_file\shell\Read C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\.py C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\NodeSlot = "4" C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\鞺뭻က谀疺 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\release.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Release (1).zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
N/A N/A C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
N/A N/A C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A
N/A N/A C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3580 wrote to memory of 1740 N/A C:\Windows\system32\OpenWith.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
PID 3580 wrote to memory of 1740 N/A C:\Windows\system32\OpenWith.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
PID 3580 wrote to memory of 1740 N/A C:\Windows\system32\OpenWith.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
PID 1740 wrote to memory of 3760 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1740 wrote to memory of 3760 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1740 wrote to memory of 3760 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 2188 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3760 wrote to memory of 4336 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\trojan.py

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\trojan.py"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8796E06C6ED5818084B90C85A53CF6D2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F1BF340EB6F7A1FA93F83FCB26CC93FE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F1BF340EB6F7A1FA93F83FCB26CC93FE --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=90B3BB6E7DFAD5613EE6ACC486E70B4C --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=91E8925E0595DCC5C995AC721211A246 --mojo-platform-channel-handle=1936 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B8D78A1D3CE928ADBEA388EAA8614E6D --mojo-platform-channel-handle=2188 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcef4acc40,0x7ffcef4acc4c,0x7ffcef4acc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1972 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1760,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2412 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4412 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4584,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=216,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3448,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3468 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4076,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3340,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff787954698,0x7ff7879546a4,0x7ff7879546b0

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff787954698,0x7ff7879546a4,0x7ff7879546b0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcefa93cb8,0x7ffcefa93cc8,0x7ffcefa93cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4920,i,16155597185047148356,13660183513647872461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\release\builder.exe

"C:\Users\Admin\Downloads\release\builder.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4348 /prefetch:2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Downloads\release\Client-built.exe

"C:\Users\Admin\Downloads\release\Client-built.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12855330387854646327,18296632412410824068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1

C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe

"C:\Users\Admin\Downloads\Release (1)\xeno rat server.exe"

Network

Country Destination Domain Proto
FR 142.250.179.68:443 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 216.58.215.46:443 chrome.google.com tcp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
FR 172.217.18.206:443 clients2.google.com udp
FR 172.217.18.206:443 clients2.google.com tcp
FR 172.217.18.206:443 clients2.google.com udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
FR 142.250.179.68:443 www.google.com udp
FR 142.250.74.234:443 content-autofill.googleapis.com tcp
FR 142.250.74.234:443 content-autofill.googleapis.com tcp
GB 95.101.129.218:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.129.235:443 r.bing.com tcp
GB 95.101.129.235:443 r.bing.com tcp
GB 95.101.129.235:443 r.bing.com tcp
GB 95.101.129.235:443 r.bing.com tcp
GB 95.101.129.235:443 r.bing.com tcp
GB 95.101.129.235:443 r.bing.com tcp
GB 95.101.129.235:443 r.bing.com tcp
GB 95.101.129.210:443 th.bing.com tcp
GB 95.101.129.235:443 r.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 210.129.101.95.in-addr.arpa udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.74:443 login.microsoftonline.com tcp
NL 40.126.32.74:443 login.microsoftonline.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 13.107.5.80:443 services.bingapis.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
CA 172.217.1.3:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 3.1.217.172.in-addr.arpa udp
CA 172.217.1.3:443 beacons2.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 162.159.135.234:443 gateway.discord.gg tcp
US 140.82.112.21:443 collector.github.com tcp
GB 92.123.142.177:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.142.139:443 r.bing.com tcp
GB 92.123.142.139:443 r.bing.com tcp
GB 92.123.142.91:443 r.bing.com tcp
GB 92.123.142.91:443 r.bing.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3adade63627a9291d9792902b098b719
SHA1 4a819abfda6deb994d16099e08a1938477baf71f
SHA256 f2d5d52f8fc4de62e4d9f14b7870c5c1878e2e7e8a342ea96aa68f64909aa8dd
SHA512 622c9ecdb9b9b6546b48282ef0df86bf9753e72c54cbf1abe2d0050f75bf3320a239378ba5117ba33c3e7cc8e5f4f99f635b8d0c54dfa609201ec958e4a207bb

\??\pipe\crashpad_3172_JVRSKVUYQLJEZWAA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 fffed0542be3699ebcc8c18097a032b9
SHA1 e55174548e880ede420e5233950559dbe913006f
SHA256 b715c9ca030982373706681213d7a8e11af748a40f16532e1c798d2c21266578
SHA512 d1f70743cf45f173ca81b1c90b9449f97761aea7bf91988a395067d453bf43624dc80d291f8fe240bec4464d734c66b9ecb326da2019b3ce83677ee977a93734

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 b30d3becc8731792523d599d949e63f5
SHA1 19350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256 b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 752a1f26b18748311b691c7d8fc20633
SHA1 c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512 a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 877eef3ecad29d55a52c3e3d33edb732
SHA1 1e12431638248a45ac175913d753b5c59f5201c3
SHA256 de2c47e4f096eca405f187a7ed13a5843647a87b29c4705a9c3ce6270f94e19e
SHA512 218076a70da4795af00d87892ca50fc26b9ec581a2f145943123d15f425a23b682058bd7ba35ea8dbfb783129d2b71d0219f72de4998181175c47a408fa3fc2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0055d7c3-7dfc-4980-8623-800970ba083b.tmp

MD5 76684588c30c525d4df057f0680dbb14
SHA1 68e762a1d931c303d7d1c99cca111e2117dcd7f0
SHA256 0726a536f47165654f0101bd99c7d6615bf72cfef73874715cf2212dd012efc3
SHA512 2fa290c02191e42e2262e32b0b448bdfa120ad5abe25672775b4e4b682179a3fbb7a1131e15550d941510ff271078f31566d5cf788ae12b7c7ded1e94b07cc06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e068c6c8cd1bbb3d40ebcfa35f56c72c
SHA1 f16eda4a93d9bea5d4cac569b76aea5e356c67f1
SHA256 64b0e8339f33a0dd9562909612d69594380fe689f27b84752bb2328032426525
SHA512 c2bc6bdd44518949d85a0d2278533a7f29869bcec340ea938acb6a9f7c264f2c25d30f800323a4b3f4160c2b491428b70f4b708bd587bb48d67624c37579de4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b7c12cd69dbbf84550f206145e5ed98
SHA1 e6e88062b037525b4a9a6b2fca705772e0a2aa71
SHA256 ca935f8f91373946e2a443159d707ae6ba86cf538d327e81550dfa811ec5d213
SHA512 70ee73ce39a5f5d014e2e37de92343861945310a188db52a775274f36de0ebbbe9da1557cf40a3298eaf17cf5f4feb3e2d7bdc6f4dbc92ab27c4a5c5687f6c56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 de5ca8a0bf34d2049afe7b1e60c3db84
SHA1 df1a6f67cfa98500109198735dc5e2cd23462da7
SHA256 8cdcf9d717b72784b857336bc7ecaea7a1ee3ba64b94d268a2c9e5856b148b14
SHA512 d953080901789a169da731bacbfd19bdf5e3a1668077cb1663bbbfdbde1fa3cc12544a3ed6b8683851b55719c974ebc01d5fbff7dfee6bdd63453477ce02b820

