xenorat | hxxps://gofile[.]io/d/IQx5ik

Analysis

max time kernel
299s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-02-2025 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/IQx5ik

Score

10^/10

xenorat discovery rat spyware stealer trojan

Malware Config

Extracted

Family

xenorat

82.8.90.170

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
6606
startup_name
test

Signatures

Detect XenoRat Payload 7 IoCs

resource	yara_rule
behavioral1/files/0x0008000000023c2d-66.dat	family_xenorat
behavioral1/memory/2608-103-0x0000000000390000-0x00000000003A2000-memory.dmp	family_xenorat
behavioral1/memory/4860-149-0x00000000055B0000-0x00000000055BC000-memory.dmp	family_xenorat
behavioral1/memory/5344-159-0x0000000005E80000-0x0000000005E92000-memory.dmp	family_xenorat
behavioral1/memory/5344-200-0x0000000006090000-0x0000000006112000-memory.dmp	family_xenorat
behavioral1/memory/5344-201-0x00000000059F0000-0x0000000005AEA000-memory.dmp	family_xenorat
behavioral1/memory/3780-273-0x0000000005C50000-0x0000000005C5A000-memory.dmp	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Xenorat family
xenorat

Downloads MZ/PE file 1 IoCs

flow	pid	Process
32	4496	msedge.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Xeno version 1.4.4.exe

Executes dropped EXE 4 IoCs

pid	Process
2608	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
3780	Xeno version 1.4.4.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno version 1.4.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno version 1.4.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno version 1.4.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno version 1.4.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133832684881465256"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\XenoManager\Xeno version 1.4.4.exe\:SmartScreen:$DATA	Xeno version 1.4.4.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 52297.crdownload:SmartScreen	msedge.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1652	schtasks.exe
5496	schtasks.exe
5724	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4488	msedge.exe
4488	msedge.exe
3204	identity_helper.exe
3204	identity_helper.exe
1440	msedge.exe
1440	msedge.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
4860	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4860	Xeno version 1.4.4.exe
5344	Xeno version 1.4.4.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4860	Xeno version 1.4.4.exe
Token: SeDebugPrivilege	5344	Xeno version 1.4.4.exe
Token: 33	6104	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6104	AUDIODG.EXE
Token: SeDebugPrivilege	3780	Xeno version 1.4.4.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4860	Xeno version 1.4.4.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 4968	4488	msedge.exe	82
PID 4488 wrote to memory of 4968	4488	msedge.exe	82
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 2540	4488	msedge.exe	83
PID 4488 wrote to memory of 4496	4488	msedge.exe	84
PID 4488 wrote to memory of 4496	4488	msedge.exe	84
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85
PID 4488 wrote to memory of 4576	4488	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/IQx5ik
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff994ef46f8,0x7ff994ef4708,0x7ff994ef4718
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3272
- C:\Users\Admin\Downloads\Xeno version 1.4.4.exe
  "C:\Users\Admin\Downloads\Xeno version 1.4.4.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:2608
- - C:\Users\Admin\AppData\Roaming\XenoManager\Xeno version 1.4.4.exe
    "C:\Users\Admin\AppData\Roaming\XenoManager\Xeno version 1.4.4.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4860
  - - C:\Windows\SysWOW64\schtasks.exe
      "schtasks.exe" /Create /TN "test" /XML "C:\Users\Admin\AppData\Local\Temp\tmp683.tmp" /F
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,743757052709908978,8683726127034807556,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 /prefetch:2
  2⤵
  PID:2176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:448

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5188

C:\Users\Admin\Downloads\Xeno version 1.4.4.exe
"C:\Users\Admin\Downloads\Xeno version 1.4.4.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:5344
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /Create /TN "test" /XML "C:\Users\Admin\AppData\Local\Temp\tmp3275.tmp" /F
  2⤵
  - System Location Discovery: System Language Discovery
  - Scheduled Task/Job: Scheduled Task
  PID:5496

