xenorat | hxxp://k

Analysis

max time kernel
1797s
max time network
1709s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
25/01/2025, 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://k

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

localhost

127.0.0.1

Mutex

testing 123123

Attributes

delay
1000
install_path
nothingset
port
1234
startup_name
nothingset

Signatures

Detect XenoRat Payload 4 IoCs

resource	yara_rule
behavioral1/memory/4916-446-0x0000000000750000-0x0000000000762000-memory.dmp	family_xenorat
behavioral1/files/0x001a00000002a8c9-764.dat	family_xenorat
behavioral1/files/0x0007000000024dbe-775.dat	family_xenorat
behavioral1/memory/3100-905-0x00000000007B0000-0x00000000007C2000-memory.dmp	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Xenorat family
xenorat

Executes dropped EXE 2 IoCs

pid	Process
3100	hwidspoofer.exe
900	hwidspoofer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	raw.githubusercontent.com
47	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hwidspoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hwidspoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat server.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 7e003100000000004759166811004465736b746f7000680009000400efbe47597d61395a9b8b2e0000003f5702000000010000000000000000003e0000000000f5577c004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2 = 5e00310000000000395ab18c10004e4557464f4c7e310000460009000400efbe395ab18c395ab18c2e00000011570200000005000000000000000000000000000000c89629014e0065007700200066006f006c00640065007200000018000000	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 020000000100000000000000ffffffff	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 50003100000000004759b968100041646d696e003c0009000400efbe47597d61395a968b2e00000035570200000001000000000000000000000000000000c9d18800410064006d0069006e00000014000000	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\NodeSlot = "4"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	xeno rat server.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Release.zip:Zone.Identifier	msedge.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4724	schtasks.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1548	msedge.exe
1548	msedge.exe
236	msedge.exe
236	msedge.exe
2292	msedge.exe
2292	msedge.exe
2044	identity_helper.exe
2044	identity_helper.exe
1936	msedge.exe
1936	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1132	xeno rat server.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4048	xeno rat server.exe
Token: SeDebugPrivilege	5080	xeno rat server.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
836	MiniSearchHost.exe
4048	xeno rat server.exe
4048	xeno rat server.exe
1132	xeno rat server.exe
1132	xeno rat server.exe
1132	xeno rat server.exe
1132	xeno rat server.exe
1132	xeno rat server.exe
1132	xeno rat server.exe
1132	xeno rat server.exe
1132	xeno rat server.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 872	236	msedge.exe	77
PID 236 wrote to memory of 872	236	msedge.exe	77
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 4444	236	msedge.exe	78
PID 236 wrote to memory of 1548	236	msedge.exe	79
PID 236 wrote to memory of 1548	236	msedge.exe	79
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80
PID 236 wrote to memory of 984	236	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://k
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd4a113cb8,0x7ffd4a113cc8,0x7ffd4a113cd8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5208 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,7152453656700587748,7075404959732865497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:836

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2240

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4048

C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe
"C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4916

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5080

C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe
"C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3716

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Users\Admin\Downloads\Release\hwidspoofer.exe
"C:\Users\Admin\Downloads\Release\hwidspoofer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3100
- C:\Users\Admin\AppData\Roaming\XenoManager\hwidspoofer.exe
  "C:\Users\Admin\AppData\Roaming\XenoManager\hwidspoofer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:900
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "system" /XML "C:\Users\Admin\AppData\Local\Temp\tmp29BA.tmp" /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:4724

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hwidspoofer.exe.log

Filesize
226B

MD5
1294de804ea5400409324a82fdc7ec59

SHA1
9a39506bc6cadf99c1f2129265b610c69d1518f7

SHA256
494398ec6108c68573c366c96aae23d35e7f9bdbb440a4aab96e86fcad5871d0

SHA512
033905cc5b4d0c0ffab2138da47e3223765146fa751c9f84b199284b653a04874c32a23aae577d2e06ce6c6b34fec62331b5fc928e3baf68dc53263ecdfa10c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4db8d660-1660-47bf-b979-8f6ee7e0cbb7.tmp

Filesize
871B

MD5
70a104eb506f854785441c855d02ea62

SHA1
8c4783447b995300f27626a40469405a08102470

SHA256
78a2856fc937d763ec1b37babe6977ac888182b09376e97f07230dff31e0ef2b

SHA512
b5a5a10e424562af635ebedceddf1c8f68d868584aa882f7638b90cb614be6352146d9c132f1e9fdafa07d5ba4d5ab0f2b501f96633ae940471678ea8de4c872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
366KB

MD5
e6940bda64389c1fa2ae8e1727abe131

SHA1
1568647e5acd7835321d847024df3ffdf629e547

SHA256
eef5dd06cf622fb43ea42872bc616d956de98a3335861af84d35dbaf2ab32699

SHA512
91c07e84e5188336464ae9939bfc974d26b0c55d19542527bdcd3e9cac56d8c07655dc921acaa487ed993977a22a0f128dc3c6111273273ff1f637b20bb56fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
37KB

