Analysis Overview
SHA256
e9013a37c6ee9bb4bee376c5d93c58957dab859c938afc69198b5143250add3c
Threat Level: Known bad
The file Unconfirmed 655458.crdownload was found to be: Known bad.
Malicious Activity Summary
Detect XenoRat Payload
XenorRat
Xenorat family
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Checks whether UAC is enabled
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of UnmapMainImage
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-13 01:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral5
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
436s
Max time network
460s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Newtonsoft.Json.dll,#1
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
441s
Max time network
444s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Xeno.dll,#1
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
439s
Max time network
442s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-convert-l1-1-0.dll,#1
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:13
Platform
win11-20250217-en
Max time kernel
436s
Max time network
457s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Infinite Yield.lua"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:06
Platform
win11-20250217-en
Max time kernel
437s
Max time network
443s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-filesystem-l1-1-0.dll,#1
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:06
Platform
win11-20250217-en
Max time kernel
899s
Max time network
849s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133863042635470750" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\index.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f420cc40,0x7ff9f420cc4c,0x7ff9f420cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1800 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2112,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2140 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3132 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4496 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4744,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4504 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_4852_IUJRWYXENRNSCEOO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 9137d7c89253d43d41f3b799143b2b50 |
| SHA1 | a314151b008a47dbaf13b74db3f8f553b00824c5 |
| SHA256 | 46850e36de5bd682189f92c29db7d47d826e7e6eede3ca76d83112b96a22e663 |
| SHA512 | 909adc2566339f8ccff185863b3a444fafa8b9f372cc58a4561a0295c0d03a9832209aca30c159e017e4ee9518617635382cec5e3847c077b4b85ad3269d1619 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 387a9f418c99b3a074c4080a3589f0c4 |
| SHA1 | cb168e87c768a18d36404d9146d5b882c2e97243 |
| SHA256 | 5941bd9d8142f690553c09ef9c1c48743534a9a508f0b5968eb9039a26b35b29 |
| SHA512 | 36452e67c8acb39c0dbb8707ddc92cd50838eb2cdd833d1209dac322cc420570a784fbc9efc96e0c90ae7bb1f5f18d4811a94e1b455bdc57e924e8638830b569 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7f50fd942d3c562007471a4a3b016476 |
| SHA1 | 2a293dacaf708a0a3f398e3431682f6c3c94aa13 |
| SHA256 | c43cf94b8b10e583a4c59489827fdf639550a4e49ef17f850b02898582d149df |
| SHA512 | 13fba53490f03ad05265bd4392c85498a35edd6f2c2143c5771819f65e831f5c4ed8711d9b82854f3e61fc4a05b1e472249f80f944cae44d99d15f43453f4b12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ebf2c78f3a439b876994010e4164eb9f |
| SHA1 | 03b299221624bfe26d3a46aa50eab51d8d288889 |
| SHA256 | 4dddc7c444602b8017f300163f22d0887ae5d88a23742b2fcd897b45be0758cf |
| SHA512 | a8bb95aa8460d1412514658fb4daaa78c9e4cc7080ab2e24b4dc0634b8096cf57cbbb17d8041131bd6e8e37f74c7f1fa10c18537bf5e0a5616619acfbc0a06e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2b59d60ba552ca687fc29b7b6e942fa7 |
| SHA1 | 5c243b4dd6f4a2d3583d8931a4573b13ee1cb9bb |
| SHA256 | bf47e04ae5b1cf68a2c7add04c980d2836ea1ccb5350cb256ff1a7a6d42053e3 |
| SHA512 | 4e971cdcf5e046295999213c6f246293490acd622b22966f7c2eae0df372c7c7843d1470a816250cdba36f4f57a83220409b12a6e26cb2f94a177964a62348d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8a2898c671f114111c3e2394c57d1d08 |
| SHA1 | d325345232cdab739246fe702160498cafb2643f |
| SHA256 | 71b2c94b8e47b59006a5d2a1ed270d9631beb7ab5f24a1fa8ba12158c27829a6 |