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 017cf029df700d3024c9dbfc55e26bcb
SHA1 0934e5c729ce3ed81386c51336cfda09ecab0683
SHA256 56191bf8f7b1c9c1a3a5b2cae26b9080bc40dd8892dd0eb42b99f1bffe3555d2
SHA512 074c69c29e70b658697a5e914a4bbaa45f9365efbff9f9253292e179e0b1b2d86e49bb6512ddd62bcc7b6363b426189415a3b21b266a57161c62a9b413376040

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cb27d83178ac3c3e32101f110b690096
SHA1 88a2f53da63b88816727d4d2e93bff3eac22b550
SHA256 21dd190119d2b3304ece7d7aaed9acbed5d48a955ce171d0796f72547aed4604
SHA512 585737afa51ced72b7018b52306d2c5f0717868e2a53a33542df6bca01e2d9dae66522f209bf11e53f39929b9c81ffc5482a6381af52bf8c948e64c33f9a8d81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b191da6a91e69b0f4af860b7340ba7f
SHA1 911f4772469046f4592fc5b5150753a141e3ef00
SHA256 bf711d70b8d4a1d85fbaad0e6b1844ca88d476fc25f95664a62fa3d705fa14e7
SHA512 8fa9f8b9c64c5e16c3a01a42c6e2d6b93b21adb447c94f83cf77878420eb37f370906faf29f90acb5b44a4169027bdb1e66a23a02bcb89bc9da19b02fefcfc94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e43240db1bb765a3a63f3087ac5bc1e9
SHA1 fd6a3c29319dd7e85c504b28633bff721708962d
SHA256 2df068ac81b0ec305ab1ea159a2a1d5027a6cd115034464b254d07ad48b0ab85
SHA512 8e7b169e446d5df5ca1c917d96ebaa4209172dadb25324067cd34631a552cedeb8c2c8c3e79b1f9da62ee8aaeabc464f3f6324cd011169c60b34e11238f96c2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 56c19a92b7729cd0811cf5ca87bbd390
SHA1 3f2991332cd0ec49a24022815dd1adb6f992be84
SHA256 c0579872440c07fe3cfc103e5754049b980dec3d31e948678eb2a8a997e067d4
SHA512 45ad0fb7213cd7b83a7f411201f9ac6bb4f5cbcf2d1c582d84a70c9f29ae319d0443239cfab4a28587a13b44d20bade867cb140dad033c339ef2dcd0ae50c4bc

C:\Windows\SystemTemp\Crashpad\settings.dat

MD5 9a7519f74f4dc4b15d72e18e639a8914
SHA1 fc8b4045420b5f4700136dc6be36b7931b618975
SHA256 f9acc136da09ef7d198f2ef094bd4806bed17eb170ba81b00d63bf9cc1ef715e
SHA512 b79ff87f113e57545774dbd07720e4d53267083d022687d7cb79e45c2c051b4451037453884d7effc4b7b5e468b591d715e6580d2a28bb65df1c7f29795b0991

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9f18f60c50c2580fba3e096d4d941a89
SHA1 3c2d3d94889942aebdf88f0896aab30d39a16d72
SHA256 164e14f823aa60bd2dc542248c601bc9b7bea73b41ae2fa112205990a85d702b
SHA512 56a58d0357686ae200dff2705b5b56ad62f9d1bac3b23096e318c9f29909b758f3dc608e66512b128a7bb98655f9e1a36f4fda4f7c438c68e8845d0a99e7460a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6ac9d70f16b52051c29a829f6a1aeab4
SHA1 f7dee3c92723f1c0316655861fa525fd1d5766c8
SHA256 1a8db79cbce867fec60166fb9f64ff7de6a08fac0ee0ca10fac484117dd08aee
SHA512 938f0e33b6f44a1f37cef379afd541dcf24bd6030ab15c9ba7f07545938ef53316bd80b245c328ae456df05154837797d88886771fb1e6be042d7863fbd59c1c

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240826134043.pma

MD5 d7bdecbddac6262e516e22a4d6f24f0b
SHA1 1a633ee43641fa78fbe959d13fa18654fd4a90be
SHA256 db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9
SHA512 1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4bf4b59c3deb1688a480f8e56aab059d
SHA1 612c83e7027b3bfb0e9d2c9efad43c5318e731bb
SHA256 867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82
SHA512 2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4ae6009e2df12ce252d03722e8f4288
SHA1 44de96f65d69cbae416767040f887f68f8035928
SHA256 7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d
SHA512 bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a5a656972b0982bbc46d3818aa23630e
SHA1 808482eea3537a9ec5899cf7a475c77f6901d79b
SHA256 e12f0f6dc76559ec9b08b5fc1435337e25d1583c3c1ecfbab70709cf6e275427
SHA512 d7533280b8db6fb659baec0ac1cd40788e8bf1f51c64806cbf4c65e8a0fb969ee12c72884090bea83495cd170f7fe7a57f558885df993da3f7c926d21363cd68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4efda965ccd28df55c3f0526f87ba620
SHA1 51f64ee7a8710b85c899860659fc32f3577e38cd
SHA256 561b2f6467380edf0c6b86ba40527e5b9cb3f7a035f5f0e8e6466dcdeaa43064
SHA512 386804f013c6d476a6a5e6cadedfc84ab2a873223a71fc70ae3012f94b43ecb7bc681ce8bc20764b0147b8ed379ebb3422815382aa1f83c2c87d2a2efb62b7e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ac16f60a-82a1-44f3-b83a-010a7e81a23e.tmp

MD5 063398d80b89ccdd4a48e3c0d20ed2e3
SHA1 b18d3fa9da9ed007d0d139e5551b8d9f2cc220ff
SHA256 5f253b823bd1d80ad324e3d6175112839a4a2c0d5a5ac9d05be27ecb29dae92f
SHA512 d15d1b3f0d796873216e02143accbb17663b1ad720b47a0192331432887219972b28dc6104e2d94546fc32c551c8520f799d145bbc700847f53f6d69a9eda320

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9bb678aaccbe63474f743efad63c5248
SHA1 c819f420188610e22bf8fbece1951473c487d88e
SHA256 d6626d324187452569b5167d1c1c08dbe39cfd48d229c46f47afdfca3973a5fb
SHA512 e286dbe48919f10041e45720aad4fd56e5582eef8d13b724196911ffddeb5f2085248ac1893a3ee55b756ec2fdd29c456a735b4cd111ded6dffbc4ef082383bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f056e25a5484c04b169b68ba1b7baade
SHA1 57b89f850fe8356b5fa838d69069e9afacfd837b
SHA256 a05af70675a1a03e7e72fd8b9e47c046a9059163ba73469ed7a12c2dec57ba97
SHA512 31ae6dd7f7aede5294050e9c9a2e982787474f67aa7a0f503cdf528fa2cb3ba3a379459f3bd89c093ee4ddcb041e4ce9c956349c4134e27e27086b5f8ea316db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b0b4a5c91b8d92fe9ad2faae50cde4e
SHA1 8ca664c69eb3567deb8e3317e8e2079c8c8802b0
SHA256 cbf9cdec051dfbae5673583ab271993729246e53f092a44e917945b3581305e3
SHA512 4b2c4fe545aa28c4fb7897d101abfccfe71212ffa349f366b4481cc356e301599073f43d6309ee384d6ba967631c94f25650359652cdcb51b751f63037be23ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9b8aa8f25f1d1edbbe2f71aab31892fb
SHA1 726b2a1bff1b714dce7949bc6918938a57e6f84c
SHA256 c43195ccd44c7556fc44da7f7a84ecf1620c7d1893dcee0c56a93515c31b7196
SHA512 43d7b0cf403d9223b4babeb6881f946eea1c5cbe8325e3a2ea4f92d21f206f5bbcdca7ea49b902263e658d2f636e7943c644a9d3a32fd0b86dc12bde62d1d326

