hxxps://github[.]com/moom825/xeno-rat/releases

Resubmissions

07/02/2025, 05:38

250207-gb719s1jht 3

07/02/2025, 05:33

250207-f8yneszre1 10

Analysis

max time kernel
69s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
07/02/2025, 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/xeno-rat/releases

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat server.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133833803523180732"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3625106387-4207083342-115176794-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4244	xeno rat server.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 4936	5000	chrome.exe	84
PID 5000 wrote to memory of 4936	5000	chrome.exe	84
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1596	5000	chrome.exe	85
PID 5000 wrote to memory of 1640	5000	chrome.exe	86
PID 5000 wrote to memory of 1640	5000	chrome.exe	86
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87
PID 5000 wrote to memory of 3796	5000	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/moom825/xeno-rat/releases
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8ea7acc40,0x7ff8ea7acc4c,0x7ff8ea7acc58
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,504235408501100171,561202912440166094,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,504235408501100171,561202912440166094,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,504235408501100171,561202912440166094,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,504235408501100171,561202912440166094,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,504235408501100171,561202912440166094,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4640,i,504235408501100171,561202912440166094,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4756,i,504235408501100171,561202912440166094,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5092,i,504235408501100171,561202912440166094,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  PID:3620

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:820

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4080

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3396

C:\Users\Admin\Desktop\Release\xeno rat server.exe
"C:\Users\Admin\Desktop\Release\xeno rat server.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:4244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
be15f20e32560d7ba0b1023bfecd46af

SHA1
503ddd66b0f11cac65ed433af09e81d398b98b79

SHA256
118eb3458a1c8453e63e42bbea60d83bf598d3d52e4aefd83afd8b51e25bdc8e

SHA512
a98771c440a9c09fb4d7baaa25339aa90d6ed8e06b860337e5f68d199a13df23edf8edb651be557e2734dd72a06be5e92252ffebdabc3a897b44753c0cabdad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
23a9977fd898da534ba1eefed31af256

SHA1
b9142d5f4cd1ca28265ca321dbbceec0ab7a9512

SHA256
2133c98982ef92d116b0da34da7ca3384a2f606a9c6e7c15abc6ad904dabd258

SHA512
4ab49a6c72bd330c554eaa6a6359a1acf5364f6408d1bcd75d9d88cefa2c012990ba09abb164acc17df2cb7704dbc9fe526f14c41ed86abf930540f07c519d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab5fea27e9d5b7eaa3112102de4e6fe2

SHA1
96292ed13485cd1e007deace2017b9e28e6c3851

SHA256
f5b894479fcd491da7e910e330430c08e015fa39c5f700eac2063d6255202b8a

SHA512
7a16fa71a16fc4862394354df496efe40a8859429e75fd580076a06a574d9fa795956013667e09d45973eea8237f0715f58a12e6378f659754bb8dfd89a93f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a0498475f487b2cacfc63e47dde0c480

SHA1
43fc476a28d33bf6af76ba37e3182491ed609097

SHA256
6be2d1d6987aa2a875845264c34cd8f52778147e63e7159635cb60727a77f215

SHA512
aaa31fb92dfbaa5a943c36a370fe19d86a1ef931360c5c332192c8be6acfebb20d8269f8cb54672cebc8109411c7955c6b00d60cbb84205e3ad1db09f7f10756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3d8d6e2bf1fba2256a030250ba4ed88

SHA1
45d9b6bbdf5f335ede7d179082f420742496dd53

SHA256
24880fad1cde7b0520c562334daf02f2639fc444141ceadd96027bfd60ba582a

SHA512
2e54f7170e3ac6d954ac34d53a23cfbf83da18d52b5bb333cc92e7336956bba9fe7e875f5a7ff2d0c759acb747a4d757ce0c10f059abd9f4f01ea38df7663b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
940b12658309fc6153f06b7d921010a0

SHA1
fa624fd8a6079dd81654e81bbb73679cab1c14eb

SHA256
f62bd65743db019f5d52ade24ffdecb4917e4c6ed4b87f16c26a95c5c2998309

SHA512
cbc56801a0a1438eaafc151692f0d6dd4340a39f424d8d620f59451fe4f5d00262b0529a95bf77c54982b95aff0e97569de1e285c64463f3f58464a08ec4cb8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3bc003861bcfb36085c616f8348459c6