| SHA512 | c9651237169961a0b170187b6690b8111cf2d3456a64764ba46db3369f9aee990b453a2753614a169fd86f90899fa5a379018f5fe5e502de9a818be5f5f8b2e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a491ea68-83ba-4934-9087-bd4cf402551a.tmp
| MD5 | 8dfa52f46fce1f464a69c10be70746a1 |
| SHA1 | 535d27fdc089d94b935976b42d48078840d631e5 |
| SHA256 | 88b32bb30a156cd720aec030b2a3fb003eedb131ff9e6b27c3623f70e17480c3 |
| SHA512 | 6b39b4c8a78003599b3db33666ecaa956f31cd9a9d151902ce14227a6d62cd3f03fc00865133047f1f4af411b6c8eba10bfea2c0d59a42a2568b87c87884ad99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8ebd697f1f5858109a311d485792586c |
| SHA1 | 449685fc41da90e6cc6bb5688226097081033744 |
| SHA256 | 42d3c93af2217b01ffc8e6a8b74d524ef0acbb02693bde8fcd434f1dd8b057a6 |
| SHA512 | f08af331c4f03a8426fbc9ff6047a44f8ed4b2f77250c61414472b464eb9bd9ce34c9b3a6c8c86b10c06bb8543b028dc8c747ec3a26c11d552397d36114d3cd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4af9ff81049e59c3c8d172cacc0050a7 |
| SHA1 | cc34f6cd7761fc2546e462d9e1d35fb7c50a5fb8 |
| SHA256 | 6a3c17bda8ef646fecee537c13a2e865ab161c0d88705d00efcfbe3e6c70d8ae |
| SHA512 | fbd376d46424020f1dd51273f1abd64d0b6a8aa2d8690ded1a7312bfcac6be7af6e103c7b7196c6c035c9427cadad7ad1581c4ed7beac8e7d27cab920d00bd85 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1aaaadf57cfc807fde6affd34ea84c97 |
| SHA1 | 25f8c1f3104f14ac1a00ba9476f4c5475ec60dde |
| SHA256 | 9b6f681b867d3b203913b4c42774b420060f191c5892e56de920a9706d5afbf1 |
| SHA512 | 4fcf09c53bfd28a0aaeea14f8f967a1f87fe7aa3002dc3ffc785541ab683bbc88789cefe7e626245122bcc547ca3ee1eddfbab8371a6d0442fe7a2a97558681c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1e233becf9a5bf6ef54c8b90b8780532 |
| SHA1 | 340ba1ae3c0b2ff940f6fd5e52f84bf7dd8ba4aa |
| SHA256 | f2621634d9524a976bf58a409e211cc68867816ddc6bbe125cf44f48f63ffbbf |
| SHA512 | 043412816122ac732d7778dd540c5449951349459876baa0b0caba1c04ad359522cfb0a14b5e04bb3d02ef0f95f46d0ab46eb75acbc981ee86b43feda3a43b1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d1fd92a8229f7de5460471647f8dd28 |
| SHA1 | ad3698d45c8a74e7aa867dead8f367f066b4afbe |
| SHA256 | d8df22edffee64b5eda2033c52d97a863d2adce8098440da0781226cd44cfb5b |
| SHA512 | 8e66d1a7749c1d694b1f3f35e1de217e90a8d71586cb402c562d4e5c639df8bb5f2bc0665d5701104693c21c6c9048bf8a1c95fa2fc6620a42c27aac6b53aca1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 167be1d812bf7d65d6ccb4158070a0c8 |
| SHA1 | 5bbcc624963b5a3a458940c1a127a9d7ba288ced |
| SHA256 | 19704d5c357bff852d4d182fd944213c2ba6a5c82831aa89fc303d4102195122 |
| SHA512 | 6ed3c89841bba59a50db2eaa197fbe45d0fbfe2dba2e52e53f9f7988dbadd6076d6e8a81ca0035392ca6956a5984efb101fb63dd6339ad1523c681431a585058 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4f0580534c5b32963b0ce2b5c597fbe2 |
| SHA1 | d8204f7b8723a4bad3da7b918eb422580ffc4ee4 |
| SHA256 | 4606d16bad905159766d42f78cbd3ee5200ba4e8d38c39f9179481d46897e190 |
| SHA512 | 6b4959bbb9be1894ef26c6776a47cc67ab607629529da9b913fe045c993ffd98556c0530cac4a5ee75eec2d778d85ef10a3960243458a8edf49cc2cc91360100 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc8c60a6fcb72c8805b82afc8e7fd2b6 |
| SHA1 | 05b171f3e05f6e0c06e92e6c844c2ca66255e5ad |
| SHA256 | 8e643b03d55d3055d2bf72c2372187134bdb9103887ee228656e37ea58194565 |
| SHA512 | f86979a2d84e63a62da8715fedfd6cb7b9b7bec342838f0e789fe6f54fc1be9a8a104fbbaf0fed402b1f2d812c67310c23aafcf26a71c7d5124472c807a3ff11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5ad0f1bdf811f280a21b149e9d57fa6a |
| SHA1 | 3f28a6cf40d25e36d8ca1cbe66d5146e3f771a4a |
| SHA256 | 21f32e9dbec54f62fabc34cf49c0430786cfdcfd13bf37a2dea1061afd5177cd |
| SHA512 | b58542291943fb33b513609c5583d080460dd95e05d7da7a7aec5da55b19d6ef53cd383c009093d61522cbfe6e3016f8c5d79ba0064deaa35e3f3204330fd18c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cd23bf689dc2bdff9c05f09d7e2fcaa9 |
| SHA1 | 733c0acffeaa02c86ad0255d8c1f48e00d56f15b |
| SHA256 | ed2c67083a8c9e79641b3bbe636576fbd3e99c474c02b6049500776b4181ffc2 |
| SHA512 | dcab7406afffcc885b8b8b47e5608ce887e110d7beebd02b13bc4926ab52a8d58256b90043b77d7eda00a1f1c9e8120bf674cc353b3dfc79d3ebb6950f60d75d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1068e1d47f1148c39def0b5ce4c04a3a |
| SHA1 | 7591957ff4621b9278ff518ec2bfedab626b9c06 |
| SHA256 | 97bc728fa0584a813b27dd2d7df0e0b2543b3910b3c5b8196347a4a05abbfc42 |