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e82dec84e56f590196b666146dcd9cc3
SHA1 162389003bf33bb3dc1602c8daf53135d81e3a3c
SHA256 d26750d741ed2ac6f141b32629b2f41ea2da7a0e66878b5a21e4d03fc7d1ec15
SHA512 0981704c19639371d984338a525efee0d9bef6c559eb30324fa89ee53baf089da81a0b4515f8e7cbfa57263466feba61c1ea42ce2a98b72856e7271dce935057

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 782a5d9fc9af3d3b74b795d82f2c0421
SHA1 e2bc23fca9268b2188c1ac1d4de2e9558e675f3f
SHA256 ffff2ced43c3263c02718b2fc90874f1a7eb9759620bb849d35be2aa21dc5925
SHA512 ca899a913a385307422e8bf500417bff05f977c10efcd636fcb26f8832891d1212bd6a281d6c5cd0f6d32dd7edcd5f6d6903b57121820d6baafb5b40c7a79098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 457c80fec735d751f2e29d5d5eae2dd4
SHA1 fb377c1bf41c6866c8bb5d649c36b19640e1bbb9
SHA256 6c466001eb16e404d658f56cabd604f3d6c4827fcc116699f571cf896ff2e541
SHA512 9d03214a097ee8117dc834789886a510a593f7a41e7bc5dac12c7f0c45d50788457b01d22dda51901293fbb954c703d85b00f998f5cbd96f8a78a41159b271b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0876bfd95872bd8caf7eb3391dd7cbd5
SHA1 c059ab647c18c397bcd86453059e6cea843e7ab2
SHA256 a3689613cdb32b2898de6834cf362f874794007ae28b22ad24dae002c8311df8
SHA512 2019ec897161c95d41ac90e24d8bfb2ead01d2b7a6ee245773b7d4311f00fa353d888d93ed9154b6e9fef85e707fa0c83c7ad1cedd3f5db259cfc4410ce736f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 05d8d269e4bdd39738aec9f993cc5c79
SHA1 a9cf0b690408da8601dc72fe0fe1c6e5733f2267
SHA256 74f1f89a82dda9848e07bec3c9038b08da7f94e9fab4f7700aa6507234d926a1
SHA512 594c4e9a99f033875d293d0253a27cce1fcc8a4e370b21c9fca61e3d8799ca42387fdee41122d8c2f92bb6d95f16c7da34dc1df5b264a0348849798f602306fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59de8f.TMP

MD5 b22db31e6d5c5f4562280b51b428711b
SHA1 ede5f8ac85448715fae2e9eb68b9eb127b9108c3
SHA256 491d67fd73a0b5a66c087b313c42a7c150df0a669de62d236773dd657891e589
SHA512 1f76967e1a0eacdcaea246485d66f2e4e690a1beb702e711dabac2a58400b2852b0571f4fe4ab347ce4473accdbe99a6e89c014b687134487f63a570bda4807a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e9eb0f66c3d2371fe9c27a9a1a622f9
SHA1 7434d672e43d40085bd868b07cc1253d2df515db
SHA256 8f8fb9ff80161410e4ed254db28399456724a6466c4b2fd474777494976a1951
SHA512 4feee7ba0bee2591dc6691c2d402c139f239fa9cd692531533685841b5ddd292d2d9400d39202b1c79eeb47d96a2c698bff6b911a40452b16171d83e7a91df95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3b198163cd7b03ce497429bb27f6de68
SHA1 3487e71f1510010062924507aa25d397e7a74ad9
SHA256 0ea837d05f294b6d8bc3e73319794ecc5e22cbdc3de685571a46e5086aa167b6
SHA512 4ff566073324935b294245cea6db4feb8cac3284a1a70789fa05d27d7a4d04baf193feb0ec7109441d55bd57ce01b403592a54dba5917d53f852762e53b883bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 06a4fcd5eb3a39d7f50a0709de9900db
SHA1 50d089e915f69313a5187569cda4e6dec2d55ca7
SHA256 c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97
SHA512 75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

C:\Users\Admin\Downloads\release.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5c33c93775d20ba0c11dad17b8eec3de
SHA1 ca8bdc69ae7698e2174cea141cfca4e4ea3af4e5
SHA256 bb322772db0bc56df3c008f6b75a27be8ac242b487b7119743f9988f8739d768
SHA512 108baddf80f1f745a8f2057aad651ed05fa7fb0b2fd3fd36c5728de9b865378c627e639f00276a2c77f61f19dc91705ac0c2ef0c34248e892e0bb72ffc02a2c0

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1174f3a75e1a000f22e3030ba57b9cc6
SHA1 2b779a4243befaa010c738e321893c4db93649b4
SHA256 12ec1ac37b8f40db1760d4ee9108211b9fc9dea5ab0bcecfa30e130a686cbbf4
SHA512 8309790c75783fa4d34b47280cf607cb1021dcace84ddaf82e1faf691d44f0b02c40612b5c6c4da23c11377c8075bc305303d5bae8de75f374e9ac861951bfd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b2552977be19a29ffda957d61e7d222
SHA1 2c88e6d5bad5f8eefef4a46f1bcb205a008ee232
SHA256 9036ee985b2ec0c89efa806b775cf20c060e788c89ca0f7010f6267ad7f8d935
SHA512 05f4b9bbdf3da28014c8604433f5aea2709a4648bcf5374ab5d875199f2dfd5d04ddf768f855b08fac37791b6fa274aa3c3f13629a3b908ab7aea0c1f780062d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 205e2150402fd7e7507fac5b9a026512
SHA1 25db27118b4ab9a32fcbc08405b94b27ad3298db
SHA256 392b366b49d5467506962ae0cebc9efb7f2acd7ca2f519dad3973b92cdbdf1b6
SHA512 f8221943ed7258a13c431752db7aeabba0b0527ce3529266ea2b77e7eb22db8d9b4cb69d15250bcfcedfaeeed42d3edc2496e240c9ca71f6b2556622aafcc656

