Analysis Overview
SHA256
dbd2a1eddad30b8a9f2de5f519a2b97f5f3b7bf9306688729b06a01886e75990
Threat Level: Known bad
The file RAT.exe was found to be: Known bad.
Malicious Activity Summary
Xenorat family
XenorRat
Executes dropped EXE
Checks computer location settings
Drops desktop.ini file(s)
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-04 09:53
Signatures
Xenorat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-04 09:53
Reported
2024-09-04 09:56
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
XenorRat
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RAT.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XenoManager\RAT.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Videos\Captures\desktop.ini | C:\Windows\system32\svchost.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\RAT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\XenoManager\RAT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699173145196709" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{CFED4A4E-E9B7-4210-A4EA-E812C700FF1B} | C:\Windows\system32\svchost.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\RAT.exe
"C:\Users\Admin\AppData\Local\Temp\RAT.exe"
C:\Users\Admin\AppData\Local\Temp\XenoManager\RAT.exe
"C:\Users\Admin\AppData\Local\Temp\XenoManager\RAT.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "XenoUpdateManager" /XML "C:\Users\Admin\AppData\Local\Temp\tmpABEF.tmp" /F
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8d818cc40,0x7ff8d818cc4c,0x7ff8d818cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,6723399765953440269,9554151646317462016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,6723399765953440269,9554151646317462016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,6723399765953440269,9554151646317462016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2524 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,6723399765953440269,9554151646317462016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3324,i,6723399765953440269,9554151646317462016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,6723399765953440269,9554151646317462016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3712 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,6723399765953440269,9554151646317462016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4884 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,6723399765953440269,9554151646317462016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff69d484698,0x7ff69d4846a4,0x7ff69d4846b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5132,i,6723399765953440269,9554151646317462016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5336,i,6723399765953440269,9554151646317462016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5560,i,6723399765953440269,9554151646317462016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5552 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| GB | 216.58.212.206:443 | chrome.google.com | tcp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| US | 8.8.8.8:53 | chromewebstore.google.com | udp |
| GB | 142.250.200.46:443 | chromewebstore.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | chromewebstore.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | scone-pa.clients6.google.com | udp |
| GB | 142.250.178.10:443 | scone-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | udp |
| GB | 142.250.178.10:443 | scone-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| GB | 142.250.200.46:443 | chromewebstore.google.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | e2c16.gcp.gvt2.com | udp |