| SHA512 | d644f651a79ff1aef00edfefc3ff7ca566d46bc65e6457f71a88e7bc8c9f28a0edba20fb5b2f52e4fcaf64fdb130926aaa9c6787115a6fe02b8d5fe1293137b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b41c50cfaaaaf8a234f961a29246fb1c |
| SHA1 | eff75b300d9839fe5d771215ef5acf32ae83951a |
| SHA256 | 13822bae064c175b659f74ebe6ed0cb4acf5ac5eed12ef3a0868b6ab885202fd |
| SHA512 | a608461d537758134202d670e6be2d8aa611375309797ac13086d10e5521f9b33e3904a3a9e2d33a67a44a64e73c3d7607bd7b8c70f1afb4952c68a3571f6472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 880c831a8463503278c580763f29e4f5 |
| SHA1 | 1836fe9cb0fb2dda11ac3d5921a3ad4791cd980c |
| SHA256 | a9315265e5a80f24f22f7e3486358e8eaa726d8e1d4e38599a37e1be747eb6ff |
| SHA512 | f9f0b241d86949fd91d033dac226f90ab6280de676a0734c91131e863b6b225e0e275c72397a78554bb42babd5e505a052cd3e9e7717995df63234ed5ddadcd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 89d642051c7b73cde3556665f63574e8 |
| SHA1 | 86a329ec872e761ec35f28548edd8a2e2cdc2847 |
| SHA256 | 2f217b061049db996a47c374a9eae280e2679ad6d5835f5bca9df58f63e0f112 |
| SHA512 | 89d7704039f8dcea6d3d837eb528e7e137ca164632ae3b843aebc1a8352a69f424c2255af94beb4a5aa44be493299782e9f462eb9f8b02bb7fb2ff8f1a3aeef1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 362d45e61b050b559ef60d319509f8ec |
| SHA1 | fa66ff01b5fe47f051ee4d80f6c02ae435a8c6d5 |
| SHA256 | b235b844c89c5806c58bda99cafa94ba525fde75085c8e238d376cac464bd595 |
| SHA512 | fe35955f693e3be6973f5bb91d6e42f88cb7f8216b4d6a77ce6cb71f348d7bb31d45ce842f98a5ca0ba89ea994e542f45bcbd87e4abc4bd21fa6c2579f1a3303 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e37d27302212544e1e5d385bd21e44b5 |
| SHA1 | ef1ee7ab51cc4b2929f2e71a74203da53e2cf482 |
| SHA256 | 05482fa1e0d0a324715dd1613ef0261e281fcef374125428f14b4aebae3f802e |
| SHA512 | 9c20a693b6eaf3ae4bca4653d93a749287795e978f3eb2411f7f59a295bc81f9d6fc78b51f93daedccc09c8501d06d570ba153018c96364d6f761700cad9273e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d0951de17a4aa604ecedf8b8d4d8daea |
| SHA1 | 8b802440482ad946bf68c2fcf443fda270cd265a |
| SHA256 | a02e88b863b8d3faa610a3247fda168e85253a845da020fc8f746de6ea91cf74 |
| SHA512 | 7a7df24c39b51b03122a686111d39c55496c349190c56d084f954125ac599338217b4ab9bfa075967a03b35c39f9fbdefb2aa92e7c3b0c1c486661a9c8172a65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 000689bea927298c3c1428c7d77605d8 |
| SHA1 | 8607336da5b6ef475b3bbe159c44f8a6324c43e6 |
| SHA256 | 90d7a9cd197b9d9aa1e48721d8528cdcef3b6eb97395e5a882b6afbcc099a812 |
| SHA512 | 59413bbcc120218f52758d0d28c7a5aa034f6ee7fa254ed7500a40ecde4d4d909005b0f40f2bb7e0974e1f83db715212d88d55e8ae6dc01bedfc2d96b3042d19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0bee9ceb76f0663610446a593908ae39 |
| SHA1 | cea22b32e5ffa4fcc1ac752fcb24e38efe6ecc36 |
| SHA256 | a1c2158ead13c110858f38dcc0f43e4d1e13e3dfff650cac6de42352756e4215 |
| SHA512 | 056c309a998cda9c5249045d9bf21bcf2e9eebfac01f0cdb7f4783ed1ab057ef28590fefe133bf69815b1d007f52dbac137db1cd035faa94fb0f79321e329d10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac69ca43a52445a5eb2c92d9411564f2 |
| SHA1 | 313849cb44ae6fca12ac816e4eb7f5d1ac69c8ba |
| SHA256 | bcf028f5962cec1fae2500a81b753e92ba6b098356ba4d320b48a3da76c9405d |
| SHA512 | 509f7d5bed0220f188baf009d899ba90cd14eadb7ebce2a7372602d934c413dfd2856e2b1d4c2680a6f62e472a7ef7ab598bf3565dad0ba23cb38407ace59f38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3123565c6a0987e95e137a3da985219c |
| SHA1 | 8f08c7016be1abd34aa8317d8ba7c050ca3f1470 |
| SHA256 | f64b55077ca8840c5e0a8fd46aec502fb449c8a69117970fdfab7e0ddbcb1a70 |
| SHA512 | 09addd6bcd8cfa1b75afccde3767d73e41f6b608eff927d92abdac9b9404e9d39dd126a7a68a75b8662d68879fe7a34cd1a9a7995ddfe9ecd7bcb24cca172f3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1e84cb85d922453b73b5fd215965657d |
| SHA1 | b31cab2b26b936994f3596983bd3910a5431fed0 |
| SHA256 | a999ff9b7535c1b318b5cdfe587c2d6f6f24223e8121ef048a32ce2e13f6c27b |
| SHA512 | c8c2faf9117159d8ce9bdf88788711f178385258608a53bd0ffbf821bcd5e890254cabbe6a6ccf3eb5a3d8ce97e56ca074f635bf0bbe75564fd47098ef669188 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ebe9535f12d065b866e992e935a8c739 |
| SHA1 | 20480b6b9b90ba36f82655c06199bd553992a20c |
| SHA256 | 7797f56d1a20600213fd04d1d1887c16a16b3e8b468e7f2e7e8c794320800f2f |