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2f241230755e45759357c1ce71e15429
SHA1 57caa3af5f8b7964e39e3db5b86dc7d2ab74c5ff
SHA256 c2a6a8b126c0f6f7ed6404e5fdfce60469978fce1b1c68f37f19299e2595a429
SHA512 6268e80a74034a26e6bc1fa23c306196c9e7c2bc2dc5165696d5b0f469ea5655f97d970a91bac03f8d956ab8b45b69a9fc9e2968e5f7203f13101fda69579c9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9528b6ecbc4477c409b3596ea8afdede
SHA1 690ac8a76a130f1dfde3a4b1b2f56efd132b9185
SHA256 b32e880849762a5642cf873de0f7667e065597bfbdf7b256c21ace42167a7bd9
SHA512 a1dcd66d4dc767e987950b89a64c021960d5797a468654f8d8e0c2a22bb3700c6568d0a5dc1c61293cd7d7da6bdd8e6822bdbb774a9f317d68ec81fe159fd7df

memory/6032-884-0x0000000000040000-0x0000000000048000-memory.dmp

memory/6032-885-0x0000000005100000-0x00000000056A6000-memory.dmp

memory/6032-886-0x0000000004B50000-0x0000000004BE2000-memory.dmp

memory/6032-887-0x0000000004B00000-0x0000000004B0A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eed995bcf3d49dd2ce46c18621e9d66a
SHA1 9f0e50202b26382e40aaca264a1c29d63bca47e8
SHA256 945d60e0225efb97e5c148d3ca0c350f02459a14cdc42b98ba4b7de993104d7b
SHA512 0a5d98d8024c319fb5004122ebbbc77897a60eab76ccf3099f8b4e363c806d09f6973a8804d529a73859616178d41c038d0029214132fce4eadbf22a4a6045e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64b8eb0d8bbbb1af41fa0f372d3f824b
SHA1 cd5a85dc4727d5f47a29529a00a96c9165440cd4
SHA256 7221f5598947b6c789a175114825e974cacac474b7b21008207f975817705b5a
SHA512 5b2ba0b6a89839f79c6e81f4c869183c2c410ad3b9b103f6aa4d1f5d6a96a4aa03b67f07eade1fb49ca6303f0f1a154500bcbd92a65de9fac4f6c927583536b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec37050b6258a86bd81eb65ce9a1f2ec
SHA1 7500bdf35b72c847aa51d186629d7a1943937a30
SHA256 587e670ffc0e6c07e1f296458061dfdcae8ca61b0ed164772b5b0c92367f60e0
SHA512 83b5f002543c98822935bce222d64d22894d092b7cde02e8439a21b0bb58e798c9046c1fa1f625069e8361dc4438cf88241171e13b0dd01b73b3a8067f334214

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bbea67fe65f7fbb5f04829195f98088c
SHA1 b35155990aec057702720953a681e18cb980ac8c
SHA256 51ee97b526143bcde292c1b12c386a2eb96d8ba8436b41a58354962794f0bb34
SHA512 04132789e43dfb1bca71dd299978c9765f85c02db36239fcf2c680762881ef421640e8551c6f15fd71d30afd1b53ac8e6191f12850ee2d364b932f3eb3ae12f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f0f2d195ef080c1b0d4ed1a0bc2fdc61
SHA1 f19c9dd8551e3e6e6f563f12645bb727e7444f0e
SHA256 3ea99545bf6d4a28ed14f62bbf6ee4b7cb2590f827385fa756572bdd73aec022
SHA512 7b6b9cb736a5ae3740efa25d831884b387c8321c60e07c009acc5482fd34320b387a1032fce8cac0a29b95db55897afa029687706d4c148bb13330ce1624b563

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 45ad3abe746271b66bb926f3b6176b97
SHA1 215a3199027911ff401e11afa3524433d59e245c
SHA256 91e148df30cb1a871dc240e3c01e79567ea0ac53a4c2979585168d665ce5a43f
SHA512 aee8c10021016deae3b3a6ae006ac1994934cd63110a493e062126e41322f2631544595ef8e47b47750ee96129f92c58194ae3cce3f70150d76c42f75a2c6076

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3bd59ea6f7c25973ce3459f2c528bb16
SHA1 afd37f496a579c7480b6e3c4c8c90648d08ea16d
SHA256 ffafef252e533db10c54fa01acfde49385261bb1e2732a3bcf2bed2f90eb19c9
SHA512 2c2ae5c69a2c7516288d47416689adf10ce6fbe333cdabd42b982dbb6f2ab70a2e0c643e1bf966829d9ff2d3b4f44dded9d72af35e1046042ab129a2154afcc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a93c69cc8ebfed59544ea1a71708c8ce
SHA1 698e82f87d5e211670b9d6164faa91c1323eeddc
SHA256 6f8eb5e2f8a3a67c380f85f900288b9c4454f8e88de99f17985f9f632b2aa6cc
SHA512 540345157d59f922be39958a4364f926e9e4681b9f20cd7ab7ec0b3a3e9da25194169c0a3d9bd12118cbde5556da92e93de45cfe5cff01df180f1840f701bc29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 67438987c95151ff3520aeccbb001317
SHA1 60f1fdc5ed5eeca29fa02986ef7a081904bd52f6
SHA256 133d2580a8067c92e86692a7dd4431a881bf359f0fb982001a0302d55e0f3827
SHA512 debea4ae06a8d13f31a2b91917ceadba80808d0b3e11e58eec6e8c93c27053d5cf826d5211fbbb15c58c97c778baabb7ee3afbc41ad071b99490c735fad2508f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5854e43c6066b26fee0c9f9ce27ace80
SHA1 feb53d2d0684d9df5bd3e7aff31c8c5d8fcec3a7
SHA256 be2f9390156078832dea5dbb51c3f023538e52fb920c4365ef22bfedf80b56fb
SHA512 026c489385a68847f18f565941bc7e3b61c94d1faa2f00720aca3a3182943e9ec2af1fc5c2cf5fe941a5c2636bc1e1284c89946babc53726786be5b394c5c608

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 015feed368820dab24c099d06c076901
SHA1 7caa9981e25b71360dbf77933743034b68e37da9
SHA256 271f071bc559d79936698a9c69bb48cb632cf777c8811e1c115af8a8b3133fa3
SHA512 819e60bd886599e46e4ea290b852123832d1c91be2089f8c358c4ca840273b37d2a30c13fe7815badac52113c71d768270ec5f822f840408e011c9869d30f970

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6d5546a98d6b55a268ac1a633df6b0ee
SHA1 0232e3b73ffc1357f929545ac6d24b4178dcd63e
SHA256 fd48d4f7e4e2524afa5781bbd6e350a6abb072fdc368198660fa2a3353eb2914
SHA512 33342212cb37fe33f23eb9a178ff2ff8d4c17621ad99487e653b059ca28bb22b2c3f5fb71e175b3982e38ebbb7deae025cb85543fd42c9bb680f3c5edcda30ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1494e42bebe5b5f599d5d82bd85b7e1
SHA1 ae1a9499d03d911b0db9efe7ed54a2d78af3588e
SHA256 367df4e4f8c656c4f17e4de2a8ba2bd69dfa858d63c140820661b1f7fb841633
SHA512 5fb798228274fe161889ffb75f32fc7e0a385e7defbe4f4e902c4337092c467b1b98755853844baa2831a54e4735011a54c70f0d6fb0997818f8530f718a8561