SHA1
aad860ecefb259e3fa727b76ba033ee626bb89ff

SHA256
d84d83beaf84d909b879c8d854d59dd2f0eae75e1106df493b65ee178c39ce98

SHA512
29fe09fc8d5d04512137e6ff850198d652312284394533514f24eb0d12f1e8816baedca34b62250e707dffb11c2eec338577f58a549c97f80ac83915e977ffee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6bca0d681816f7fde2edd1d820450a7e

SHA1
c352fdba95d85c1da09494945922a4bea602f6a7

SHA256
e222fc05d63534c161562ee9484580f435138cb311a4e5db21e7d85dfe1f39a6

SHA512
af60bc54f2caa87585e02cb2d0bf87eec1c5fb1da6fb0a20985acb7b9253d3993f9caf6c421f613e728b4400b8357cc168a01807a2da7404000b39abb471af8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
27df372cb1a106b8f4d89608a4ff2ba3

SHA1
44a6dcbb60c3709cae004b3eaad1b391a8be1e60

SHA256
431c06b7b7b7658d232bad7b9dc66f7aad48b6f104b783e5f87759c4b7bf3a34

SHA512
12cb8baf2db259c935dc26db8fbde14ff412fa1845cac480b27961cc23fce649724f8867956f6baf08fa633ba01fbfda8886eab125bedf7148341b64919aabff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
739e88af334c90090dbc1b6e00ff6583

SHA1
9123ae9a0f462af66d2763a045bb8a2c02413b31

SHA256
1c7fc4576ea9d1ac5aa49aef97c2c3cc5d7354eaa71f644e4f6812edc0411bb9

SHA512
91944fbee98fabd6aca9793a9bb75737688e667b28d5b7995f5daf3ba0674de62b53e47f38ede6fbbb7c716c24ed348f6c97ae5d9fa0df82753dcd92ba78c5c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
c38d7c4431ba13e113ac1c024d3af726

SHA1
65b049e9764217c13c3f03265948a6c8faacc54c

SHA256
84b86d13c1ca1b2f9556df7082b53cb4a6d6e5cdf498200de00a6296b666e48d

SHA512
038c3a2719ce7feb751d0e4f46ea132702fea917152a0ceff9707151d0b079a152db58117f583f41241552effe1a9bdcee1b76a8160e74b3905d69b804ab863a

Download Submit
C:\Users\Admin\Downloads\Release.zip.crdownload

Filesize
6.4MB

MD5
89661a9ff6de529497fec56a112bf75e

SHA1
2dd31a19489f4d7c562b647f69117e31b894b5c3

SHA256
e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

SHA512
33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

Download Submit
memory/4244-215-0x0000000074D5E000-0x0000000074D5F000-memory.dmp

Filesize
4KB

Download
memory/4244-216-0x0000000000720000-0x0000000000922000-memory.dmp

Filesize
2.0MB

Download
memory/4244-217-0x00000000059E0000-0x0000000005F84000-memory.dmp

Filesize
5.6MB

Download
memory/4244-218-0x0000000005310000-0x00000000053A2000-memory.dmp

Filesize
584KB

Download
memory/4244-219-0x00000000053D0000-0x00000000053DA000-memory.dmp

Filesize
40KB

Download
memory/4244-220-0x0000000074D50000-0x0000000075500000-memory.dmp

Filesize
7.7MB

Download
memory/4244-221-0x0000000007D20000-0x0000000007D34000-memory.dmp

Filesize
80KB

Download
memory/4244-222-0x0000000007DE0000-0x0000000007DFA000-memory.dmp

Filesize
104KB

Download
memory/4244-223-0x0000000007E10000-0x0000000007E22000-memory.dmp

Filesize
72KB

Download
memory/4244-224-0x0000000009D10000-0x0000000009D32000-memory.dmp

Filesize
136KB

Download
memory/4244-226-0x0000000074D50000-0x0000000075500000-memory.dmp

Filesize
7.7MB

Download
memory/4244-227-0x0000000074D5E000-0x0000000074D5F000-memory.dmp

Filesize
4KB

Download
memory/4244-228-0x0000000074D50000-0x0000000075500000-memory.dmp

Filesize
7.7MB

Download
memory/4244-229-0x0000000008260000-0x0000000008312000-memory.dmp

Filesize
712KB

Download
memory/4244-230-0x0000000008350000-0x00000000086A4000-memory.dmp

Filesize
3.3MB

Download