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6104

C:\Users\Admin\Downloads\Xeno version 1.4.4.exe
"C:\Users\Admin\Downloads\Xeno version 1.4.4.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3780
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /Create /TN "test" /XML "C:\Users\Admin\AppData\Local\Temp\tmpBD1C.tmp" /F
  2⤵
  - System Location Discovery: System Language Discovery
  - Scheduled Task/Job: Scheduled Task
  PID:5724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff984a5cc40,0x7ff984a5cc4c,0x7ff984a5cc58
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3332,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4912,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5216,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5332,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5328,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5368,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:2
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5532,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4532,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3388,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4088,i,166236626040409164,7863629287103359286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2396

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
40812be9517827d62418a62c42071120

SHA1
2410ff54c4e84dabb4a657aa2f6141469d53c262

SHA256
e35c2bc8e9e49f445a9841de4667ffa56067e661795ece9eb2e01da775ca1c31

SHA512
5249ed588188cbaead9e060dc42b4ea1949104121bf496b51a771192a34d1018ba163ab2d7a0ab82ae299177262c5ac914786b3a797aab4da76880a25742957f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f32d1e022c652d23d59aa483a66f070

SHA1
2c2730f7b456db6602abb45d88350fae3d4083fe

SHA256
6beef5f0f7c1d7849e5f77ec8c0428941012f5770c2d8ac20a18089d87e835e9

SHA512
fd827b79980d9bb800bfd2690e7f34e1686a9de2df2c2f578a11c2f7e958a6cf9e78eaad4f906411353e41ae89f50cd9ec2ffe9ba25584d69c44ea406f8b8607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.86.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.86.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
128c3dda2a5db4cd94adfbc8369d485c

SHA1
fe30f95630515e7fe1c040d13aa5ed8697c9e117

SHA256
1158f1c690a172efc9e5f57d01add270e7f20ce068e76b5dd6a22f938a43cc05

SHA512
27fe14e9ecd3b46479777370ec57fdf25066f05ef0ec635219724c11afb33d9e5a9d8353430a1108267e58d4cd67cd7f3cd62e6ed7dc2e37c22c7dc60e707168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e69ed77e1be4e6569c5751da50f50e87

SHA1
511d684203281786d3ea43bac0e565b1d839833f

SHA256
bfffe1e2b91a8cf9b9ec230d423a076d86d8fe037966cc0ef65852cde519398d

SHA512
50cd50f1c0d7e0bd77ed6b1de1f66a19e22570908b23c6eebc6b03a92911c65f89b7dd70ed0ffb444256794f026565aaa622a969fb5989eff643ddc4a3ec34ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
944e81775f14d7190c15dd3ad2432b0f

SHA1
aea13cf5773e4c0dc789e7740a023a15b8bd1d8c

SHA256
c4050000397061c70ef6cc8ca6d01d79c7a0a0d5b65a1f6d7730d22b83a50b55

SHA512
b6976b213504e07f5e492248980e727bb7981dfc4d896327d562f0fca37e3e81ac0f10057c58808c8035ed95eba2129913d7839caf7b4cd23d25114f845849dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e60b5a9dddafb2db742e269464b730aa

SHA1
a19d7e7c237f22bd113f2347cf7bf0490e74ecae

SHA256
c3a67675e7c93e3d2f47e58270e296bec8cfb04b47d4ed4bff609f3fd4dab287

SHA512
6d812b51aeace0ccb2f4893961772d6371409ec1e5934d369e4d807198a54331f9c26b77a592019f07f320431d68e8df0e6039898ef25701557a41acc989545d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
68111874f85382bc786cf7c210d38653

SHA1
f536e0ca1f52a80ba28c8f247ef35f4ff60bc4db

SHA256
675360cd1f3db836e85d14c12e4992e9dfee295e13c7569e44981bd3da31a31d

SHA512
c1dfb6239ad0d0bd6067adabf8baee5cc058ceebe186c8201afdf2e7d5aac7edc96aab8d9b64e6be1bc3606412404f46dac8f99357e2306d78e696eacd0add50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd04553eb5806a315f8c768a170b6da7