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ba0b8b894bd20b8bc5981c0e963739e
SHA1 5af4c2767e8a90c06526be9130eb5213c5bfe7b4
SHA256 afa8f526f447cbbf8e71432259ec24cf5e51bcdaa20865f040ff6c5b5e1a8591
SHA512 8c88505d2d0667e3cd88f54149b208dcf8e60245005a033e9323ea9db692f556ad409a9a75f34c3658e8e5fa4701128479f815757e6ca26e78dd5528699b57f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 416945ef0cb14d4c245a1158253233d4
SHA1 64d9a795c224568a4f465267e4e71f4fce17a9b0
SHA256 b3882d94280e4d2f57e461b14bdd5f2f0887530336f5fda8dfc9ae5bfafe19d3
SHA512 30e96d03fd33ed37a568b0f7ae532171e29ade936b433b7d67439361adc29c3bc72f66007cbe11aa5912d0197614c450e8f86fe03e20e4b1b58cf93e346d64cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6121d55a553f3b8b29654d6b7e0d027f
SHA1 36c987958965f85a3dbfa16ce36df6382a2ccbc7
SHA256 a188d2e240419781128c89e2021b6048d15ab269e3222d15ee470e7fafc09e70
SHA512 bb8384ec29150b77d638d5fa6e9cb9b8ea58a2a15d3d25b5b07c0ee16aa8683054a3cfdfea84c5ffd8e7f5ac1562cd21e4e5139773698e0dcb4a4d1d56dceea3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a14a0faa028c0d61ff06f701c20734b3
SHA1 c0fb8f454f90c24d0de69e930bd7b9c784e1cbe3
SHA256 02c8429037bf14942576d05f3aaca804f8c705188113bb6186d2d09277696e91
SHA512 50ce0bed61121be93fcc2d0aa6439665be9f70b7b39fd5e50d7a5bfee75323b23196bcd1a4ea437d05f627534c3c9f33effcb4e3bbf01d0a28374f46d774a3fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fa6e2a2abe050c2babbc1a62c7d07001
SHA1 ea0986404eb44799fe74979d4da94abb43a0153e
SHA256 f005ba5e05660c859b6b1b9d9402b8004afc4f63a679031cb6de3b58558da7b8
SHA512 58c09f5d36fdedb51aa48dacb529ded027a1181da340d7bcf7f662aa91dd49f12347790f4076c15843b4f82cbd8cadc4db9c8806cafccb1290d3c3f9f57a364c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d660cf4ac4efdd2d51d9e2202231162e
SHA1 3d9ae12a87d39f3429a45420cb83875f9021f9a3
SHA256 2ca7d082739e5c4057f30e1593c6ce44652af2c5c7aab380a39de1d46e67c5f3
SHA512 f00928a6d306543a846d16f8692cff7601c55e1c04a4b83d5e13fd4e5d0f18ee0a048e600e792ced441c8d4b7129a470b2a9cca2313ee64ef29fd51716cbbc69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 19260410f913d1a464237f448a368338
SHA1 48fd7cf9f132b54c09e8958d95995afcefe55ceb
SHA256 4f89f9406f06cd0422ca794e302d79f67ffa667502b63ab34d5e96de0d253923
SHA512 ed9211adb44bc15ede74101bb4435aaaf3662a2a9d9d0d3ae384551d04bc818d2765ba556319840b1118e525478557b09d24dac3c6ed07a7b51eb02d9090a731

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64611a7c177090a64cf8121fd33f388b
SHA1 9c020e96a26b132b3c0f5c6341f9ef5485cced90
SHA256 dca30b7d321469463428490cb5a3a20ac061959adb7957de41b3ea32e1dbf0ca
SHA512 c967cf39cc1f596cfb41080bb4f525f93da4a5f4f1005f299250bf065ff0c681cddc2f479c41dd5452ad887232695fee486c81b56d727a5b14857e31628549f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e506a99e85a9b0c8b9a4cff1bbb93dd
SHA1 e5917baef1af26c537ece4ede25c0a06009e877c
SHA256 e014a8c1bd371f66a2841c6a80ee602d79771e2649edd70bf9115f6f38d6b4fd
SHA512 dfe781a3a1f2e08a473b8105762410e024dc156d15c78b159e5474b81aae547c3e7fb9ab0123d75ebb37bf49baed17ac972aa704bc3397d1f1e2f2e198c283be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd4cc791fb7221a517916be2316929ab
SHA1 ff132a941389024ca24d5d732d9173508690e695
SHA256 2c3063c6400e24ee154495c02a0bf6a21518ba0e55917090f0e2f388dce2b876
SHA512 8089e43eaddb6764ebfa7712c8c42d7014f3dfe1c3017152942d1e463c34a9acd0f4fa946e14fbbd693a63b4facdcafdb75960d8e0d79161071286e1e1e12b33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 45a84f4d9d47feb5c8040a81e263b1b8
SHA1 b4b6742d0044cdc230d3430041e85f26d172f177
SHA256 c2159670aac90a29b3dc8df6dc0ee465753d1edfd89bb41ffecde7935e60177e
SHA512 64d08fcbbf5a19c095da9c667254f16355bd024a6f435646ba07691fb19af5c16fba8694a6d7041194d5bb397e177da34612421ff67099ef5085aa4f6ae1d180

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a926100ad8dd5ae0fc2c83e05f60462
SHA1 a5bdfbe183d0e5da83197ebecac99b6fcb7e8be0
SHA256 191c4e39619a09148fa7bf58d625813fdbbecafde1e12a62e9c09f4d7c67fa73
SHA512 4dc19d087b3c0a07bc274a9bd646b39f7b72272058443fef9adfd4a152015a271ae939ae738b15da5e4a4f5615dfe44d959207d53ee8cd637ca6328ddc5451fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 799fcecc12fc8869b17dee91866f810d
SHA1 7f2d69a0f2d4905fe17e3cb0be438edfc81b2b72
SHA256 7ac83f707ad40cd4bf9905d90caf59f56457014c914f8c4d1ab60b1e92cf5d52
SHA512 63bfcb2922cd6f8fa9c6e1ffce608ad2a8a1e00ff92efd541c574dcbd4a6dca51ce3226db29605fd6c2d5ce3ac6c9954bd646beab58d57501848a9baefc6d218

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fec83c30e70eed9e60ccf3ec3be5792
SHA1 3384051928ec0723518821c33a85f1fbaf733842
SHA256 29c0ff4adef92581885770961ae8dacefcf7177a992e4c9e5e136617f5c82f76
SHA512 e3642969bf5e05ff7dff047d3f10a6f659a56cce6e7670f53dd46e9a7045d609d33bac74f10a985e0019e3035df0ae4aed6d5cdd46c0bd57c02ec569da2c9f4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cdf99cd75ac07123cfa1454aad9db210
SHA1 2d4bad54a131df8884c25b27f2a780bad4eb1bf5
SHA256 1e44be26cb3a3ce090d01188d9eeee85a6bfc4bc47d1c7177b7986c6ebe70336
SHA512 323802b43fd4e4e5fdef5ef35cbca6a48c7c5e1fa20db5245bfa82af3fc5ac698ec667b1ffa20dee1bf08152efa453b612e7b806839ac0c4a2da37074e2b2c36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0d596c147ebb0243885dc75b98681cc
SHA1 8f9e3e929a65123525cb9fff256f95fc965ed106
SHA256 111b362fa55f2f62140fe1008876cd648a53fe95f7a74effffae4271f0d5fe5e
SHA512 c0e3561e057f8713fc6c4ca6533f1c9c03d9866f28806249727be2334ddc2042f461e81d6d80777744c5588ab5b3f0cdd76180e7ce34a905215822a85b2db710

memory/6032-1162-0x0000000000910000-0x0000000000A32000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 78be6e8e70ad8f146e5d3527785568f3
SHA1 1463f66315532150fac4004a5fbedb8a39eb90f4
SHA256 6ddf1f735a9c1bfbaed9b645f7a3823a453bd856f53385a99d8c56f60b1af102
SHA512 c7fa3fa378500375a16b884cdface96bbb7bd16cbb3a1aad082824f5bc2ac051815353eaab4f8b21326449b169e76fa4b54a2b95e2f49ae258b26e26165c7876