| DE | 34.89.141.94:443 | e2c16.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 94.141.89.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 142.250.187.238:443 | apis.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| BR | 142.251.129.195:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| BR | 142.251.129.195:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.129.251.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:4444 | tcp |
Files
memory/4528-0-0x0000000074F1E000-0x0000000074F1F000-memory.dmp
memory/4528-1-0x00000000009B0000-0x00000000009C2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XenoManager\RAT.exe
| MD5 | dac50dd8ad6a423bdf5cc713c732a5ad |
| SHA1 | cfaf95d0c4dcc0bce53677ba6e7900bcaf38bd9b |
| SHA256 | dbd2a1eddad30b8a9f2de5f519a2b97f5f3b7bf9306688729b06a01886e75990 |
| SHA512 | d7f034fdedad982adbb0ab2112a106965ec6e7bb8f48ac356856d2d8beccfe4f952e0b84dab3c98d8c07b17c9a67ae78e1f5d5f3779c7c83fba9e567a55fe008 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RAT.exe.log
| MD5 | 916851e072fbabc4796d8916c5131092 |
| SHA1 | d48a602229a690c512d5fdaf4c8d77547a88e7a2 |
| SHA256 | 7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d |
| SHA512 | 07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521 |
memory/3352-15-0x0000000074F10000-0x00000000756C0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpABEF.tmp
| MD5 | 82ea8ff2747d81323c4df445fdad9385 |
| SHA1 | 802e47d14c98d9f2f76bfa86ae1c27e4a4cacb07 |
| SHA256 | fd2682af230aec75b6a025f8130ecbe95173246bbdd61055c427809ccd856150 |
| SHA512 | a6e57a5126d39d65a7786d90a11ca030c0047cb998a32a96a3342327d8b7d0f1709fae9aed4b7d8bf5437e7d5e217e34eb004c1a2a0b08d192cbb545aea21c95 |
memory/3352-18-0x0000000074F10000-0x00000000756C0000-memory.dmp
memory/3352-19-0x0000000074F10000-0x00000000756C0000-memory.dmp
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
\??\pipe\crashpad_4684_QRWAENXRXFAGWRNB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | b4b9d5b29c02b9fddefcbd099ce47fcb |
| SHA1 | 4e5aa8bf34080c88d2f67d6c5c06a34246fb9911 |
| SHA256 | 4fafc7f919e42150d97c2ba798d7489911bc8384ba28bddf8b97eb140d64e8a5 |
| SHA512 | 8e2009a39c3d93a18ad22fd34393e07f9cb0e9af16a1e006cf437f277d45196fd7c58031882a13f90e61daeecfd554a37327b0febd1668539e32fa56ce2245ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 027db3517d9a479b024d026eea586b01 |
| SHA1 | 7648623b87515eac60a8b7c1c17f0e443eb635f1 |
| SHA256 | d273dd5ea3f0032a0ed2ca2e94b7129bced425e43618324d3de045841d994d1c |
| SHA512 | 7780a617e9eccd429d1ba289468f97370e7317c4a0b50a68cc65e0880c08d1301116d3f0beb1be1f91578b98429a48f5005bff824ce47dcfa062da3829e39441 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d576a843df74ea021ba0c29e058d19e |
| SHA1 | 6ff7eebdf041a5a1632212c83974af20c5085c01 |
| SHA256 | 5d34570a60b2c7b28b33fd37a5cf46b3d84b1e1a87daa57653e632a90b31d3d9 |
| SHA512 | 4d43650d2b7978e9a2e23dce79f0a2f5ed0538c99a44a648dbb36f123db61e1f1be04a73953ce0c4bda3996d4680607cb22eaea0f64bddfaeecefd5d53aa9633 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e30c00dcc8b650345d895ab157a06516 |
| SHA1 | 67aa267e0985ac84f649bf80b7701dfc8f792bba |
| SHA256 | 838f7c8a4c151e661668fe1f2478fd8e9163613a642eabbb31fb80dddb014577 |
| SHA512 | ee2b79f779fa5d1c49446aada473ff9e98aeceb9ec63a387370c06daa9d8cdb9661777deac0380ad48f92684788e0f405648a2efc33a7d4e0a25a7fe960bf0be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 0c25f628d38c9fde257f780485fd25c9 |
| SHA1 | 5af2b362197cf8c9aa9e174fd2121be174858359 |
| SHA256 | 223ed4307b2610c2ee8ab060b9abc94a14a0fb9443195e5ac76d645072c31cc3 |