MD5
5873d4dc68262e39277991d929fa0226

SHA1
182eb3a0a6ee99ed84d7228e353705fd2605659a

SHA256
722960c9394405f7d8d0f48b91b49370e4880321c9d5445883aec7a2ca842ab4

SHA512
1ec06c216bfe254afbae0b16905d36adc31e666564f337eb260335ef2985b8c36f02999f93ab379293048226624a59832bfb1f2fa69d94a36c3ca2fdeebcdc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
edff034579e7216cec4f17c4a25dc896

SHA1
ceb81b5abec4f8c57082a3ae7662a73edf40259f

SHA256
5da4c64f6c1ff595779a560e215cd2511e21823b4e35d88f3ba90270d9244882

SHA512
ab2dcd1628a0d0cadf82eebd123526979e8cf0a2a62f08f1169d4c03b567eca705bd05a36e5ffa4f6c3df393753b03e3daa18122955dde08fd8e5b248694e810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
99c59b603e12ae38a2bbc5d4d70c673e

SHA1
50ed7bb3e9644989681562a48b68797c247c3c14

SHA256
0b68cf3fd9c7c7f0f42405091daa1dda71da4a1e92ba17dad29feb00b63ef45f

SHA512
70973ea531ed385b64a3d4cb5b42a9b1145ec884400da1d27f31f79b4597f611dc5d1e32281003132dd22bf74882a937fc504441e5280d055520bfca737cf157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
26KB

MD5
525579bebb76f28a5731e8606e80014c

SHA1
73b822370d96e8420a4cdeef1c40ed78a847d8b4

SHA256
f38998984e6b19271846322441f439e231836622e746a2f6577a8848e5eed503

SHA512
18219147fca7306220b6e8231ff85ebeb409c5cc512adff65c04437d0f99582751ccb24b531bbedf21f981c6955c044074a4405702c3a4fae3b9bf435018cc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
58KB

MD5
68d6a168f33a358f0daea04bf88dd350

SHA1
bb73acf698465d61b5f7d7655d53401c200fd325

SHA256
44b945ffb8cfbc877840604a1931f8926c9baeb8834d3b3ca1e620206d410c44

SHA512
4b573bbe483245b9388081c0278a8436225496ac6da4caa59edcf7222a2c4fe4e7b701f88a8327c313f901c463eac1fd5d102db0b0cd88eb6f893e30eb37d82a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
40KB

MD5
12d5219431489684ca5a2523dd5482f1

SHA1
daaa0decfac96a9b5d3c68a6ff392d974ead7d8d

SHA256
3e28f36c7980e56211a053f33a44634c5dd566ee3f3c12ef2a4e0833e0301810

SHA512
964ce41c4c2d702b523ad588bcd300972ca0156fecfb0d7838647ee5a9e14e522b6d5b52b400b4897f064ebe93cd846b7eba408e4df9b015f453118985b9390a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
87KB

MD5
65b0f915e780d51aa0bca6313a034f32

SHA1
3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

SHA256
27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

SHA512
e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
107KB

MD5
299ca95cc038a95290e1110e037c96fa

SHA1
cb9cbfd904623ab7287bb019c0eb0c48bfe5a4e2

SHA256
9847c0208b4c74a399438b062467820f9023534a5358fa5d6b28a4b0c18d033d

SHA512
6b61806258b2a02aa968c0ce55429adf5727af4420547532c9db10ae832f1e3abbf70d08f6c69e590d1823b6699685b0c153314ce113bf85d346f4dba0c97cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
16KB

MD5
cd4e82b46e4da434142a43b103c70d82

SHA1
c90880a374cca87c8db41b629e803cba3412f14b

SHA256
7fac6df5eda28d747100a7de800f01581d46fc81adfb53e5f6597e81ced06613

SHA512
89d38702ed8b7eef95f287012b3de691cca0c191c673ecb7be8aff9481f38e6669ff9b3b422b4e92b1d4bebac4d4e67811cde421b422728930c75962f989a6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
d42698bf573c7d1a0fc3f65f930aa254

SHA1
04069844a7f19ad708ecdd25c65c0cef5216d1fd

SHA256
3c7143562e8ba435e3d88f95667007f7b8d51232a8b1f4c82ccd25955c99d760

SHA512
ce93de1620d5efae1f6ff77b3f98db04be3c5723a4a715a1b575d19454fe0d786edcec0b0d60183eeb29423473d33b8eea0a72088ca4a9f8ab18cb3b4dd1c7b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0

Filesize
5KB

MD5
6f8ddbedc9e1faa50077e144358b00d2

SHA1
0e12b90bbeed90a8f29ba8870d43e3ae0170dc1a

SHA256
32606566c1e07283bf79e96c82c28b5b7baaebf774b6720af60eaf18bc8d8a38

SHA512
b7a18b5d3114c4189de818584558fff60df5c335deb939730341c72673ed495989dbd8afd6022cb155d09537fd46f456882021132d6b17f1e23f5ea315e8af7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
cf39ca0ecddd73a2d820e71138b893fa

SHA1
33efdd781781861a467d7d5e2516ff8932c5580a

SHA256
de88dac91487f04816968a29768dabde18399ff6485dd14304616ee43e9ff2e7

SHA512
bf37a5120c0865aaa6d9a3d0d5352562c2d831065a93161739598319357ff5ac3024451180f365e9e54fa7e50364214390b75e2f4597c84dbe7becd7e10f6d3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c1297754243aa1b_0