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1147100d28f97f5667ad44e97ea075d7
SHA1 7be8630bb678c673509469d47cbd8b450703194e
SHA256 d1cb2f01270940a9ab76e44b0a7a6f2bbc9ad01180b0b33ba3fb17ae7ad23692
SHA512 66c2e79a5f26cdac10c68b867c21a8cea3e1874b2a5ffac739fcd588000af9501d88ad90c20d943531e4bd1b4ab8b3e2d22d541dad2373c896644cb0c4847f2e

C:\Users\Admin\Downloads\release\Client-built.exe

MD5 9da4ddece64f066c9a6c96b9317ad82b
SHA1 64606c90132bba0daa54edfc797fe0a16bf14557
SHA256 6206d3439f4b9e25a96c96cd15789469601ca5449cac239060ff34c789a77315
SHA512 a387e0d48ffc591796de95e7a538a6e9bfc8cb43b414ca3245c54daab6ccad706e6268028882e80e5d6dfd12ff9b6e0b620cb8d1dae4ac3915554def845b83cc

memory/6004-1184-0x0000028E36260000-0x0000028E36278000-memory.dmp

memory/6004-1185-0x0000028E50840000-0x0000028E50A02000-memory.dmp

memory/6004-1186-0x0000028E51060000-0x0000028E51588000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f1fdc449341cc1e0251dbff3e18f0a1
SHA1 94a6be07d4b2fa2a0b83f503963cbb0099685e15
SHA256 e14984505588987c310c6b79c461cc758d782c79da081becf39363e46de43f67
SHA512 18cc5adbdf77b197a6d452c3c6e9bc810a1ebc2faa046d8b7fa6e4f42cb9b7bc8edcd577591d46758b08814f218734a73a03687d2564971b3af7b596a5c86a67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b82db048d454f612c20105fc5a958095
SHA1 efcda1497ac579beba2b117913498150c50853fa
SHA256 7113b4909231d077b9c326574cc5bd3c0f6f779bb71272307408ce59759d837e
SHA512 e0d93d19ef000cced1cea5cdabffaae50ac9058d570819ddf008f61280218e416d23ffb3efca03f69a89c3d33920b0c6bf64f5bc41143ef04c4edaca26242777

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f891fb749a6d6bce75b81a227ee9ab61
SHA1 6b3840ab027c8192dd2c8ddee66d87e0aa008615
SHA256 4039b74a66241f7b768fecab3d6b4f314d34450671a827c979b6299341551cff
SHA512 da4dc9bb4e18e0cd3dfd33033f02187ee145d63cdff6b846cd7f3a6b795e9f135ab0505fc30d7e3ff8b3a0892be114b3d42e225a8e5376ba30f0b15c62d89315

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba1212bc1bd681480cbd90f7fa9c0536
SHA1 ce96b675c0d92315f9539c31dd9f1f994427f1e6
SHA256 00f504cb14b9b94292fbf1d2f9cf4f2174c180994e4b9a4e586b5b9baadd6a06
SHA512 9cff5eb74fa0dcce9fc66252892c6da7a4fdccbc14a1877bf5ac25d17e1fef843ea976097e49ed8e1aaa5eb23af7afa49d5326cf5ee4933dc715905605040e8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b587c8c43e881022b3003c4279a217c3
SHA1 a0dd5f7c75354418ffb5a376f41b491a32555233
SHA256 c3c52724e9a4a26199c59994ccc350168a96d9272ba6ace95fc575d034ffebc0
SHA512 92e53cb5012863703db68d5c2d9c6c032190cdac5120111d9dd66e7c5f2b397e7a6ae4e0b68ae9ba7d3089f48997b3ca6328669ae544d78ca17127d120583623

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ca88210e9952a0f640290e01ba01d7a6
SHA1 6a383d9bc08216ec6234cd16ec153d1fb5a68981
SHA256 118b82c8542c60110ad00883ebd4121acdb301db790f5bb18b9c48b4e568f861
SHA512 1494c3695721f915d8d7abaf1bde5c63a2b77f9a67d8f841ed69f3ebf578e3d037b051a5f349e22c167e5e9a13f885308350697a6e6e842a740c20875040e5e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19fccc470c014d61bf0a67a22aa7ae48
SHA1 f72d9a53e5268afcd5117afd2f39c4970dbe5264
SHA256 852e814bef49e9f964cd6c736ecde325960dd248685210b9272c2dba051b64f3
SHA512 c5c7686625da2b6b31e57f4becd0e72f08a65f98afe7e92c9d38f82fb3374f887517bfc9b76de8eea3e8401d63c4a85ca7f8eff576bfaae78bb67640c33cb6c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dfbf7c61a6ea62059d326f9f09a5f856
SHA1 6869f31db32b1bf6b1254b2f91c5fbf3ff0e5ca0
SHA256 f7cba4e13a8b1897a5d8cbd384915b26cc675bda6785e14d691fb490a2a48f5e
SHA512 bb873bcf50f56e43c6460b08718216da25f55ea5a60034f50971719a2cb92504870fbe19843fb5190427bbc998ec56822b91cf4645860fca157baaa45ffe0db2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 37007d613b3d20cdd294919ede26dc39
SHA1 81601adff84cb47834977dd7a5d735007dd2de6a
SHA256 ca486cadbfc76501853902c88d9884d61830d5c161e14cd21b519a60b10cd79c
SHA512 6a60f8cfa09a688d91c043834053d9f26301c30bfb8dc6380affd68cf4b1f291fb6dda8383b83b4b6182566d1d907578d94fb6c78f453c2aaff931b9e89e47fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 60f8cd04587a51e31b51d1570d6f889a
SHA1 88574c41d0ab81721b275252464da5c7927a4835
SHA256 27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb
SHA512 84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 ed124bdf39bbd5902bd2529a0a4114ea
SHA1 b7dd9d364099ccd4e09fd45f4180d38df6590524
SHA256 48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44
SHA512 c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 038c1f469deb6932520d09a340856ebc
SHA1 8b361a8c0489b69e9ef4e132e36f20c161c5ec1e
SHA256 5fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451
SHA512 fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6d29497c30527946b4ec610af88aa220
SHA1 4f2194d2b9afc5faadf81d172af9341a0cfa62de
SHA256 f2c0a0709d2977f154378362f41fbcabdcad3a40643f07ef2ffb993fc08feee2
SHA512 476e5280b87b58d8765bbd3bb886ac740413cae05d7b1fab26949f76da301ae9cb4ca73dd6d0fece055ed1ee098c025ff7a7ec1ddd3c212b75fe6c4e4a4aa665