SHA1
dfc15ff47f79efa680b6dcfc8bb6d51b12fcde16

SHA256
027b7680dd95be7e358fe0b6de75802c6cd0fed4eb754afb7897ba467bc4794f

SHA512
28cf17c0dfa39535febd388b48ae478e77f35ef774c1b4914fa92c218a50a822cd027ed5cde2ab41ab94b6c8c242c597f5e66862e83534431ed4d2dae2d4891e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2f64d69f4611d04750c1c1d32440da19

SHA1
a8b4064239b100518e2f57fc3552bbcba60e2db6

SHA256
ef45f24cf40f80050666411e7b20e2378c49f750550d9906663326560b04d787

SHA512
cfad78f422d5cb3501b191726bbb357d68734c17948d2ef8860a0d99f12cfc8a04b517c59d2b97ad7cb949d7df96be811616003fb5efbfbe2557027ec63247da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5465a7a2ceb534dc4d93c97ea833f53e

SHA1
6446f07450a63e789e81b3e751437061b865dfc3

SHA256
d42d80fe75f6ceda7d35abd3cb88c0719d27667ee9875212922e8b44344448a6

SHA512
8a5f95b10c177d27fc3e2e6e7e08830814186a85647ef88cc4137937978bfb25a117e51b442018841f9afbb38a26da9632b95436d53571219e2768e3eff2466d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0829b27a5c8ce83379b7cdcfd664e748

SHA1
9f61f0704ea7aa23cb36fdd8f73911474ff0b8e2

SHA256
0c82cc9a784e4be53af7541bd8d5f12f0a81c5138b55952532d4fbc95b44361b

SHA512
e5a10ac73599ac2bcad598bf7471ba9734fe269d63e66d1048fbc36d711dc8cf9e134834463c5e19803acd396e004310127c5aa45251c0ffb66bb515907cfe7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea5b2763272f991b257ef2e97d337c80

SHA1
da1bf7f9392cbbc15d280904fd435abd1873877e

SHA256
70af9780b3da762c7e9cdf4dc504eb1fbe5cbcaf0863de107dee90102be722ef

SHA512
130d1d7d4fe19011da292ee1d33dbd0b2da7d7b26f1d5a960d4964cf16815f1bc9879b97e16021b2bcd3c666bf3ff195b228afddf438fd8b3e108aba2e23c73e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3359a057830e19ed108be22621d3b708

SHA1
341d6b7940096b4c1127bc152d5890cfb09e3522

SHA256
7fb1c5ad27451622dca54619e67098a1418c02986818078596c7463341b29966

SHA512
f32bad0ab2be1af4378e2cd72668f8336443087470a6ebedeb67cea8abd774119a489a1c48bbc939c5daa7669f57d58f0bbafeef8dec3ac66e859623e5691b34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41cd9cb018140558008417f2edd300b8

SHA1
32f36e58eb4badbd8aad35b2fc74fe4f9c776f07

SHA256
67cba5d339666452b0005a9e609aa35eff6d60506d9022e4e50dfb4e755500b6

SHA512
95a8e0fe2094c1fea64ac6b70134b1c81c90fae842a20d34060fc8342c54cce6538c19a90e535d30068bebad879882a25a5bf635cdde3bd86b915285896136d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f6abb1b374c5c60ef786a11814d11b6

SHA1
f2ab2dd39b6cdec9f255fb6022c3c76cb4110806

SHA256
3759146a5763e6f2ffffbfdd3073b7acc13eb9f8ab3e87a910b4b098f319452f

SHA512
68f47eb3945ae83efd2bb72642f9249b4844853a830ee129967e11a3bc2c052f0224231994bb169f2ee88192502b8a96a929a6a816dbc5634bb7dd916c4e965a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
200476e7206f4e4ac3c03c364443ceb1

