xenorat | hxxps://github[.]com/moom825/xeno-rat/releases/download/1[.]8[.]7/Release[.]zip

Analysis

max time kernel
178s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2025 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/xeno-rat/releases/download/1.8.7/Release.zip

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

localhost

Mutex

testing 123123

Attributes

delay
1000
install_path
nothingset
port
1234
startup_name
nothingset

Signatures

Detect XenoRat Payload 1 IoCs

resource	yara_rule
behavioral1/memory/2096-120-0x0000000000330000-0x0000000000342000-memory.dmp	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Xenorat family
xenorat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat server.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133833570171504841"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2211717155-842865201-3404093980-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
464	chrome.exe
464	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1020	xeno rat server.exe
1592	xeno rat server.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
464	chrome.exe
464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe
Token: SeShutdownPrivilege	464	chrome.exe
Token: SeCreatePagefilePrivilege	464	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe
464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 3456	464	chrome.exe	84
PID 464 wrote to memory of 3456	464	chrome.exe	84
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 2020	464	chrome.exe	85
PID 464 wrote to memory of 3824	464	chrome.exe	86
PID 464 wrote to memory of 3824	464	chrome.exe	86
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87
PID 464 wrote to memory of 2012	464	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/moom825/xeno-rat/releases/download/1.8.7/Release.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffec921cc40,0x7ffec921cc4c,0x7ffec921cc58
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,1135113973316805640,8851300515231753896,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,1135113973316805640,8851300515231753896,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,1135113973316805640,8851300515231753896,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,1135113973316805640,8851300515231753896,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,1135113973316805640,8851300515231753896,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,1135113973316805640,8851300515231753896,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3112,i,1135113973316805640,8851300515231753896,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4984,i,1135113973316805640,8851300515231753896,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3924

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1880

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1020

C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe
"C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2096

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0def57af-5cdd-4402-8c2c-80b3cc2e1631.tmp

Filesize
649B

MD5
38fc7e5075105ce84aca11194d3044cc

SHA1
e8560ef97591ee1e69ec68867915e0f1c485a212

SHA256
fc93a7ccc95fd71b67184d74cc88abfb37016ff0aac7cfd5fe045fb02185c981

SHA512
9935a442badb265acbb349dddfe7beb9c95c6341515b44fb1718fb330a20b1fc6811dc537bab31204877b8b9856e14b3fbba2e9642878b6fe7f71caf5cd361af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
953841db4c8b2d2894eae899b6726cb7

SHA1
0405310dea8539a31ba499138c6fa1c9ca4dc248

SHA256
2938535fdb39e244abfd8eabb74993ae9df410f5c3f0e857659ba4ab3e1c0131

SHA512
2f9be4e694777fc7ad69b24b44d6846fa3c3b71169a7939012c9d792fd1d3193921874df7470e3477c5e50bae17af9515c92c91dfc8e6bbd483060041603346e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
11d135d0463cb0d0ec99438f70aab04f

SHA1
cf8d9c929ebc68c13e88f79653e9e2f274524178

SHA256
9a4628f4f5b358da1764d70060140d1fb2c962f33e672b033dc27be993ac5093

SHA512
4aef0f1ce73c4bf89f76a02f32a2784781cb21cdfc9f155b87894698d601b6d4ec5964b566f19cf8b95d1aebe8db0aa4deb13df2fb4326fcc552bf4049029d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48c09c7923f1b864b9d37ade8d087bd9

SHA1
66ae6427aa63c890998997e7e0367587d1086c9b

SHA256
df32bc21801d26e7997e8f60b311e9573c5e50188e18b27e8c9efa475fd91a14

SHA512
0cc79eb6b7ec7382806315f5d22b6a063bf47ffee4d97fb9bab6d3fb18ea539bcdf064e34706fd14fe064b6117d34e2c48d178d1859e8abbce9b676cea6cd91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79ddbb72f9044b6c3eac919ee15d0cd5

SHA1
0dc85129144b24fcb06c9ba905af1068587af792

SHA256
9289850f0b412c2a9c5ecf81053dbf36b04558273d308b28ab27082ef948a2f7

SHA512
19e66326d23ce4afbd86d66d6508ef5f7017d7d3dd6c14da9c290df59ca53b228d4641ad6ae76983f4307f2458247484c6bfe8ff0c1fac85a343a58c5c300f4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2d5759eae7c819265e39bbc6afcd082f