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 2e23d6e099f830cf0b14356b3c3443ce
SHA1 027db4ff48118566db039d6b5f574a8ac73002bc
SHA256 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 281f6b71226be2d9d86f6a4ad5e7ecb1
SHA1 a862a03225266602a9530b1dcbb915f291a9f18d
SHA256 de98e82232366ac7fccfa9e9e8c59b0ae78a2749f583e7d94edfd12b988d26ca
SHA512 d4d8feaedb1c17b7021df92b0ae4272916e78705ed7c46cf9904831e6f0162e3958da48ce3dd4f9471edab5616e5fed5a1c804ec99683f69ed3fa76cef63a0fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9695f87c8490f6acd0b595f6ee665cdf
SHA1 1716658079fc5d66930f665e545199509d739474
SHA256 4f1ce7bed2f7dc8384c5781ab2ca7f54541b225f098b58eb7453ebe913687a7d
SHA512 afb92ffe67ca070bc8fba06cd8440dc2c4cbb1b138bc23b1e384ca8e2ee8b093f8250766effd22a646e955a8623934f8bb395cc7ea500ca7bad5cd6aed250c77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 948a62fd9d05b5dfab3e86e8318f8898
SHA1 657d0a14ea8ada83c337926ed980292b3d9ae99c
SHA256 8289b07bd40979a0cd5bdb715c2af045da07b554e959f66deee9e3b094daef0b
SHA512 279fe4cc544c47778f4a7cd2ca29ba465476df21dcb10e112a0aa714133588018636eaf1d54eb34bb00aa15694a892dd5b2933532cf5f1956431fb91d3e0f4bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e26aa19903a511856a1bb022e90f5216
SHA1 93578197267480e98ee443a6b734610ebc2518db
SHA256 72546c7fd7bb78bade26edf2e831761b47a671e5adbc785173a4cac09f26a57a
SHA512 3602b3e81717ec49d5262dc057c17d581fcba81c969aba3c398288e4c387fb34b7dcc1eb6e2804e5b5885df237bee291b7bc18aa2023a44bc31b1d6d362bf2b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f75162f614e484d359f2b55a1cf7f305
SHA1 97f9bdeb14498a61d1f95e6664ac582718750d6f
SHA256 921ee3c7653f8aeacce019db7fd55bcf752fafcf4f7289a9ece26f015464c036
SHA512 a1d2dff27790f89de0059442cc57eb7fa7f51cb20b6fd57d04559a1f4017d8ba6fd162c2385623973960143fe814ffb296164ae29fb3d8d865e569fdde7cf965

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e336b3e1643b7762796222576912189b
SHA1 c1314ef77124ca6f67343fd28d7a11cdfb5f2d3a
SHA256 7700c4ab4bd8363e152d7902b6a031e4ddf4c3f552a71a0b55cd6add65a012e7
SHA512 7cefd09faaa80929ec3f313353ec00d6fff908b5d3dffda23587cdfff400a0c65bb71801d52808ad4003b085441cbbb9ba958bfd7af07626780c7502aa2d4e8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75f6a3ed36797b1a2ec695de5cc5ec76
SHA1 cc48fbced35db2af4f873a4c26e7328a3008893f
SHA256 b394400505de69178aa01c6d444f15a39fc0eb6ec45220b8cf2010c4f2bf7142
SHA512 f3bd6091acd7b9a6cf7edbab308958566254d03b4ad55967c0e66e707261af055480c00722e8b009cc3353270e1e519a3d7b763569f386946f76d69a858097b3

C:\Users\Admin\Downloads\Release (1).zip

MD5 89661a9ff6de529497fec56a112bf75e
SHA1 2dd31a19489f4d7c562b647f69117e31b894b5c3
SHA256 e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd
SHA512 33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e61dc2c5afee6e7ce08e7144c3f659d
SHA1 6e015f30dcfa199a0b5595aa99529a6659e6e90e
SHA256 23dd995d935de304dcd70f8ba989bc56087df5c35dd009caf4968abdf843b44c
SHA512 adde7cf338c963cd337c3fe1fb9b4a7020a6cd40ba97b6faa39a355befd6bfc4fb15a0a5f1ae9bf3f8ee07a22285ac9fadce56f1831c0c48b7aceb4b57073521

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee92814cc0cfb5e221da8a04ab0bffcd
SHA1 fa492fcd943bbd5368822e9289f7e00fbf82ec66
SHA256 0161d45b014c72ee4e2a891a7d153c6312d38fd1557d7ee74d47f75a1d4650da
SHA512 4c0e18146de4e2d579f2c01cf609081eca532e8c930d7b8c76c2a45bd7c866fadd7e65bedf4b86043aabf050e130526dc68ba956792646857f772266b179dcd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5924b5393a715a445d99f2d2dd99ac7c
SHA1 7103911fcd4dd8463a1e0fe91eb8337b8bb1558b
SHA256 d42cd6477cb14ac231a5465c0b2f2bdd5475437d8782960b2202037c2d1c7750
SHA512 c0c0a0e4e1510f60dd79be428b312ba339c3d373dcd0cbbd1ab2c9eae4034880114971394dc1f903c85b393b727751a8f789557241084457d06d63a13fc66609

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\444c2a5b-1a9d-47d7-a6b0-63c12f9e323f.tmp

MD5 69b95d9ff6c3dcdb4109a0677e23c89f
SHA1 1ddf77aa37750916490f6b0119623c3e1f5a7840
SHA256 b4f80ff046edc865c43456ef2ac07efc0aae976e934b6b7b77dfb7797f6b7124
SHA512 e2fb8ff80ea86fbc1fa5154d9e80e13873ddfd149f3951376f27407af90bcdc52268b5e213e92e7ff2bf8f979557430b7fdbb0862f1d0f28af0cba3ccec4b48f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a6f9d1304248dbe0efb2bb9352d5b5dc
SHA1 52724fadbf9a07db73495f239c4a88c09d275213
SHA256 79221bf8e6367a1c84388062f8a43e023ee65ed527a3d36e1fa4a6d793c7052e
SHA512 8d95c6d0141fe84c65d3c92056830b6acc99fd397ad176aa482fb794bcbc6ce9cf877734ac4bc1c62fc479df05608f8349e852a6ca3e70f59bac2ef5c95ce42a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 505d78f87ad29f9a11331263eb11a112
SHA1 156fddce2b13f6c6a485dac62437ecd1c3eb38cc
SHA256 d3625515208eb912998062ea95561cbee6d4d45657c153ab689864b117dcb958
SHA512 70c30d2b2198246972f3de0d75e92b0162dc4d1871ba798881714b7e35a5cb0a918d532a27ad1d000e9bf2968521d25efd5e6a4184d7ffdc1354f88bc6749f8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2a3db658a738050b525e6d39ffe4439
SHA1 09b115badc8e26644dd777daefe45def6beeeca2
SHA256 ef231736ca053681fdef3ec6b7a14e3d09a2403f90cc6120af3b600f546ea24f
SHA512 4694c8eab3d8019d93acb018ccd90afaaa1beff7516ec801181a1eb49233f1d4910fcce3a374d2a25d466c4cb5eed5f9fb1e4bbc3c3917b41d661f4c44cd8785