SHA1
59954d360768698836ff5e3b490cb2453e117663

SHA256
a3088b4f2b8c2b023a889630fd775eb2077e765c3866fa215163c568f165741f

SHA512
aeaf801f8ee3857d8dcecd8bbd53462fe29f82f02fd6c7f3af9b49f94497d67089e91c714a9f27130ec2b00cfd0ba2dc79805fc25d0cb797f6022a47376132a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2d0635819ae8d2a86b6331b8ef878609

SHA1
586e9291e9e63b9929c82d2e28f55db8a8facb4a

SHA256
d2f8e7cb9856e069cc02cb8c1922dc9ff0cffa7c8ea2e06852c2333e7d716ddb

SHA512
98a1850a2c1bc999400ec893ceaddd89a81006b00aaaa6e085227884bc95a7df74b7414181a3b9440561e7d68ac56e3efdd7870c140f8175c71deb2ec0605d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
39902b50ff91d8f5d1d1a7ab294bb13a

SHA1
777b44f1b167ef514a7c9d71873eaa5d856fecab

SHA256
b1ba921f53e4ac0be0548e46aa8202a100c007f8657887f930f998dade7df1b2

SHA512
f89a09e8cbdc2ec6987dfb0d15ce05caa55d752a97982d23fd75c627b968c078465a3b25c5a9ed0c38ecf6da77e74ca6aff5e3e5d7323352f668015463dc7134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
1704e0555aef46840027de09e47d534b

SHA1
964e3793edde322cee59db9ebd410299c7104a17

SHA256
ffce20fc64480cd5255c3999fafc12cc26addf4a4f56518e16d407c32bc36225

SHA512
4d1df6e44dbb125b2c9a664e6058b1468d6aaa26bdee55e141ca10940c658398179d5c9d226f977aa093058f65d5e49c2e83a3ff7e06f9368e67f10fac4358f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
18eca25a0d51f7fdc1bbd4f0efd892b3

SHA1
8ddf04f5d500fcc9c636e44adeeafb9c669da9a0

SHA256
353da1135f1c1e6bcb4d4e01cef450519c216da3cdc2412c21baaf3fdbfa8d20

SHA512
6e49ea80c4308a94d0194e9a52699a5857f05389721adc114ae9586c359efe3c2d9c41bc7039a6c2d28f1b42ceca49739b27f677f41ac421a1672992aeb3f34d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Xeno version 1.4.4.exe.log

Filesize
226B

MD5
916851e072fbabc4796d8916c5131092

SHA1
d48a602229a690c512d5fdaf4c8d77547a88e7a2

SHA256
7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

SHA512
07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e32eeb4c790b43d80cc70eaeedc7925c

SHA1
d512f57e7811e13d76fcc55cc53f8e3bfb5c50bc

SHA256
3dd6f9bd18095fa5dcb76e83016a6bb93a2584af955e162f0c5cd373a9a1345c

SHA512
5392631eef41eb4afb532a5290ef1db9d831055ec8ef52691dcfcc62e528c433eb5020f98d31ee83a48b7aabe63aeb2bf1cb58c5bc009b6632d6baf835ed39b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
55e25d9cc177148b675e931e4c03c9d7

SHA1
98a739a91d4f6fc062274e98c6c451c3161f7876

SHA256
a1c739971ea1d901ff7ed73f7f02fb994785f9dc0efedfa5f0951b0217a409d8

SHA512
51526b166a2eee76b605668e9cce775e28cfaa463ad8511c27b109e78e7aaeefab307acc52b680c998aa95b4c892c566ab2397093e00400e2330e8bd31eab565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
399B

MD5
25825d90d1b9ee75a7d57fe258d4e9ac

SHA1
049c359c016e3973f9656acfb730afc97b2c8a47

SHA256
abe59438ea9efc3795399242a90ad5d35b030080e1e0e5fa99cf0ea975608483

SHA512
7c60456d8960d18cfe0a3e35d9b8a2cf5a7ae6a15081362fc81eef4251cb75240f4496216d9458d07fffbdb4158e939da7a0c6954dc17230a70d496f2e3507d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
236f5b4dcbd567647417d96067763fd5