Filesize
1KB

MD5
97205ce2868950c25a9fff1ae5c23c0d

SHA1
c3cb5ce043ad1914e4e856817bc27c89f332dd84

SHA256
593b7648c4995d08b4829cf19e9fd9abe422dd7a28f081cb79a604682fb36d33

SHA512
b9ee9a0ad947893d1bb530a582c7a5d05d9dbe13a02ccf9e423163298fbb2fe8523b69d7c0917c7a9db840b9b2ad12f16d0fd74398840d92bae04eaf60e552d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
f973d66a6337d17c404c939871695673

SHA1
03ca556001c9d88b0b4846164a1d310bab68b89b

SHA256
344f870cf1a75a6b6c3f9265eea0902a89d3c03e63f8eff50023d03a0dac8f0b

SHA512
eec43aee7b599f6a0afb10dedf63826bfa92a82f2807fc6cc4cdd21c5820f1455f8543ddd37af53beb8dacfa958abf1fd0e957ca01733a87870f1782bf85e28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
04063ed8d6caa244ed3337630223350b

SHA1
98e7b5da4e848692369854a2c90f896aafc6d8b6

SHA256
a5dcb389334183df7aec06bd8a731816ddc53183c718e41510b1697e9deb02f2

SHA512
6945d86b0dee27f270442c0f96be4690da0b231281ee58386c453ab7e83f496e65c428aa0f336313ba6e80df8f9ad736d5d4ef411be815ae99660929cc57609d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
d46e94f7c926dd2ed91fe55011165392

SHA1
37150fb2cbc68902650e6f5a9af2949f9b16998f

SHA256
1190fd57296223903379b51ed2861904d68bfbffba80981cd8722c995c009ad7

SHA512
7474f45fe2630069a4605a274cd92ccf1587d37068749c68c820b9f7f4298bfd45703e81c1f8bbc9e2905c8173240fd436ba1d32a44702c31e190ded60f62d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
3e3832dc7051b5321929bf7a52a7527e

SHA1
8da4c7073e9b8ae15a81dc3240bd1eae95eb5d72

SHA256
be39af7fe67b7782c6aa6419c6f78b02a34afce77516daabe3d89e9ec19790e1

SHA512
c07c0ac65cdf0250f46e0510277d8ce307c325c10f72f96a5a941078be0d56a5fa08997932f30851f7965232db349e7ed397df1362ca63039f33fcd576fa9769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2f9a2fc02c20de3_0

Filesize
2KB

MD5
422295307ccccd073ee338a9765f02f6

SHA1
1e74704f9f73c398bcf35c781d796bfd09a76bfc

SHA256
73aa216bd98f4962b9e82cde2984be20a18233499bec5a5ddbb18ebdd9f09ba6

SHA512
e08b2f204c0691f05d5847561727aee910681806701187cc653564257816356afa53a52440ca47a073fde89442949f67b1eed734d4501a55e729662167fe8e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
780662c2ab06f8f6fb63547aee1e9417

SHA1
592743dbf2de960ffab9eda9d49e5c3a6ff14bf1

SHA256
59fd2e6ae60f004b3bd23ec193abc2644a5b40de172a442430cef954fa20ae1f

SHA512
b7f4567200e62ee7fe0af7a548cf8a7fc5222b70a830eafb0d26eb4760eaacdb3750c90d2e6ecb6e2a2b6c4c7850704aed7075cfff09e48fcbdaaf37bc612f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
44c2d44e48f4f258c18c25d45ed20a78

SHA1
778b8dd9cacd83542606567fd95f3f3a2c652ba8

SHA256
d84aff9f787db7904a90fc2a46c08f26569e7b30526aaeee48cb17c5ec64db76

SHA512
2fb3352c992bb6a9a3f57265d8e0ecc70b8071b28222c345fdbedbe2a4a874d21ff8bcc93201a2711ce880e058679eeba7c50e663a699805602a37fe8a80c77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
72e703e32c6dff588f99b16f85e599a9

SHA1
570bb034cf1190f0a1e61b2ae3726abd7168e8dd

SHA256
ee48f02150b29a0b569ca774e0b39e9a079e20d9dbf61cbf540229f3466cf0d9

SHA512
3bd1384064df15c328e0d4d245e0e8c1289a6f4c473491a9b3a446901028f1cd779a8888d95cf60f0edd96a0200654114026142ba7612aa22fc03dbba7a70425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bc3607860461f33b3cf699a5f0d1ba12

SHA1
785c91a3f9dfe8ad6822b40e8fa0feb9c0f80ea2

SHA256
79206f3c57ae306c27b95f099953e70b7768555193e02efaa89bbd99f9f67243

SHA512
a1bb0831ca6936d2cf527cdf174d1485605d643ff0a70930b9b4e99c125b9e9d48f60e3557aff7bb974158a1d6fda97c29ba6ac5f7d1fce3a64c274c444e93cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9ec5ec08f92f37b93796d57cd1823c0c