| SHA512 | d97a5f693847d0576c86b085fcbe9794f7c056a9525f3a5931b659eb4da0eabdb4565030140592aff5bf19f359c23222b487b024f3a2b0d112459b3864885198 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 33e3e9b1b64ce2d26617939953c24b81 |
| SHA1 | fbdbf5c22ef0f844cab89365992603338778ae5a |
| SHA256 | 4245ce8de88ee4399d98cf7945684364eae0a9a6a726174586cd0debc73b0687 |
| SHA512 | 9f74afe799af2040b2ca832814d2b754640da77f655e8a1575727e24733f59b1650cf17118943ded8e07802070f0dcf5af985d98eca4e7d84341dddf2bf75343 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c7be33ef011a087d538cfdd19be2ec14 |
| SHA1 | a665d1741d622561d292401f2447857c5b5cd934 |
| SHA256 | ad2acbfe7c2be130c791bb366a51ca2b3853bf9874d02258ac97df3d2b8d8e40 |
| SHA512 | a1646a1e79ad36991dc1188e62c2fa96f79f1a471f0bef93e4564d068775e595c946ffbb83e6f9cc7c64d6623e28b6c351cd99978253bad7c638b5ce7168e0d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6b04c7a8a7b24f40de5db9f86429c69a |
| SHA1 | d5c90348bc4968c5e0db208ee55bf8fcd135c120 |
| SHA256 | 25bb91398e0314ecffff84e341541c15e735f4a5962ad767c00f29e199bfcc7a |
| SHA512 | 86ba24cae684d6a68da99653ee8ecbc967cfc1fa65d7b5a58256c750b2eefb611b93870dc1226669f4d461ba3d0928780e25d9fb56bd5c47aa326a853f3848d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ccade921c6184c7d0fcbeae55a1b0571 |
| SHA1 | 4508616cbf840d08dc43ca073947a5b6e7f05563 |
| SHA256 | 10880e5a7a1b23dd78a1bf6cc8dde8ca8a27daf099470cac826cdd13d229d61e |
| SHA512 | ba524bd378a885c3aa2f5f3ae7c671be113e693081bbe1425c7803dd4a471b5ec94073dc63ea469d4f0981da6f490388210b096368f7ac0f7b2fea575ce482b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ce5416d4f7015ab7712257c3ca4251e9 |
| SHA1 | 28e73410b9683e9f4dba31c6efb4a09c75539dd2 |
| SHA256 | ec687e9c7a0803f774f45b6b618eafcb8e4467dcaf21330b59ee23dfa162333d |
| SHA512 | fbc296098b5db63f6604f49b823dc7154affa38146f7d81eb89088850604ab2c88ded986f9382daca94b0efb0149d219be4b0b628fa60af0fe6a35e0322c8214 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e354b8c1b43d5b6e372313ac53f13231 |
| SHA1 | 219bd79bb0759153af081e878afafd00496ca900 |
| SHA256 | 830b007e23f50facfd7ef9afe8457511b76f3cab64e66376723a5e684fa7aee4 |
| SHA512 | 70eb7fed2f78fcdef6895c5e4a4ea73eed462373de2ec2fffad6790a5c1bd626d76e8ec3c1c83581f2a43a9f1b943bbff495ca203820afa3d781b448ae2e176e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d0b1c4708d954a394d0c64b3574a52e |
| SHA1 | fd6d8c1afa277e3fdcd062d4cffbe5841a12d73a |
| SHA256 | 218c0bf75c7d766e404a826db1bf37aed2b03f516a716fe8c013bf8351a320bb |
| SHA512 | 45be040c43548df54cf2eb0169d218b34c456e52a8147016369bf7a7b5e23f97160e158b1b29de1bb86f02c84d98a86f0e8cd9eb7e10713eb63395d09a7fc20f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f33ec32b2457f8b06421b1322a548b6e |
| SHA1 | d4638dd1a43800d5c58f0ff6f16ace474a2352e0 |
| SHA256 | 27cc171275f9a7b00691640d6b21cdd896844f3928a6a108bdbdb7c28997a14b |
| SHA512 | be4da84918a270c9453614b8323d7235b4d131d648775e6ac74fdf8e4e5deff15a8859eb3183bd8f298914c647fa0a57158426f2c7a706494c4e6411e5437111 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c0549e4b592691225cfdb8a53934ffd |
| SHA1 | 5a77ebea4c268bead504ad034714adb857b72ef4 |
| SHA256 | 49d63fb69861506dd30e6592e55e76a65e33de4c7aeac5fd5420f2f1f5230b6d |
| SHA512 | c128c8e659c391e14d60ca6f7638a6e365a4b2f836ee2d4cbcee4a0ee5207a1bb7fcec195cad82cf0a64bfe2b749eb0aaba91000e39b9003dc594c35ad0dafd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1a313cd8121e4e4c7da9b77dc166fd18 |
| SHA1 | ac32a31cff57ed6ed0e489d6932d0d97ddd7be70 |
| SHA256 | 886368a35a40e27802dc096a5f155e6f516d1a6a1a09ae91ff7f3c25ebca937f |
| SHA512 | 7e343e4d798261e896c062365cdb8ede5b880e292addb2ad8502ff59e5aec5ca72159f870284437697117c1c0626620d4927ad3b947f6aa009ea7261176cbdf3 |