SHA1
ba088f97ae383024df0e147cc93600deb15b09a5

SHA256
0a392cd3d677d595d98a9170fd3791cee730730b042de3582cf128d1e3b60c4d

SHA512
a3aadf24af6cc67b7ba3ee05ff67740554a95aed1f13730d33f0300d6934ce05e560878c16ae0f7bd1076e10e27585085ab2b3a6e13cb3dbb18945446adced8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
babefefa475557949e9c22f988a21af2

SHA1
d78addf71c92b48a477f82cb65093d2e6a40c1ec

SHA256
75a29ba1f98958fb76137906dceaa797517faba39b60218f291613f072c1fcd5

SHA512
c6e98484133a7028056d64e6ed4e8b6262e59b82eec95d527ab393de72bc22754d010a121c9c6e0249b5db6dfd2119421c31cc2c9ebbada8b6e41b10f430891a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a05623040f8301c1ecc50a4c24e8f26a

SHA1
e30218b1fd83c34a445252f09a3095907da16ddf

SHA256
9e2fd601f10d16f69a0144f23402efaf23af52fc0702f6a4ed344981078419df

SHA512
d88e100967c3996fad02fd88b7598800b4c35568794a784fab26e52b4c78a0c86f19bea59d5129ee712389af49a69a7482067216cf2699ba9169a73368073d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
55dcef1c03893b8dc1e63b0da3335ab7

SHA1
1a3d0d22e19dea4bdc256ace5a9830ed0e40bfac

SHA256
3ecf3e008051ddf7da1793da3c63091d448d8038bb2a8ff3ce2f83ca690c115d

SHA512
21e747ce03f4800e7ff715277e0f3c63900ab94d205b2c435dc0597283b06806aff3f4fba5236878c44641a3053a6da048e94570a64b2bb569a87e52a8d9854b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f82e7a158865ba00d42167e61331add9

SHA1
9dde0f8503b34143bfa4b39faf474642ea536ff3

SHA256
4e06d74718a875722d2662c5f3d22c509e4e67b308ecf8d8c413f479836fb50c

SHA512
1cacd222fe83d9412a754fbb7de7680f0aeb8c271415835266c87afad1f27866babe2e6983e19d7c0575969f217a275be053f588d3603092705022b5ebfc4fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a8d91d5863d7316aa41a08f27dabb76c

SHA1
0a1e22da209aa0364629cdeec43a685e56bd8733

SHA256
3e1810595ca5ddec26b341f93a2b55f0d2ee3fac101f7ba14aba7cb26679ae0f

SHA512
e0ff02e33fc5321d39fb386c2f14713a1d2e9e9a77e92d35d3557cf217f48a10dbd65352bf9275242887c582c394bf72134e40ce2fe6cf101d88a7073e0d80ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
035dfdd54d8263ec5e4f2452c761f6ad

SHA1
d5779ce4110bf46dc6268819e07154ef8f0a00db

SHA256
4c0abe7cd25c302338d7e165af4e39c642cc8d631312f8669aff5580d5fdd079

SHA512
142867aa564a9dde0cc89665556d673bc8bc817f68caa71354dbf3134b49354d76b2f972851a85129db157fea09bee5b7cb241fe7cea0c8eb85eb6f00a46076b

Download Submit
C:\Users\Admin\AppData\Local\Temp\1ed43e87-e012-4c46-8668-471453bf921b.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\35krd44a.k0g

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\ecayc5gy.mcd

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2428_660062326\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2428_660062326\daf84fba-3f8c-4394-b144-ece9bb9f6174.tmp