SHA1
4b3cb7924667689c49401d2d245224275fb2490c

SHA256
58fa44421edc64b0d536bda7c06966fa1be19184d6211d73ad79eb68c03a1b6e

SHA512
25012d6da6e4122d4ed8e1ac5a03f75086711f3c00826092eb25de5bb42859d8a920517531eef58833c9ce81dce59cdf2eb350a61eaf9a3452d7e35eccf996e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
417ce847c90f6de34c3fbe065214f227

SHA1
d873d47c4ea079bef5daca9eeb13c466f1080615

SHA256
2a3dbd57b72fce1c48d946afb8a867790d88c87d764cf4fdba2bd27ca00bc79e

SHA512
2ce54f5a55ef3bd1520012a06dbdb1aec1c9731cd71469beb971b7fb2e6eca3b30161ddf7b2ebd327618cdc9d537f87d243433be1534098875f9f8ea19c5af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0ae42641a47ba9e37b8cc2d1fafdde59

SHA1
744561795964efb0ec8b6fb5ebcfbd1d9ac0b354

SHA256
1e795fbc578b735e4e893f8ba37a5ddd1bf9e67b929e7cf25fbdef23e85a1541

SHA512
c8bee2a97bf5f32a29262315fdb66f2c58e84751cb04e5bdd5d604863cb13213342f3cc08193fde6ead1781e69b24d849c17b296ad4f5782544dfec696ce973e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7557aaf155d3b04d146d01a8c95eb6f2

SHA1
d8507361999a6ef8859e43f0c053777ffb3cae88

SHA256
2285cb5b26c35bf1f8a0bc72b82a14861f2c6529c99b80dfa86d196251bc4816

SHA512
b1c265b91d979f632818647c762cf1f793652fede45b4d0aa7326727102015d2f8bfea6cddd387a9b771c93a38570170aa16b5fd0cc786b4bdc490d4f8e1f0fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b4f9037079e522fed3605edc691064cc

SHA1
af00297f686ec7dd0df85c42f20f5b0cda7b10e1

SHA256
8448d7002162b9da3fbf866506ed7f1bffbd0d0245b7ebb3bfcae2ec27b64135

SHA512
6eb9ee6753e52a68db94096b11c36443f4086cbdb9df32356b7e5475c120271a6a50143ad15cbe6896cdfe555583e15d02f4d6ae93bc295ae78990e615f5c555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4ac070c9e7bc6dbae51d1912b007a26c

SHA1
ff8385664109a6f2b9e2d9ecdb28fbe6d1ae471c

SHA256
0430ee0877c7c9608ab7e2a45aafad89c35382b3fbf494072a9ab04e3874f8f2

SHA512
f658731fcd1f1afe0edbd966ba2c30c2c75b1038eba400940f90ad35aa66e6f8a788dabcb83485d7b7b2855776600ec4c3d1ddc12b45874a12ff428dd386c7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8ac8ef6c92fa9241534c15780e1e9589

SHA1
d7c8db15f98658bd9e6701d67bbf6c26b5d3b63f

SHA256
144f6a9ca689fbced1d2b720022941a7241f56720a7de3dd1689388bd5798b99

SHA512
adc5fd873e05917fc101e9077bac1dd66b8060c6bbb1de1a265397c8e03570701793e8857469eb8e2fbaa75b18fd8d1b8bf7c1f1387d369bf51ee81ddb99a72a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2f641d434d776b6c8d50c088c5b15125

SHA1
893e231ab1ae1849bfe083f82235a012516c4e71

SHA256
c7fd0ce716837b149246551a59c91c10248fab65d14fde023964d3365b6c34cb

SHA512
76406d7ee57a260bcd27f8050edd027a394c78705f5b4e14447fa8ea0215a9105cfc7a6e460a9577709031bcdfb286d60bf014a20674306631698fe3b1b017b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d04dee6f04859daffb28731dc7492cf3

SHA1
f52da8d5eef321e239c5b4dbbd47da03313ec15f

SHA256
d2501eb0d9ce3fd5ecf1473d95613e12a44a2924c6c1ae33184847dc56cbb882

SHA512
8669906bc4aa73378c1774437a052e61dfaea72099d0144f6fc8916965b97517e57d0f61e414be68923e87697d7f69e3f9f5fa1a56cb20928fa307a89af8c415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
77f3f58ccabc79e2cfbdd6ad26ad157e

SHA1
8b97bd059404e7e1234c06c26c37f4e0a34730b9

SHA256
15bd87bdf8ea59abeb0517261475a5f71be4bd9121f0fd92ef5bcde9634fcce4

SHA512
9792d9ca938d51a6ab545a7c4a3d258a227c02f4da548244c0fc29f8edf8869a98e75a0a9680434e2d8786ccb919a54cc447d387c9ae4a491d8bc842dfb4f62a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e38353c83d17c199fa2bc2e5c61ec0ec

SHA1
b3233c2b39c72f375b36880f4f837ef043e13af7

SHA256
07afc34eff675368d5c7e7994c95335363799d60e7d3774cdf3ef453123ba6d2

SHA512
7a57e94809786b31a8b4f348320e45344c756d14b22180352e6deab9a70cc85163b306c9532cb1e29a624d3ed152691d3b963f8d499bc3ed13b93a9295ba9b9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f7bc4d9654dd40f690f64e27dc7bbebf