| SHA512 | 13a267ef0d3b299207ed618252599a8e3ce2c271addfd2f593316d04e1b7a4e7e0468be2042180eca2980d550e734cc9934b3c9274123efa34e747d2db20063b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7173394b31f777e0f64b9be28ce71380 |
| SHA1 | 2fe88c339cdde012c2055ff911335c9206d039b4 |
| SHA256 | 200ff95cacf6aa297c2ea13aa81c7434a91d10d15fec0aa05003f5fca2ba8aae |
| SHA512 | f6daf2ef4b7c5d2d9c82ad0b08c8400a5e3ead90b092aa8a94477cc60d73970fdca455866bed2a674be82f8999daa1cbd0e5e42e52513e896b8cc624d7f804da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1dc3dfff11420195c8314ea5bba0f52c |
| SHA1 | 904cb7fd8a5c47d0647403b6cf51b76ab4bbde4d |
| SHA256 | 78acc72bc982256f8143fc57ab8168ee17343f38959131bb4c042b7b693b810f |
| SHA512 | fe4b2f79b820d9f8c12ab9b24f28f66915c2b60e0257a0765d1c6e6af0ced6e26f54bbdcd63a499fdfbad5ac1e0129fe529d1c0f9fcb6da48d338a2c7dd0f3e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f106b5df74da0265d071ba1e516a965a |
| SHA1 | 8c2af9665f9966b32eb0809bbdd8ca8f29381a45 |
| SHA256 | ccc84a5d771f1bb90ead6113195b136ecf35b76b9eff25b739136ce307c426a9 |
| SHA512 | ee2d8e0bde36befc90558d3b04360efff0da192275cba1638f1dc4d92c89629d8550fe2205f799c3ca4bd3ed3143c0aa0c9fe909f7762f5178db0c79cae83b01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a1c17cfd8241e390d7f7170d8c07e910 |
| SHA1 | 1554610009c5ceae5d5346c91c573ca54579b98c |
| SHA256 | 1a0ecb396173ee4a518a3df869b8380c0b8df9473e01980033c08013fe021837 |
| SHA512 | cbb46e63b697e1fdf669d0e823d19e14ce0d070856cae7d79a743422297f86cd9f1c19e040509426195f855a44998758839cd2e6b40fef00f7fef9fe35fb434a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f8f673f089864a8ec041086e9c0c5db9 |
| SHA1 | 9c0c02b1b89dfded85bdee45dda9668319a9b335 |
| SHA256 | ed7f8d68e316275b2e7e23a2a66046656bb2ae547c838fb3358591bc9c3c103d |
| SHA512 | 44b9f79891e11bfea09f1af148d0ee50b301bb00bd5464459e511ffd39a42ab88a0d4ae2b7f27aa4c07e9bc95c225ca334cbe6d6c37608e696f3abb2780cf5d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 145015b8e3cf08e2d2a0b503d12edcb9 |
| SHA1 | eb692529162d2e4521e862f4f296192833a271f7 |
| SHA256 | 00daa647c77466f218414a4576f3497707a4e2612625d7af67a2593fa2629fe7 |
| SHA512 | 183aa8ae68d2dd696f0ed91543f8da2f086fdecb8a1553eefca1ba202b434adc3002e58037f01198246616609985e5c1fc46f81586aff1ce8427e0a5a553616a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7dd6c9805f8721d457993ebdcb2316ef |
| SHA1 | 84fdf847f01759b10e3b3b9a5ea85a2f7abd559b |
| SHA256 | 9bcfd2e3df0b56136d9e90827cc018e403c427812d3db9f0cf874cfff15f94e0 |
| SHA512 | d64da905d85c98def9a37c1c55b011102b2e6b95fa9f22ca9940f4cf3865d44f0ea9ddebe326c8b42980c1a41a15fafbf1f745e607abc606d2338012435a8e43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d4eaa4af522da35a0cea8a0005d2671d |
| SHA1 | eae1d672b43f65a97d31c373f148625ed2816106 |
| SHA256 | 6d775ef05602327b3b1f1d6f5c02b39993688c7bf14b70ffe3e87c545c96cec5 |
| SHA512 | 11da4770a6247f090deb12873adb1029894613895091d82df01d63e680c96cf59fe9c4f09560d51cfd06940fb7bea1d6d72369c5e6f7ff3c7a7ff3c23ce19eb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 44812cbed53ffbb5143445476d23abe0 |
| SHA1 | bd94a30aba2e68324c26c4fd0f2b7ee124a41b6a |
| SHA256 | 71732c90b5ec67df4afa20669742d5a67a4dfb570615005bc995f4896cd6197e |
| SHA512 | 49b8d91e8a9e84e77d28a6b957359a2462a0500788832079639ac224bee88f173ef73c3be9d205bc839bfdb531023f31ef8c5c63720d6f9d70ffd901b13dd60c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22c09083813bd2e7037b93b2fa69cda8 |
| SHA1 | c5c5400d2c5d7061cf38ccca8f4c75c7e9395951 |
| SHA256 | 657ca8aadcb1cb2541ad18a25f12ccd6e56b7014feb8d15c1d7142631795ac3e |
| SHA512 | 78bce5a6abcb67f19fca15126c8b3d1e188cc305b01a375b5ef831b16fff988489b38aec42690f768e73526caa1f54d838863bb4f0f3fdc686d3bb44b81be508 |
Analysis: behavioral24
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
176s
Max time network
895s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.de.js
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:06
Platform
win11-20250217-en
Max time kernel
420s
Max time network
428s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.exe"
Network
Files
memory/2672-0-0x00007FF8E9C53000-0x00007FF8E9C55000-memory.dmp
memory/2672-1-0x000001E5C1AF0000-0x000001E5C1B0A000-memory.dmp
Analysis: behavioral16
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
429s
Max time network
