xenorat | hxxps://github[.]com/moom825/xeno-rat/releases/download/1[.]8[.]7/Release[.]zip

Analysis

max time kernel
299s
max time network
300s
platform
windows11-21h2_x64
resource
win11-20241007-de
resource tags

arch:x64arch:x86image:win11-20241007-delocale:de-deos:windows11-21h2-x64systemwindows
submitted
27-11-2024 11:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/xeno-rat/releases/download/1.8.7/Release.zip

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
3335
startup_name
nothingset

Signatures

Detect XenoRat Payload 7 IoCs

resource	yara_rule
behavioral1/files/0x0005000000025b6e-617.dat	family_xenorat
behavioral1/memory/1528-618-0x0000000000BD0000-0x0000000000BE2000-memory.dmp	family_xenorat
behavioral1/memory/1528-649-0x0000000005ED0000-0x0000000005EDA000-memory.dmp	family_xenorat
behavioral1/memory/1528-660-0x00000000063E0000-0x00000000063EA000-memory.dmp	family_xenorat
behavioral1/memory/1528-661-0x0000000005A80000-0x0000000005A8A000-memory.dmp	family_xenorat
behavioral1/memory/1528-680-0x0000000005670000-0x000000000567C000-memory.dmp	family_xenorat
behavioral1/memory/1528-701-0x0000000001580000-0x0000000001592000-memory.dmp	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Xenorat family
xenorat

Executes dropped EXE 3 IoCs

pid	Process
1528	te.exe
784	te.exe
4448	te.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	te.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	te.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	te.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133771817602843736"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\ms-settings\Shell\Open	te.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000001c31590bae18db0161a5810bbc18db01b25828a6c240db0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 0100000000000000ffffffff	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	xeno rat server.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\ms-settings\Shell\Open	te.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	xeno rat server.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\ms-settings	te.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	xeno rat server.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\ms-settings\Shell\Open\command	te.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Release.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3420	chrome.exe
3420	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe
1528	te.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3740	xeno rat server.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1528	chrome.exe
3740	xeno rat server.exe
3740	xeno rat server.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 3032	3420	chrome.exe	77
PID 3420 wrote to memory of 3032	3420	chrome.exe	77
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 4920	3420	chrome.exe	78
PID 3420 wrote to memory of 2444	3420	chrome.exe	79
PID 3420 wrote to memory of 2444	3420	chrome.exe	79
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80
PID 3420 wrote to memory of 496	3420	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/moom825/xeno-rat/releases/download/1.8.7/Release.zip
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda7b4cc40,0x7ffda7b4cc4c,0x7ffda7b4cc58
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4264 /prefetch:8
  2⤵
  - NTFS ADS
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4748,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4612,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4948,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4768,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5628,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3104,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5272,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5584,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3208,i,2778200717290698720,8420232790027695552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4048

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4192

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4568

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:624

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:1800

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3740

C:\Users\Admin\Downloads\te.exe
"C:\Users\Admin\Downloads\te.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1528
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c start "" "%windir%\system32\fodhelper.exe"
  2⤵
  PID:2956
- - C:\Windows\system32\fodhelper.exe
    "C:\Windows\system32\fodhelper.exe"
    3⤵
    PID:4552
  - - C:\Users\Admin\Downloads\te.exe
      "C:\Users\Admin\Downloads\te.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:784
    - - C:\Users\Admin\Downloads\te.exe
        
        "C:\Users\Admin\Downloads\te.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5b4098bf72c8d0788b506ed0a9b1a057

SHA1
7afcaecb879db94a351b705a4903e63bfbcf7ef8

SHA256
d0c2f919317b0efad384ce5f9d54f4428104c340edc9731c66374e5f88df1e3d

SHA512
e4165dd7115487b7975d035cc8666706c3f83380b35f79be389dd0761f9fcde0a385f4cf45fe11f5e1e6a8006f8af1fc4d62725528c271c3db3db9ad001a0431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
c9e8e83a202bde98b1260be9fe92e632