Filesize
150KB

MD5
240cd355e89ec1f3566bb2ef1f361dad

SHA1
2ade60eb20f0fb16657a4fb024d207a931dc927f

SHA256
1f0388d23a4d8492e2f9839392b22a6957deae8750b60ff860ee939811594295

SHA512
961fe2017949d185761d8491ab4f7f2ec3b0562cfb6fef202c34d685a87f2ea032f53d653e4c1d492dff1fb43d738e7727985738c1a956a1a18aae77a3d7f3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3275.tmp

Filesize
1KB

MD5
c3b96743c058222e0e3938aa9077068c

SHA1
d7015cad709bf03c80e8a3a0c74a7e31bd8d0f6d

SHA256
ffa36d1dde88d8bbbcfa8e26bf3afac8b7a91a4a2706117a154da1536cfcf177

SHA512
e519912cb59a61b901130b1f46ab9b51a66506ab821c20dc0dda6b09879d8dbdbeb69013434d2ee0376ea61ab5bc2ef972c69a6d3ae6daef0388c02faa1c6ac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp683.tmp

Filesize
1KB

MD5
8304a94f530cec2083404818d4051572

SHA1
68a6ade3ed27cf19a923430771754ae944d4b9bb

SHA256
8355126b8384657d17027a3368b07b95790df2ee539fd067c53af8cc8460e34f

SHA512
003c1bb819bc6b04311127c852d5a90b047be07748d294f91e1f440de78145289281e848ffc8ec69ab5ae53f7b45880880587cb48fdf05e9efa8f5e5617a8c06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 52297.crdownload

Filesize
45KB

MD5
2b2512a583e56c31f0b0ce4a3df4234b

SHA1
f112332850be20c8da60b734d9f3a702d560c875

SHA256
68261af0336c1f172e4dd367f649944c502367cf913939efcdcea07ad0ccd8c9

SHA512
4abd324dd42a04bd569c282a9885432e676de9299b2e5327391806b81b9c51e6d6d59eb96b19a7af0535664ce7c4014b779e2d82ebcd21b0a489a2c306327c66

Download Submit
memory/2608-103-0x0000000000390000-0x00000000003A2000-memory.dmp

Filesize
72KB

Download
memory/3780-273-0x0000000005C50000-0x0000000005C5A000-memory.dmp

Filesize
40KB

Download
memory/4860-152-0x0000000005CE0000-0x0000000005CEA000-memory.dmp

Filesize
40KB

Download
memory/4860-147-0x00000000055D0000-0x0000000005636000-memory.dmp

Filesize
408KB

Download
memory/4860-149-0x00000000055B0000-0x00000000055BC000-memory.dmp

Filesize
48KB

Download
memory/4860-150-0x00000000061B0000-0x0000000006754000-memory.dmp

Filesize
5.6MB

Download
memory/4860-151-0x0000000005D00000-0x0000000005D92000-memory.dmp

Filesize
584KB

Download
memory/5344-205-0x0000000006F00000-0x000000000742C000-memory.dmp

Filesize
5.2MB

Download
memory/5344-159-0x0000000005E80000-0x0000000005E92000-memory.dmp

Filesize
72KB

Download
memory/5344-200-0x0000000006090000-0x0000000006112000-memory.dmp

Filesize
520KB

Download
memory/5344-201-0x00000000059F0000-0x0000000005AEA000-memory.dmp

Filesize
1000KB

Download
memory/5344-202-0x0000000006800000-0x00000000069C2000-memory.dmp

Filesize
1.8MB

Download
memory/5344-203-0x0000000006370000-0x00000000063C0000-memory.dmp

Filesize
320KB

Download
memory/5344-204-0x00000000066B0000-0x0000000006726000-memory.dmp

Filesize
472KB

Download
memory/5344-206-0x0000000006630000-0x000000000664E000-memory.dmp

Filesize
120KB

Download
memory/5344-208-0x0000000006A70000-0x0000000006B0C000-memory.dmp

Filesize
624KB

Download
memory/5344-219-0x0000000006C10000-0x0000000006E90000-memory.dmp

Filesize
2.5MB

Download