434s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-runtime-l1-1-0.dll,#1
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
445s
Max time network
448s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.js
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
434s
Max time network
438s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.fr.js
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.13:443 | tcp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
435s
Max time network
438s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.it.js
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
430s
Max time network
435s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Microsoft.Web.WebView2.WinForms.dll,#1
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
438s
Max time network
441s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Microsoft.Web.WebView2.Wpf.dll,#1
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
433s
Max time network
437s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-math-l1-1-0.dll,#1
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:03
Platform
win11-20250217-en
Max time kernel
777s
Max time network
780s
Command Line
Signatures
Detect XenoRat Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
XenorRat
Xenorat family
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Xeno.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Xeno.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Xeno.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Xeno.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\localizationUIScrapingOn.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\StudioToolbox\AssetConfig\listview.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick2Vertical.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\MenuBar\icon_chat.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\AnimationEditor\button_control_start.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\Debugger\Breakpoint.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\common\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\TopBar\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\models\AvatarCompatibilityPreviewer\pedestal.rbxm | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\AvatarEditorImages\Sliders\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Emotes\Editor\TenFoot\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\PlayerList\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\VoiceChat\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\models\AvatarCompatibilityPreviewer\bodyPreview.rbxm | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\AudioDiscovery\ok.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Controls\DefaultController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaApp\graphic\playBtnBackground.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Settings\Help\UseToolGesture.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Settings\LeaveGame\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\api-ms-win-core-string-l1-1-0.dll | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\fonts\Ubuntu-Italic.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\VoiceChat\SpeakerNew\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\configs\DateTimeLocaleConfigs\pt-br.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\avatar\meshes\rightarm.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\configs\DateTimeLocaleConfigs\es-es.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\GameSettings\placeholder.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\TerrainTools\mtrl_concrete.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\localizationUIScrapingOff.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\fonts\Roboto-Regular.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\fonts\families\DenkOne.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\9SliceEditor\Dragger2OutlinedBottom.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\MaterialGenerator\AddImage_48x48.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\StudioSharedUI\close.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\StudioToolbox\AssetConfig\selected.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\PivotEditor\SelectedPivot.