SHA1
20fad6b28275d65442aed0fb9140ad70b05120f1

SHA256
4472e2a5d2a83d492e409cb039bc2d0db4a77dd8833eb00bb9e9722b204e72fe

SHA512
8f1f7abba64623f6025c02d39e93334d75c7cc00967446b89280c566549a2e1db1244b2ccf777806f00891c4d3d24b40f2f8e84cea594c17e194bd852efc64b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
9034912f195603e679791f3427bb404a

SHA1
eb47eac0571ee43e5e402d8b69bfe5f4edd55505

SHA256
c93ea82992db696a89ad0256acb7576ea6ea7107ac225f824d18e984d5fd9826

SHA512
5022269054174321a83ba581cb8e74dc7421581b9b12676ee89448217e153cff7ffa81232a47916f534ef47b8240ee795b71585dddcdb603e13c2395d4471a18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a3abd44d0954cce5fe924307c9b23dfa

SHA1
c88c8d1f48882e5c02a0d708435fdff906b89945

SHA256
ff22c727568f97c8858433014571e80b0055a12dab38a1951d6de44997e9a11e

SHA512
4ddd268a711e7748e3ac324d14f6aae2814cc5b767881819614d6c084111d2b2d08c0502fa48239a2ccf7a6d0c6a3062c848a2fd037921ef5389ff05ebb091fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
ccd8df062b91b7978a8985f1832198ea

SHA1
0cb7cd082f91af56a6f556941749010ad68b44dc

SHA256
b1740c848c9bc59ab842f643d9924b6d0585df995d107bd7b76f65b5d0598a82

SHA512
80ecb531090db5d2f832966f5e5234f00f96cf087ea676012bb8b71f3b8e73ca12ced2b28461eb6a7759030c525f828681a4472238ee3156dc5170aba96c0336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0d7c6273c87893553584691cbf92df60

SHA1
1d2eb3116ee2ec3809d5d0a53c8f59bd3ea9c9d0

SHA256
55f763a082dceea2f95f595ad0d53997f0b311322cd05cdf7094f46c61972b76

SHA512
dc6973b7cfb03446d8c60c0721be9f1d42928f388873ab9c86ce70e760fcee4ede7983c883add94019aa4d7bc4abce2d0239de03df412fa884bb8e843c38a840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
a3489086fff35d320749f61b68e46f79

SHA1
c5251d770ed89adb4fe2f4aeb6da7da2cb09192a

SHA256
d24622d981283bd289f348dce4cfc62aeef8bde68e0856aa10a1835f637f9265

SHA512
5f9668b839e38ebf0e7e3eaf01c9baf39d359b99fc5db462f99d55d634aa341493a1184f8410fab296c7192e3d415e40af59b4209cad6fc375de505a44ff278f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
17a5c8f2a35dea3527a7c90ec51e4a36

SHA1
6e74379cc3f28590b990ea2f195a498a2ec8cb79

SHA256
ae132865a0d8cc1fca0b875c573724ed04066e8fa16d50d67824570859496176

SHA512
6bd76a7bf787483a0529a31a6782312f6e5143022a55291e531aa5227b9cb6b84e9cc39ae8a251c0ae6d905d64696fdd2f5ad4e64d58dc975754e5c0827ebb81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
2f6fc944faedfc9496897adc0688c0a8

SHA1
721555316d9738baf3054d72b0ecafd78f07859a

SHA256
6ddde08919857ed5949aa73a5a3124881ec55d296e2e5b6f134ad6bb5abb66cb

SHA512
8da1b0ac540cfd82f34d8c27c6bba8b41f813098241d4282e8319fa043ab964ccc89d6ddaed03ea0481766ff60c079e4c6eb670d5a205de8546d2c702d28c05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c340970c818cf24b8986c9b990230f98