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 197e54869bf811b0e34407249debce61
SHA1 ce614fa751b87e8fa625b9478939f78505800a3d
SHA256 60da8567799472810313c9fee9327007ea1311d96326398f380b1fd97d9a5585
SHA512 d9c04cb94ac908c64930331e4d86edab34576120c720179dc1bac66005326b616c5782986bbe78890fbbe66093992149b9eaee984c815b905328b23f3dafd49c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7da45fd7f3160f302c0610d6685eb042
SHA1 b08327a5885e6d8bec182e8d3bf5109ac7f29659
SHA256 4d93b38ee139b43a28c57b432ed473e070c1a70964e7d5227a19a459a15b029b
SHA512 bcbf57704ea1ccc128c6f80a832e8310f9ff64a2f44cf13a1b8fc2342f220f08fe9994e471aa1a6b5c352ca0ad7275a983b91bebb679ad9ebbaea15cda4b652c

memory/2788-1928-0x0000000000130000-0x0000000000332000-memory.dmp

memory/2788-1929-0x00000000051D0000-0x00000000051E4000-memory.dmp

memory/2788-1930-0x00000000076E0000-0x00000000076FA000-memory.dmp

memory/2788-1931-0x00000000076D0000-0x00000000076E2000-memory.dmp

memory/2788-1932-0x00000000095F0000-0x0000000009612000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c89c4150c422eb77a6c733e617d87ddb
SHA1 bf8b40c93731a70570eb43d3ef39ce66bbcdf01d
SHA256 15018aea21392c82c2456e4d021243d5d516d69f49ba0e77289bf3ec8b8d378c
SHA512 6c62c8485b8699c45006c5428ed859f052c8a77f3eca64316aff1d9b58ee0d2387ca17e4a2002aa7afeb6f0373d68c1204c82368be9ea15eacc36600a6099709

memory/2788-1942-0x0000000007750000-0x0000000007802000-memory.dmp

memory/2788-1943-0x0000000007CA0000-0x0000000007FF7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48e5460a0c9a1010c5e0517bcf37955c
SHA1 bd400d82546811b83602cf423696a7cbf29202ed
SHA256 e2223ff1c88d1a6911c5f2aee9f4396a5c75db8da446b9eb116bbde042a163fb
SHA512 90cd2849e6583c24096e436f8f0dce45827a7c3dab46c63813b45bfd4d6517e0b04d03c35a8cf7aca51eaed13c4defccf5d802247b01b1b711752c22a9f2f236

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 114ab794a36be8e467d35e52e1a5d7d9
SHA1 46662b2a9445c55a714deee2aae3ea62a256d547
SHA256 006b5c1271b67587065dcb61b8a7abae0318ea0a7c5088aeecf647ad864c7d29
SHA512 630049dc87155607b1ade3101638803b13ff9ba0b900c6b5f855031ad927bbcad1d09512d83894f5b4761c1345626abd811306705b9e9c7dcabec197540bd8db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f14d0da0be10ceb05dcf1222b005ae1c
SHA1 af3239b33310db782957e5205aa691c5e2c0acf8
SHA256 5a031f17f1d7231825ba6cc1d9ed9551631163ee6150d2a0cb8e46157b335505
SHA512 25f46acfd2955b596e6ac8c3ad449e4a7a06bbbd48672e97d51c8ac601445f45271710fd677e675aaeb238d50a54a361cdeaebb6faf4e3c861b1520be48d10df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 592e1c2ffbaf7bf2f8cf24b92dbda48d
SHA1 6dcda658e21aff87368276a564724c442ecd7438
SHA256 e9d1d9e4fe43126a2bb468a1712cadfa72fa3edbb5153657ba2fb62cfca56c49
SHA512 40e88e1e9282d2b44c397d7c1952d48cc3301f2fdb019475297e50323e6de392d11eca6d6a48c6699350a2882d8d9ff68b4d2341d9ad4e87e76da54af42cb835

memory/2788-1982-0x0000000000A80000-0x0000000000BA4000-memory.dmp

memory/2788-1983-0x0000000000930000-0x000000000094A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80be7573be3b2b62866c3074f21a4c51
SHA1 7b30c929bc34500560766ce4412f9a43a4b40f22
SHA256 ba383c876c34991cd2d816c14656be8501f35253a043c504d1055226180c9720
SHA512 7c4dd21b6255e93339693a0c75a7692fe95f282d61d81b58f151d99c7f9e3bbdca253a996b47e4a180af487cf87e0a8971c41801667ee8abf05982b6e5f6b6a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b4f1fdb5ffde7229a965be3531e310e
SHA1 5850569d1d47b42e792a445e85dfd2b98a422756
SHA256 eb06d55ce9dfe6a3e44ca6993499b922c5138630a4e90beb6be9c940f97ec7cb
SHA512 7fff8ffeece3e61fc12feadd021ba47ef611966d59f1451f15fea049202f05771fa2b5c7aa5c738394fa75dea5fdda9e306801dde128b39b80795e38fb44c49c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1b8857ddb812fe574a82fbf0e574f203
SHA1 7462719b5074ac18f89650d501f582b1fe6dc6da
SHA256 5ce7d8e87681d65ba7f2e1951fa80a566048f04ddcc9c172d962141920350e6e
SHA512 652cbd1042975ec3ad998840cdb87c752df1147c62d63bc3b9ec3e93ef3564e25eb158ae773ebdfe2b9bbac508fbce7c7bd857102552fac84ba3d0d83fa0adf0

C:\Users\Admin\Desktop\Solara.exe

MD5 e069304f72f1993e3a4227b5fb5337a1
SHA1 131c2b3eb9afb6a806610567fe846a09d60b5115
SHA256 5d00cfc66ae11f68bae4ac8e5a0f07158dae6bfd4ea34035b8c7c4e3be70f2c5
SHA512 26f18e40b1d4d97d997815fe3921af11f8e75e99a9386bbe39fb8820af1cbe4e9f41d3328b6a051f1d63a4dfff5b674a0abafae975f848df4272aa036771e2e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 25f0364330116ccb2dec1d143163dc47
SHA1 6e6749c2571e80eeaaaa63d1a596bc2f024a76c1
SHA256 27e73f665bfdf62c0d3a32cb22ef19b7bf4f7debfc271fe365cc858b46a776a5
SHA512 78bd4a0391a833d382d2f55f58b71269022371c7245c322f0842ad80b19ef33cd58788c113a49257de21601f12bbef2239308b451c8b90d1e279527d6c151624

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76e1ac8a6ce54f7189646aa17fe19593
SHA1 c3252a568e11c35473ab0c8face3b8c8df128410
SHA256 393126ee0ce74f41530ee52ab555d933f0b9d757762fa5a3a383bbf918990cac
SHA512 7d7656833fcb7af61c2c1a63711bbeb5a3905aed96298210ef45c29501f1f1a43edaae6be383ab58667a026a7c70e21b45cd87894b6cb526236ce6eda19c0e8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d7a3f4b8fa316dbd958fe0ce431fb45
SHA1 23586fceac8ffa9eb4d2ff1eee54dc2b61d9de94
SHA256 3055bc60e4ae394bd7107bd00b6ca6303bac4f519b164427f9096048a4af5a7b
SHA512 aa6ca1795fa7cee0311a7c568bb790a1c9ab2db1ab536eb8ba210970049b4b50ff5543a87ecd5f759a7f73df6f331bb1826be3bd4cf496de5da62682c8ae6482

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d73cd4aaa0650e4d0382b215f6f26bf
SHA1 863dcb61c843fae053526512cb6bcf02c294ac64
SHA256 9f47f0667dc53e5dfe50f0286ed76571679392b217eefceafc6ff269f96b2d5f
SHA512 8c068d4e980ee605d3f688c5ce93069ccbf9663176049060fdabc687aec5d62f8d848526ec8f981cf4c683040a5e963b50ff3ca94bcb736d727a0791eb4d72a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 94fe6355a0a2d1baf4d47d5df3ed82af
SHA1 cd6e10b2c218e7ac44fb23f70fd7eaa049a1c3d1
SHA256 d1ada2581b5c927922703964767e61560369b0faa0f1170ce8d833de44778738
SHA512 c4ae8f30d813694be7c42f313ede6f97a55ff36d27b70e751b97f1f1456aef0553d7a8eef5f9d56a125da3f7f246d3b96024900f75e34a5c4ab68a670fe08152