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\TopBar\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\VoiceChat\MicDark\Unmuted100.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\VoiceChat\RedSpeakerLight\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\InGameMenu\gradient.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\MaterialCursor.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ViewSelector\top_hover_zh_cn.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\avatar\heads\headP.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\DevConsole\Error.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\VoiceChat\SpeakerDark\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\AlignTool\Help.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\configs\DateTimeLocaleConfigs\en-au.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\DevConsole\Search.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Settings\MenuBarIcons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xeno.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xeno.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xeno.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xeno.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "223" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133863042829233797" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-2b67309334b54dab" | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-2b67309334b54dab\\RobloxPlayerBeta.exe\" %1" | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 = 7e003100000000006d5a630f11004465736b746f7000680009000400efbe515a50a76d5a640f2e000000365702000000010000000000000000003e0000000000303550004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol" | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5000310000000000515af6ad100041646d696e003c0009000400efbe515a50a76d5a5c0e2e0000002c570200000001000000000000000000000000000000d8732c01410064006d0069006e00000014000000 | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-2b67309334b54dab\\RobloxPlayerBeta.exe" | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\NodeSlot = "4" | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000c382c0b27e81db01284c28928581db0124b8c3f7bb93db0114000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol" | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-112184765-1670301065-1210615588-1000\{FD8934DF-7D28-4379-890F-56472B07994B} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Release.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 655458.zip"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95536cc40,0x7ff95536cc4c,0x7ff95536cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1816 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2164 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4460 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4588,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4608 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4740 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4736 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4608,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5092 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4896 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3700 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4164,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5124 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5244,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5184,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3420,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4408,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5468,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5328,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4428 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5092,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5376,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4940 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3304,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5684,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3332,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5220,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5052 