SHA1
fcc1a432240c6b5fcc41275fa96834f95e4fe6d3

SHA256
600d021a1a5374d51e170c67e12c1f6fa63506ce74e5621f94872f882fd515c1

SHA512
fefb5bdbb86fc5016325c725886cb685c24df7a0e08098ef65853cdac5e7a0a191229676ab4e2d96a6a9a63b9efbad1eb3c6b6f1bbfa98833e3090abdc669078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
ccfafb56d8867e33fcac55b5a4c4f7ab

SHA1
fe798b3c22a1251d92b607d86344cfd3e2ef9656

SHA256
204f1f077c3e8ddafb4206da412c33d3af514f57a0c069de6f5d3038f602e65f

SHA512
c7affd66a7279842fe28aa4cfe9a13e1322fb939ab6241ca6939a13e9fa3d778663f06e896ef2648dc58663a00c3238323dac11ad8fcc7b6a57b797e3c3c285b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
38113a08c2d0594a23723802589d613d

SHA1
aed2971556a7ebe54e19bd1d2441ec71ae8865bc

SHA256
664120a3783a8451bd41b039276175f294bc1550f49d11da6dea0bc8e629c78e

SHA512
50d0f20bb04df0de649fac3f076d33ac3b471495e180973d15ccb66b1e13bb011435d3498054ab2302c529eebb9bf5d5ca3be92598ac5508541e31ae5d107179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8a65373e68e4df70a3658945d62ceb7a

SHA1
a3f1cbd3b8e4b9e5a883da08c27250ef0fba125b

SHA256
ef1d3a145220b354cea1d45ed1d1d3728242507054f869b4f8474040f387e2a6

SHA512
c8d7107254a3ea173f4b559d6b752e716c1f6274846793142f19a3af8bda9570913281f6b2deed61d397cd4767524d26efe292aca570fe3d6fc0171737f750c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3307044f4c95b041c84f0341e808a771

SHA1
3496957170c252005fb86343b56a0f08d5576677

SHA256
9f0a16519cd9974ac32259d13b7eb7131537b1df9d62c9e0b9b380411877aeb1

SHA512
bc34e779bc03f0d398bfb0ab575003db7aa0712016414be1e99eda01bcd38efe031decdbe60c36f3143ba939f74886ccb2c7607640569b2f39110e5871c1dad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a27938c42067d7ac68becdf0ee2f28bb

SHA1
ca93b22609116c41fdd2baab1bca3aa700128b2e

SHA256
62ab1d8e3b418ec8a429830e101da83e199c1296c3ed5c3f41e8ed4bd3db27df

SHA512
adf8bf6ece3c2f210916847b18878471af5e0eebdfcf4e2870b0ea719fb4db0863a5d0da7496fa131f803dd7c6468de3e40314e387b285cac68b5511338800f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6a4131151747bed20130a0ab06d84aed

SHA1
e81d1876f413a35e5473c6741ece4d74bec333b0

SHA256
a4290c60c24b9b63d0cbcc78f21a302f61ab3a49cd5371cde70482c19e569106

SHA512
271332b169aab8bb26589980ac6840ebedb47d3a3d6bfcffe49af262a505b318a1be97ecd5baceac220fff709e04f258dca855824361a752e203ea2553617378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9fb32eed723b90121c3bb5a45beaf9e2

SHA1
eda224b290dbb941372648ee9cde1f84ac076953

SHA256
a87040521b0d92a71059ee30f755da640a8feb5488e4a1394b4e502aa03453f9

SHA512
f35567c303c5b1554a9d63e268905c721503bc73865e65cdee6dcd65f917599a003ede08ca7f61f9d3c6d695bf05eabbbdca32f15d1ddfee0c7becd9ca8af53e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dd2aac5032731d4c4c314ddb65a69b14

SHA1
8ca5a3aac3f819afb6215c86c6a78103bcc2b557

SHA256
c407fa1d5fbbe409500acc057f7e15a790dce477971d11d9847da4d31b9fadd3

SHA512
6d6e5d4a887be6174254012e5afa32fcd941458824eb10688e40b64e49ee0a38f6ab15aa153bd335f4e6f4ab1f5571a9f267258d5a1f3fa90cd6a942e3d095b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
98df7db7ceb58001ef1556191e9c842e