SHA1
1dcef41217e04af9d27af1dd24c15b37a06e1cea

SHA256
94b1a6a9ba41dfe536868d9c4242ac28897767e2213878b4272d577f1977d4ac

SHA512
85e1158a18a12bdc637c2a4b407553f26faca25f75f3aa9fe4b127cbb471dc0b3c963bef5daaf691e87e6168155eff9328cdfde5fab182fbf4f791ef70f25dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b254bbd454e89af89ee51a42cfdc016

SHA1
1ce4286b219cdf76b1908b758c84adfc48771a0d

SHA256
a1a2781a91cebc42bc71dc7aa5da27070e6b06b9dbcb34fc72c1a4c72cfcfaf4

SHA512
7ba437518244fc8363f11cffe1ad8a7cad8ab7c1fc8cb4efba48212ef9c3751a0a3f49f4b5da9ce61b3527c2168e2f7fc25849748ca37dafc4dde74f55167076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
12e3fc43e373fa167a1f0d6e242e04ed

SHA1
3624df59c1f732e2d11be79f904e127c3b5c3fd6

SHA256
e90a09a2bb547826dd530e126f9acce0373df799265316178db0fefd8ccf5e1d

SHA512
67b89eeba211a7042f24f1cab50eba0970ff04ca96e4d0fcdc6ce70865f2264aaffe6f38f4d37872905734dbadb51b55c0cf214446f42e657e3f3b91fb0a48dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cf8ed704635bf805ace08e2c1f2aef6

SHA1
ce4afb50d041252b1ddc7f56ad8e7666f0fb47b3

SHA256
becfca76e5563b5443ea84f6066b0961d0c7b985bce42a1aedef40fdb924c466

SHA512
31ec92f81f64f04c79b49c0c8ff0d1d8c1c7ea667c9fa4b708cbb9458763663be27eb95644f95dc18a8a29430a086ebde91164b717b71375c695339d4840c0a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe1405ece3ef0aef8b5d1e2a2470066e

SHA1
c2b0347baa443a78260f1c30ef83d98211ef2dd2

SHA256
744f68d39cfcead948cca34ec7884680a2d10786887a0f73e103581a60f69245

SHA512
dd9dfb6003cdc87a8dcaf0e9bdc68a52636c6972b88193ab8cc3aeca740806e9e65c9da25e9507b51f42e6e9f49aa9d52c8c7253a9390f6bf90aa7eeb1f01295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a25c207b4598d9c6ad53002cb3234d38

SHA1
483e7e3a10b4fbeb36fe8477ed3735b51da3c890

SHA256
5bfb28f801858a2e76a8b970554e3952719d9912c5e1f6e5afaa0bf7c6e0c00a

SHA512
ec16011c1a5a7d2904087c5c7b03ed238658cdb39c3379252a4abcfab40a81515dd4038f01d5b579dee2768c222ddcfce26ebd7d32893fc05c9b3cde70ee06fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96603e4983d7a9bdaceccb69cfd7a83e

SHA1
d7f51c23375bdb56379cbe9b856027a3ebc1df23

SHA256
3594c6e4ee78a223a0febd6b3305f7bfd7489f3757b6c590af67d9996e7ceb52

SHA512
03e3c9ba1e31ae7053931eba410387c4a980c3624dcbe3e04938a681d11202879fe6aaab6f864819bf7ee776edbf6635a45b67279bdc33c925885adf19d022db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1292508f6664dea3b5e5db09a72c792

SHA1
05a7c78f253c4b309ddc98a393393d68f6e765c0

SHA256
2c7b5bb1d3bc3e42a904282c6c26c186f9e75608bccb0eeb31782bcce6bf1d6a

SHA512
684ae2c6bc1f94971a1c4f46c59a7c90c573ca99631949e18eb5db569be81ba3b84bac8c520ed21a7ee95bafb320ec4d286e387bab21010670b686da2411088d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
459835c1a67f74ad66e188f3e9b7e887

SHA1
7560ab2bb6af4c3fa6496b0a7528d867615b0630

SHA256
f8f4bb9c84970d3c7b7a58cf60f85dc55fb667863233b7dfa65d546229dc6660

SHA512
bab698ac2d6ae9f30e6298f6d198134bc6704fdbc20d98757d5295ce103444ab463ac3061e407969ece7b3d990e927ccac3449a269c3dad3cd1a6af52acb1f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f746f5ddad1a2611cdd439356e1caac

SHA1
cdd85bfc6481caad1adb864c50815f18dea28912

SHA256
8ca8ee29c949c3169dd36beec5e98c7767aea8cfa27f9cdee99ff6af020baa6a

SHA512
3f7043da9b75ed3bef7655f3521fc5d5a5f2d923bbbd13652d3d5cb57b8e67824477a58dafb1b5a48a7841f2133ec93965a421566e368d1fdff70ea675e44e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd5eea44360061a4f9d269308ef030df

SHA1
7744aee549acac1a21f6c82f08e0094bf9246d71

SHA256
69d04d02c4d2ac34ff2a01af8e83a8af889974c37a0a278867c6228e5680dc8f

SHA512
fac9bf5e76c1773585afa0ffa1fb55e6922f8a14a14961617ecd563db80d7a8d862be654241cfdc51d679cd3c6f27f6855f7563716b4fc2e31fd289fdde40d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4edce3170bc0de50c023fc8fe341aafe