SHA1
42b33a1efd81d351ff1851faf777043a0f1e94d3

SHA256
9ccf9d6a67a536ffc0dcf9ae161d952af4023385090ad411da6223c1a8adfb1a

SHA512
497c4e47c7acdcc15c8fbecb8d852dceaf013d2b971fb38ce99ada4f29d59807903806f75489fb6bc25e48fc39e36895fa467eab8c11658375dc4430068aa3a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a087d3f713fb9c1fc3f697b435e8893c

SHA1
0698c827156c18ca18d09e64c7218111e516ba1f

SHA256
c9da2af17356475a9792c6f162dca84124f94a3c4ceac42fed919f3c421433a8

SHA512
e4df328c00f452902dddfbf951ab1a66e77425b60fb0d6d325665e2ee6355218c56f9e7a3cec6123ec4beaa969078465ee708a8015f653bffba0fc35622b3cc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0c473bc45703d166e56fb382ec47551

SHA1
32ab98aabd6a26897d00fa0dac2a85dd686d212a

SHA256
f8355740a79398e074f1b36c22d088d7e62b5f066de0851fcd2bb9da63da3ac6

SHA512
329dc09ad9b5f110dd8763c19d8ab93574da5247e04b24fd9393a822ff48210259e413d1705213e34003974baf6d72054446ac6f3cf4587573b8f42552f15029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c3eb58ded79e27940b6977e8958a6c0

SHA1
4053a64b6f04fbfdc4337ca46e7e02dac6add288

SHA256
d9b3d115eea6b50909cf7cbd7be93ba398da883acfb046f8f2153e0f2c885007

SHA512
17bad1e132e8a579361ad79393d15f8b9a049bd899fdd113b10ba1b8593a21a987ff8cc05d2e69a2e565d3f59f17715182e308a7962594c3c61a170a50d38cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75242374f61fb5539c763f6bb6c8ffc2

SHA1
365869a0a34bdac5df55b91db07e46437682413d

SHA256
f4a704012ead384956278f544cf51b0ef8762812cc1cf16739ab32ca48c3dda9

SHA512
8dd2fe5257c72761e031c6adc27bba1b9bd35f831cb89e066387630702689dd705afe35a7c20cb88245a7e5694b35dba5ce31381db149fb93ccf97934f5644e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a649e0539dffbfab38174283891d934

SHA1
5ce1fb0c1aad2da358f1f21bf8eaf6d3fe3023c7

SHA256
13661299f3a5a14fea7de5f4c07905609c713c99edf3b7112ce80897d27509ea

SHA512
c82707e3c1dc824c4576965ec994cf8ba0e4e345c2bdf9018254d0f15f21535dd55b2f1210ea6272cb8739d48bd6098f7ee0c79c38e1db08b7e0c22c706da0f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08b4b9b03bdabe3a894babb3c9ad30fd

SHA1
97917923d75b579ef51ce51f2aecc687831b42ad

SHA256
4ca60e1f9d709e1c1fc3ad703280534134f1a331d239f26be0bf2134e0072e8f

SHA512
1dce5de3837395c1baf208d2fbb1e1d7bad81049723d651e3ab668153c5873cd8ced4182a63228e5199b15c266c707c2437d0a77ce88c7c4d1d2147e89ee21c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6b95c3383a804020bee98e080f2bb8d6

SHA1
2a614a2b6e49dde4c316233957655265d63ecd45

SHA256
a35af5cdc1b0632a3afa9299368f186fb51a26e31b4c5fcd76a2cda76252f1fd

SHA512
a05ac8718793779efb1bb44267b4e94e36343d8aea44c0b3e37fe221e6d21ff945ffe1bd2a98cb212b2041c24475747b20654a12ad3fb7c97c83fa497109dc81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a3d7da6a52f9cfeb9cf96973d8ceae1