SHA1
629b92f0d3641e7756b34a9435487f890c4421d6

SHA256
80a7ea390de432ee9733d6edf93597951a6838c2f6401a8c0c533b7748bac74d

SHA512
8e115070b20e70b6a701ff62f5680a4b7848f9441c82f4aa4bc322df497cf26c188033d5d167e7aaef0f7dee1ad3184debd8292a789de0b54a80c78ba1972cfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2b63d94f5f372d7d55606a3fd5c63fcb

SHA1
55e1042386c2a289d0a0480fc51b355a3e4c6ea8

SHA256
36295636b54015c79a9041fc74d0ee6f093e3573c0975621fdf7952c29b48dfd

SHA512
f47a202f9af3e1334b099e2699e94c5ef68ff8efa03d4a2afdf1c1ef50fe0bf9e1e4528838dfca9ab2b07363ef7cb94a5015beda8d5c2886207c55522f7aed13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
23fa2acec23391df30445a50ade55ad1

SHA1
5891c10131c785466488f92616ca9eb0292a199e

SHA256
7f5a772bb885e79dc6c09acd05bc88b714a6219633f39112861a49677a84db0c

SHA512
39e859559e7230588fe112f212f388fd12dd6bc5961a1689f359b49bd3aa4b739619cd4fc969928cf24dcf8ab6cd84c676a066e4fee812461e96dc4bb227c460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6b816e442554efef5c4203302d1e616

SHA1
e3373ecaf8b840f23aa8d8b79a0a4754bc3871cb

SHA256
fee5e418961fe926ed311724180f3387a554d487ee3b010b68a361461d6516b5

SHA512
276d270bde5d21dc708819ae68c025a6c305ce6516e2199e4ee1d4af88f1a5ba5400d2a012a655a2347f846cedb7da5aad68175dc71c24e5b24db2c982ac60d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03fc624e3c55790cc57383ec0d3a30b3

SHA1
970540d609ba8f296216d6ce7d699ba0e0124d3e

SHA256
e21b1c0affa0c6c3165b23fb134445a20a4573c653fa32373554fc86dff4fd4e

SHA512
706c6d43a0f4f98f50cc83bc890753d7271a0ca71f05619af289421cc084785c32bd5844051366d033d3f7325511a1f505f21583d3f6e1b2914d6c0676be41f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0e8a1de07a51f9820dadddd7ebe59ed

SHA1
e4d42a4a2df4b468244b7a4457ae627e78dccbde

SHA256
b21e6d1b087311106fae818d05c570c7437208577c59efd126cf14ad026fb678

SHA512
ea9ae7433a9fb57b266b1f5c9cdbe3eb5fe92664156b76495eb862334df8db9ad316667f393dea4f528d1f81ba3a56274d5fdb601dd05b469948f260f75c9a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
423a8276c50df054ce9f8c082dcde017

SHA1
1fb3dff85b9c1dd8fb95ab2d7bc2372576cb0283

SHA256
f85c243ca3636b9da90813e5e2ecc670ba90ff640b670728a094a34dc27357ad

SHA512
801ff928a72c5cc937a100c95f57c74ec7d7ba356937b1d7f795e7c1a5695a47b9cb47fd0e2b0cc781b6177c6ca1c7fded78923d49d40eea305ee34f5144da79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
671a33d08f408b0b0190116cc73f4d78

SHA1
20d78b66cba790e42317e5da4b95f9c5ccbe92a0

SHA256
5da0cb506877e6f12827ccd03d1ce01aaa947388ed42b80120ff072fe9900239

SHA512
a054f7469694037775eaea64d530c72b0a11b4c5d50bc8392c7144c03606d0ccf23dab5aa5d3b91bc142ed35d599f1b4012f4bfeeb5ce0d73f057b6ca2c5c05a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee804d5e36250f7a4981c4d89a088dea