SHA1
040f9f78d2d9b6f64fc6b06e0fa54c934e0b8799

SHA256
a5b018abe3dafad5e9712da5612096baf6a66e9422f4b2e55e1cca86214d2db6

SHA512
5be39bc21571465f60ddc1b5d145b7fa802f9fa9dd0f037dccee3a1d5e947227250a1c9e95a6e700e911fcea97aa1169a553a97a3ebfb7ed221674b03bd16f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
873798aae2d6f12f8589ee5831352312

SHA1
d578bef2a6a54268d1fe4a40bfd7455e3dcbe712

SHA256
b942b03f7799319c57bdb8c5baffdedb33425f11f73f1c1758b1d3692488796b

SHA512
f16dc385af4a274c0466f41c1af53f29aee6e088e8c8a386a5f3475d96a060c60887c3f8e3bff55d793d1c8e7315e3b6f639e37bfa650fd0c29c67813868c422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ccccb6d8432eefe140465b8c0536999f

SHA1
2626548da5f60fcc60643ca8b963f322bfa6a74b

SHA256
2b097da7c77573af987fbe62ec0d0dd58ee3988ba9e91fb1e4c4406e89efcc90

SHA512
078bd05002b73e73271a3aa9dd196874bac629f3ef6e121ba20c207eea763594e46f98b8abffaf14327982941a46d916681602ea4a536817237475ad4c86f73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d8bb5682588fd7d20d40245e973c6d66

SHA1
1e497687d22b7862c05e6a7df54cb030d329eabd

SHA256
8af52cf902a694347944b88aa57e158905eb10005d35d5efc8c2b348aeba072c

SHA512
3cf0462156f090023e484d88e90922cb6611493ca16b05229a6b5f82804f20ff04690ff479e6327954a3e04845bcac97111fa2479bd10f98f78abe6670038495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0bb1ee3c3e8e1bccf2a0d89c94cd0fa2

SHA1
8b72dc336c5b7aee078d715975aa11f5cda54793

SHA256
5210aadc94852fab5ea11d60de3327834a59fc1a5ed7b0967828b8804e65cb43

SHA512
101a6e36f5286dd438f0cd13c8ab6167b99837c2ba4b20b75d6e7d4b5dd21de4b77f3332ebba027741ae4f40f083df5d3bfcb42e8f1a9c385bca13f51490fc87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3df5a6580f72d46639cb36b0f3ab39ac

SHA1
d4ee9afa404362c2eb7dcefc8cf1e7c52bba2d95

SHA256
72e01d40933fbb1b6f39b327babecee2322487e2cc0e2b8bb1d83c18c3566172

SHA512
023150d83130cbecb62c79360423d0f55616786737638fd3337d54f6e7abf6d03d3d6bc76feddac62018c991c50a1e3f4bc920bf81bc61315c686d04a0011acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
376bf6a99d9fd6246679d9109c0a6fc6

SHA1
535f06b4bcc3ee723b04fe41850902995c4702a3

SHA256
ebfbb95daf5d72782a089344f6ebbfd808802d1362f10117c063110ca4ff06ef

SHA512
66822a6e9875132d5dadeffa5060589acd8b25eca1ca0532de3c4b1aa0aa307445bbac5e7804e703203e28ba559aefde57b5c4cf3ec2bf323e1cb578f69f6cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c4f.TMP

Filesize
1KB

MD5
17f4d2cb59c13c56596d734021cc7891

SHA1
247ef3e486979e8c484496cdb9aa007170b31048

SHA256
e819912d706c4407aad1cc4e3fd269929c365f4782d4b73c585371bb6b31cd75

SHA512
7423f6c8706c9256fbf292b8939e22580a890db602d27a0ba0bd228ea857e02eddf20527d26c05bbf9f1145e182f272ba4ad48ec450d8bd29f90c6a4f1f64459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cac3152c-dfff-4998-bdd0-52e4b12e820b.tmp

Filesize
1KB

MD5
01668ff87cb4f60aa453e620714929cd

SHA1
0934cc0170b98c91bfb658a0c967a761a743da86

SHA256
9c3415d6f5c7b1567524ed83b9ce890f3c087487bda9474cf10a08033f6542b4

SHA512
76c470317d93d0d24a8a5ffdd9b077063d11b573afe809245616866df072790ee743c8dd2bd983925185c46c75cbf8fa1bfd3bc3e747d195d0e6dbebbb3e4969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e32c177409de6122b1605163a8545afd

SHA1
3c35a7c6318b475d111131d809cb411b7d2b5b84

SHA256
cdb100079214e80e65b520636364251f1923364c6241d9091a2486a1c0bc5123

SHA512
371f5b1c0ee07bacfe44d97d1807d62f0ddb96f3245e16e11f8009cb2e4796481e62ad373669894b444e790d0d7a1badfa497633770ad6c45a0c378905577443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08a399c160ffc86c8dff75463aefc560