SHA1
252f8fc698bdad0a9a1eca2ea73456be4fedeacb

SHA256
dcd1687e7488dc29a7a60e5d94b3c29a9618390bf44f72e1ef6e20836ed09e07

SHA512
add9af2bddaa3fda3684cfd89c07bf0cae313261b793a821e76e9b4d19d1144a455ad82c7a37b42f5297809cd1cae76194447e34e1f51ae294b0ee9e164fec44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
61252585bca3eed2a7ba603be04769a8

SHA1
b692528b327abc2d06c3a73731482ed204e836eb

SHA256
717c7f23c5173f2bd584ad7ec7d1ca94f9644890d4df885f2d42b3f4343413fe

SHA512
b7c4cd7070c0316b568e8b79894e1ffba05b625b434b43665f54850a4786bcd19f7a3f2032760fa0f401bac91bcf02aa4d2440f2e0183ec961552d96bf50f685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
a5c34f78739af09c87cd683485e9e34c

SHA1
77386b81c8917a41963bd221be1d96c11e52a9e4

SHA256
f32600a875c430fab0761507cc0ef73e4bf3d121c0267106e6cd1b60bc75dbb2

SHA512
dbbaae8356ab52b7c3ec8568f0253a54a60d0603ec98f87c7a8e004b2648e681fc64ea031193b4bf7b6b5d9a30ee2d828fb4a5a064a8199cca7542ebe1f04628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
a222ff811d1259cd2b0b7c48cd12fc8f

SHA1
6a55ad4bc1f7bb4fd430704de7485c19fa2e9e01

SHA256
f7643d89050078e2e00dd82369081c26494191151eee4a07e0a5ebe066f66be0

SHA512
9e4bf346ad6d5cdc95251cb50c3555d5bb0326e8df477c0b74bbe6e7e213b6bfeddd8882dce4223ed27d70d04941b0831d868e68fda3626bc2945ffbe11d9af0

Download Submit
C:\Users\Admin\Downloads\Release\Config.json

Filesize
462B

MD5
583a319b6dea1f675f81b83860aba123

SHA1
0a5cbc4241fad250c83bc86f38622a79757c7159

SHA256
596290a83136810084638abe18dfe86ee2a576360406e57c9836a5c7b6b5b70f

SHA512
ceda8a041134f6deccc6eda77c336263249c94c6df2f7f0f3ceb6aa08b05b7c77ec707c5005dbb9116a3236c3350d25f3a2df07b2f0fc0ad0fd8af71fa2bca04

Download Submit
memory/1020-80-0x00000000750FE000-0x00000000750FF000-memory.dmp

Filesize
4KB

Download
memory/1020-96-0x0000000008360000-0x000000000837A000-memory.dmp

Filesize
104KB

Download
memory/1020-102-0x0000000006AE0000-0x0000000006B92000-memory.dmp

Filesize
712KB

Download
memory/1020-103-0x00000000083E0000-0x0000000008734000-memory.dmp

Filesize
3.3MB

Download
memory/1020-100-0x00000000750FE000-0x00000000750FF000-memory.dmp

Filesize
4KB

Download
memory/1020-98-0x000000000A290000-0x000000000A2B2000-memory.dmp

Filesize
136KB

Download
memory/1020-81-0x0000000000C90000-0x0000000000E92000-memory.dmp

Filesize
2.0MB

Download
memory/1020-97-0x0000000008390000-0x00000000083A2000-memory.dmp

Filesize
72KB

Download
memory/1020-130-0x00000000750F0000-0x00000000758A0000-memory.dmp

Filesize
7.7MB

Download
memory/1020-101-0x00000000750F0000-0x00000000758A0000-memory.dmp

Filesize
7.7MB

Download
memory/1020-82-0x0000000005E30000-0x00000000063D4000-memory.dmp

Filesize
5.6MB

Download
memory/1020-95-0x00000000082A0000-0x00000000082B4000-memory.dmp

Filesize
80KB

Download
memory/1020-94-0x00000000750F0000-0x00000000758A0000-memory.dmp

Filesize
7.7MB

Download
memory/1020-93-0x00000000058C0000-0x00000000058CA000-memory.dmp

Filesize
40KB

Download
memory/1020-83-0x0000000005920000-0x00000000059B2000-memory.dmp

Filesize
584KB

Download
memory/1592-132-0x0000000008070000-0x00000000083C4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-120-0x0000000000330000-0x0000000000342000-memory.dmp

Filesize
72KB

Download