SHA1
74030159adc08b83911f4bc87270969f91ffffb1

SHA256
710eb1a8fe131560bf6ba8b2af78b3aee67f2fc6e2af9ffc6739ee07be7eb6a7

SHA512
c22439f70bdb070453af1eea1963545d46331628617f2df71a8e7665627a28ffc2af5e9e8095b5a05ea98fca7489f3838a7f322ecfe0508216e599483887c9b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a7f3f7761342d902978d97af38d84df0

SHA1
6983d8e3ec66c600e045b2354bee59b2394be221

SHA256
62279cdfbbba811d9e3ac348888f184d47fae83b10c7551b7ababe75ed616c6b

SHA512
ff556dad81f18d554d480beb28525b8c140ce94b7983becb2348eb990b4fe076901b04cee0b8407ce01e76b13458417e45af765894f50b9e4ed44e6d008312b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d3a2a51fa83b58e3b013a7267034f4dd

SHA1
7a32aea4abacb72f3f5d48b6e6595d977e61e483

SHA256
234235e99ce9c7a247d1aa7608e428eba895df9415a31a7d15d1b8c234a325dd

SHA512
c8d29c1e24a1b57a8ceea2bddb10bc43a7dbfd42c306242e4cc655edcff568c4936e3f5fade2184983ff18e2a74b525a91b06f37edb008f8a7354e45a70c2ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
981129d78a12781f8f9b4b304e499944

SHA1
c205f543ce5e49bd2e122922637ccd8fbbf7e9b6

SHA256
416dfb4bb8888d8ff76e916a756f353958e61d911dec7ad9f15f2f6c63fede5a

SHA512
f18677434eca088ee8e4a4ec04d250b9bf7bb494eff5ea220033869e1629ec978cbead241f8118f3b2c450e8f9e66ff3e2db78b368ed1a5e47252d9b05910a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c77dd3f3-5c39-44ce-b464-73c1e726864e.tmp

Filesize
11KB

MD5
eba633390558926b6149c0bc44e7576a

SHA1
dd2a8864cb40a17731bbe22d2b03daa59532b26e

SHA256
0a687869a8822060a0da57d1302cf5b4c8913c796ae71490a6b7e150e60d8d57

SHA512
2e66e7dff160e79e61aa031b6e3c592f47af42557b72e634024a75e5ac7486b3c666230f515c995dbb9c58db6a31804ffd82051723caf409e292bafc71f40d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f29aade1-7be0-40e3-a4be-8caa1d9a9d72.tmp

Filesize
9KB

MD5
04f9cd6be6f64ac9843b8ea96486e018

SHA1
087439ab91a8f425124a41319f072f4f056fa35b

SHA256
1668b5444c8718f6ea46238cf4502b13dd33520e3f2248692a416fd62acc5538

SHA512
acb20a208d98fab8f3b20cd44cc612e2be4640c1cf2e144e5e4d5042c5e3cd37bbb48413d938d10b5e91e024ff4e5bccd3c42bda4122544ada4c2cd6fff25fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
f53190cc8fee1f13a19026778f7e79f1

SHA1
ee2a8bd236a6ae89993336fc64bc33b055e5f395

SHA256
4933619971c4d3808ff5eba9e925ece40411d1bb444de6d84f5cdfc159a7dd6d

SHA512
772a6bb91e348d39cf9396ef3605b651b9c74e1fc6d19604c1cf2607f4c8f10757eefeaece827f0da9fdf31eb1a304673024b167af2ff10c4ffaa7f071a49632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
5db1ca36066be260408f960143fb61fa

SHA1
beb409e96a473d8e930ab4fb76de9fbe0da7f3b3

SHA256
1be9d82e56497d973954ae23f394862b0ccaaa5c0abd78f4b83c557f508674ef

SHA512
1ddf3ca066ba78a0d5f2ce2ee52d22504da10e2290d1cf1af15a3c889960c584c6da4383901c2fcc4af700589e7930da8354ba999329ca61158e2ab4d90b43dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\a916c9ab-5e66-4d35-b67e-33f89398fe3b.down_data