SHA1
ab24d57eeb3433704399eaa8d0fa85ea00ee9def

SHA256
13d752eb44c8a072a633b88c789a85ba43bd3785db04e9d4e3bf6d472942cdb9

SHA512
51b6a4b123f84a5eb7bb2d238809af493f06bb8f20c1691535ef43629f6c62da931c52bdd98cef44eb17202cf3f292013d36e1866fc3cb4912936f5b125a99b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c5a2cdc9fc4095ccc60cc658f3b539d4

SHA1
43efe01bb6b215a245755131bf9263a1aea8bdb4

SHA256
a7429a419adc6c7f6bb158a8400ddc2ad5668595fa5ca37c0f40b846fd173a96

SHA512
f04e2aeb3ec7f788614cb7f32f6a23a85390fd2b307a6a439908951a65c845546ba084a44da2381c8238de6f3d237e4dda294f51cd6f1ba3f2615e6bc63d8f18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
69bace7f1b8d752089e0c718e11496a9

SHA1
4acb2cc22625a847590fdfd25b0d39d93bf0097b

SHA256
40d27e21a4549650156e49f312e1696ce47fed9c9f8fd9be8e55353754266019

SHA512
d7c82d8162291ad01a4dadafc33aa63d6b502e287143d6e7397e5c62964c9a053fc7660dd0f4b85b595b65b961bd1123ebd2e985a43fe94082d6f79ac562c98a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
30257d3bcf648506129e2f5e3ca51dc0

SHA1
2122605b8f9f97713ac04612ffe6cd892bf566d4

SHA256
6fab99ed5d4a06e2f8234426a943376063543da2755eaf1165ea030e4d4cfc3e

SHA512
bd5cdc61fe42df0512155c7677b07968885d40c7b4652edceee3275d89b2ea1308e86607cc64a9b4d60fdd03dc4f0788c226beb7c884b8f52f08dbd85a923b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
317b20c401eec08a67add65eea8f5cd0

SHA1
c2782a7a102776f238e378edfa77f1c056d5ba05

SHA256
f5a86c0aa38ff1ee7598b2c86755ac4c9b44d335ef55b7d33684e5863226f2ad

SHA512
dee92acfdf5cb6bf7f7d7d0b1bb6742b8599be5a580b56e52b95fbbc41106e9bc8b49e9b507b51ee3b841ffc2edba5abdb75a0b8c179245a2bb2ecbe3a55539e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0b580b53afa457f838d5d4043bbafc9a

SHA1
061f71495c20c9942bce33b855341937487b0a10

SHA256
2f98cad4db54c5596687d5c1153b1d53a0092c1c6d6d5284eea8d64f57b62238

SHA512
78b94c94f07e31842438e05f6df0d5afdaa98de18484178e4650a40ed02d1a2518ce21759f09240d50ace4cf852c8d0bad17f68fcbdad5bb37d9080cb85ea478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55067454faee76c96b359d2346234f7f

SHA1
f7be96ce8799e46240df6379ec15e20d5dfccada

SHA256
b30332ba1fc48b4761e07dce9a7249381b7335427b5436f62693355c86284984

SHA512
ef7fe500e7d713fb5acdce1635818f40618b1a8c4b542c1231b5c5b161c14b14c610e4f9fc1591c18d5b5b628d6435569a222445e0fe67d3cbb90fbf946a1cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
21151c59e77cf964c5e1e529056dc634

SHA1
5abc14d065632ca1b45f0271f7155e08371a7232

SHA256
c61bd24b2d4facc6c958a9a70c4f02bd91ca9312d5cc6588545efcc8998b3aea

SHA512
1f63b2a4331fa8f2694464e8a74ec31e696c31efdb38cfed8c79e739b9d8f4e6178d3dcfcd2efd1c23c0ac570824a510faf58119b2b52f035b63d40b36d89ed4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
847a64ce22adca83e091e5403ef844ed

SHA1
f2cf8559f0eba3d237cee1162b811613d2a0c308

SHA256
1db255895b125edbed50b5296edafaf303dde2b93a600313b6a1aa61f9ec2b88

SHA512
94abff56e498bfd7af0e72a652a0b03d29cbe7d0322f43cb8fa4182cfa829ec6d608c5bb3f6deaaf1dcaae764c90036beedb503109c8080999dfaf2d6a2e9de6

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
96329c73cc49cd960e2485210d01c4d2

SHA1
a496b98ad2f2bbf26687b5b7794a26aa4470148e

SHA256
4c159cab6c9ef5ff39e6141b0ccb5b8c6251a3d637520609dfbdd852fa94d466

SHA512
e98736a879cad24c693d6c5939654b2fd25bf9d348f738668624214f22d541a9b781c967201ab2d43cbac9207946824a0299d482485f4b63c48d5d2a839e5baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp29BA.tmp

Filesize
1KB

MD5
ce7ce65b3c9a3955ac1be8a2fe937132

SHA1
59388917fe4a57ef364b7b0d58222dce3a11012d

SHA256
257c14826def0ee338e5b0572fb04aba16cf876e27ab120d2b37b5fcdb28d194

SHA512
c7b3f8b8ffcfcfa43092af1975273d62e9af59433ccbbe5cc71edce31f3b74825fce62ff427b794d1252d238bfbd90526cfb6cd4f21bd6576bc7fe778b83e3c9