Filesize
141KB

MD5
d0fbc5fba8125e51fe5deac2fdc4e2ee

SHA1
5a5710759c501924156c0bda3a38c4bcfe87e7ec

SHA256
4705a04616a64e92f1cc92885d59235be6b1593a62e90cdff86f1461b7b253fd

SHA512
a57fde5dde27d953d7602b4aafe1016b2e17e191334232c0ccee502afd886777fb80730c642f48213ab8271b3b923819173e7676cbc46cfe2f50ab9b79d0baaa

Download Submit
C:\Users\Admin\Downloads\Release.zip

Filesize
6.4MB

MD5
89661a9ff6de529497fec56a112bf75e

SHA1
2dd31a19489f4d7c562b647f69117e31b894b5c3

SHA256
e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

SHA512
33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

Download Submit
C:\Users\Admin\Downloads\Release.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\te.exe

Filesize
45KB

MD5
e23c260649c2f8cf9c6b92ff6ba7a082

SHA1
dec126f1c1e5b3f87305f727084ad75440c0ed12

SHA256
0dc428c781d9d07edf98a52bcaafb262ba6cacedbe8fddd9decbe0095008e525

SHA512
b515793be59b23c9c022eb9bd49d9bd58f18b67a10911be1aa97abd8d86a8649cc1a1f9f44ba87cd662d621fd496438a0faea52a7870f0de582bf1400c368d48

Download Submit
memory/1528-661-0x0000000005A80000-0x0000000005A8A000-memory.dmp

Filesize
40KB

Download
memory/1528-660-0x00000000063E0000-0x00000000063EA000-memory.dmp

Filesize
40KB

Download
memory/1528-649-0x0000000005ED0000-0x0000000005EDA000-memory.dmp

Filesize
40KB

Download
memory/1528-701-0x0000000001580000-0x0000000001592000-memory.dmp

Filesize
72KB

Download
memory/1528-618-0x0000000000BD0000-0x0000000000BE2000-memory.dmp

Filesize
72KB

Download
memory/1528-680-0x0000000005670000-0x000000000567C000-memory.dmp

Filesize
48KB

Download
memory/1528-629-0x0000000005F30000-0x0000000005F96000-memory.dmp

Filesize
408KB

Download
memory/3740-574-0x0000000007C50000-0x0000000007D02000-memory.dmp

Filesize
712KB

Download
memory/3740-587-0x0000000006500000-0x0000000006624000-memory.dmp

Filesize
1.1MB

Download
memory/3740-548-0x0000000007C00000-0x0000000007C12000-memory.dmp

Filesize
72KB

Download
memory/3740-542-0x00000000004E0000-0x00000000006E2000-memory.dmp

Filesize
2.0MB

Download
memory/3740-575-0x00000000081B0000-0x0000000008507000-memory.dmp

Filesize
3.3MB

Download
memory/3740-549-0x0000000009880000-0x000000000989C000-memory.dmp

Filesize
112KB

Download
memory/3740-630-0x000000000BE70000-0x000000000BE82000-memory.dmp

Filesize
72KB

Download
memory/3740-659-0x000000000D4D0000-0x000000000D5D4000-memory.dmp

Filesize
1.0MB

Download
memory/3740-546-0x0000000007B10000-0x0000000007B24000-memory.dmp

Filesize
80KB

Download
memory/3740-545-0x00000000051C0000-0x00000000051CA000-memory.dmp

Filesize
40KB

Download
memory/3740-550-0x0000000009EE0000-0x0000000009F02000-memory.dmp

Filesize
136KB

Download
memory/3740-544-0x0000000005220000-0x00000000052B2000-memory.dmp

Filesize
584KB

Download
memory/3740-543-0x00000000057D0000-0x0000000005D76000-memory.dmp

Filesize
5.6MB

Download
memory/3740-588-0x0000000006650000-0x000000000666A000-memory.dmp

Filesize
104KB

Download
memory/3740-547-0x0000000007BE0000-0x0000000007BFA000-memory.dmp

Filesize
104KB

Download