Download Submit
C:\Users\Admin\Desktop\ConnectSend.exe

Filesize
45KB

MD5
e069304f72f1993e3a4227b5fb5337a1

SHA1
131c2b3eb9afb6a806610567fe846a09d60b5115

SHA256
5d00cfc66ae11f68bae4ac8e5a0f07158dae6bfd4ea34035b8c7c4e3be70f2c5

SHA512
26f18e40b1d4d97d997815fe3921af11f8e75e99a9386bbe39fb8820af1cbe4e9f41d3328b6a051f1d63a4dfff5b674a0abafae975f848df4272aa036771e2e9

Download Submit
C:\Users\Admin\Desktop\spoofer.exe

Filesize
45KB

MD5
c970c845638d3f73db18a068e03fb379

SHA1
474c77a56c6c67654e6e8100bb1a31468f5be974

SHA256
e1814d9b3c37af355f44dd3d7472f80e964da3b5a5c7e82a1ad7382980dc0f29

SHA512
0ec1af07cb1bdebbb7f517786511d4dcef2d3f09b26aaa8e8308e833949ba99a62af0755c1ba253919443f903dd8fb9cb0ea9f1bfd3fbec3486fac52464b647e

Download Submit
C:\Users\Admin\Downloads\Release.zip

Filesize
6.4MB

MD5
89661a9ff6de529497fec56a112bf75e

SHA1
2dd31a19489f4d7c562b647f69117e31b894b5c3

SHA256
e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

SHA512
33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

Download Submit
C:\Users\Admin\Downloads\Release\Config.json

Filesize
458B

MD5
5c75c56cf5765b42fb6fe056b8ee9b45

SHA1
de8ea8fb1a5254e98e65d9beefb3690c567db6fc

SHA256
e0c395fa9d16760b4fe22235fda6f44da7b5eedd774f9856b07570b3448df349

SHA512
f1f3147aebb06f8e40643fe6c18406df3771d13a914da265a2369ce2adba6adfcbe46e91e04845ef1b2f249c5a94f22e637a430a8718ebb43cbf8c232cda2c6a

Download Submit
C:\Users\Admin\Downloads\Release\Config.json

Filesize
462B

MD5
583a319b6dea1f675f81b83860aba123

SHA1
0a5cbc4241fad250c83bc86f38622a79757c7159

SHA256
596290a83136810084638abe18dfe86ee2a576360406e57c9836a5c7b6b5b70f

SHA512
ceda8a041134f6deccc6eda77c336263249c94c6df2f7f0f3ceb6aa08b05b7c77ec707c5005dbb9116a3236c3350d25f3a2df07b2f0fc0ad0fd8af71fa2bca04

Download Submit
C:\Users\Admin\Downloads\Release\Config.json

Filesize
446B

MD5
82449d360753de6c1601de7b49b4e4d5

SHA1
e67a5f50b7fd156f41be19e183c8559fae8f09c8

SHA256
0d2cbe6e311e29330eb55db68d8be1fd909c3441ec4baa355b9173b5ce81fa12

SHA512
54a57a38a7bef265b2a33c4cdd67db60c6f2daa8799030c16415e182e8f3dadc2d75fe1b1472e882c9278a531b8ea86c2c71c61c1cdab46e95f5b7bd924cbc04

Download Submit
memory/3100-905-0x00000000007B0000-0x00000000007C2000-memory.dmp

Filesize
72KB

Download
memory/4048-411-0x0000000007660000-0x0000000007712000-memory.dmp

Filesize
712KB

Download
memory/4048-405-0x0000000004C50000-0x0000000004CE2000-memory.dmp

Filesize
584KB

Download
memory/4048-404-0x0000000005200000-0x00000000057A6000-memory.dmp

Filesize
5.6MB

Download
memory/4048-403-0x0000000000010000-0x0000000000212000-memory.dmp

Filesize
2.0MB

Download
memory/4048-406-0x0000000004B90000-0x0000000004B9A000-memory.dmp

Filesize
40KB

Download
memory/4048-407-0x0000000004DA0000-0x0000000004DB4000-memory.dmp

Filesize
80KB

Download
memory/4048-408-0x00000000075C0000-0x00000000075DA000-memory.dmp

Filesize
104KB

Download
memory/4048-409-0x0000000005060000-0x0000000005072000-memory.dmp

Filesize
72KB

Download
memory/4048-410-0x00000000094D0000-0x00000000094F2000-memory.dmp

Filesize
136KB

Download
memory/4048-412-0x0000000007B30000-0x0000000007E87000-memory.dmp

Filesize
3.3MB

Download
memory/4048-424-0x0000000005EB0000-0x0000000005FD4000-memory.dmp

Filesize
1.1MB

Download
memory/4048-425-0x0000000006000000-0x000000000601A000-memory.dmp

Filesize
104KB

Download
memory/4916-446-0x0000000000750000-0x0000000000762000-memory.dmp

Filesize
72KB

Download
memory/5080-712-0x0000000005D40000-0x0000000005D54000-memory.dmp

Filesize
80KB

Download
memory/5080-713-0x0000000008060000-0x0000000008072000-memory.dmp

Filesize
72KB

Download
memory/5080-715-0x00000000081C0000-0x0000000008517000-memory.dmp

Filesize
3.3MB

Download