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5352,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4396 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5232,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5060,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5016 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6128,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=3248,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6112,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5864,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5840,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6356 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3276,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6384 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6024,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7056 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe" -personalizedToken XYWQHGYD97 --deeplink https://www.roblox.com/games/16732694052/Fisch -app -installerLaunchTimeEpochMs 0 -clientLaunchTimeEpochMs 0 -isInstallerLaunch 1200
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6860,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6808 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7332,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7344 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7328,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7364 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=5972,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7500 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7064,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7372 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6020,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7068 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6248,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7416,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7480 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7684,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6040,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7820 /prefetch:8
C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
C:\Users\Admin\Downloads\Xeno.exe
"C:\Users\Admin\Downloads\Xeno.exe"
C:\Users\Admin\Downloads\Xeno.exe
"C:\Users\Admin\Downloads\Xeno.exe"
C:\Users\Admin\Downloads\Xeno.exe
"C:\Users\Admin\Downloads\Xeno.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=7080,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7736,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4396,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7016 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7164,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8088 /prefetch:8
C:\Users\Admin\Downloads\Xeno.exe
"C:\Users\Admin\Downloads\Xeno.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6172,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8084 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=7692,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6900,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5228 /prefetch:1
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3994855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.169.14:443 | play.google.com | udp |
| GB | 172.217.169.14:443 | play.google.com | tcp |
| GB | 172.217.169.14:443 | play.google.com | udp |
| GB | 172.217.169.14:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | clients2.google.com | udp |
| GB | 142.250.200.46:443 | clients2.google.com | tcp |
| GB | 142.250.187.225:443 | clients2.googleusercontent.com | udp |
| GB | 172.217.16.238:443 | ogs.google.com | tcp |
| GB | 142.250.187.195:443 | ssl.gstatic.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.187.85:443 | static.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 18.172.153.77:443 | apis.rbxcdn.com | tcp |
| GB | 52.84.90.122:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.122:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.122:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.122:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.122:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.122:443 | images.rbxcdn.com | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| GB | 18.244.140.128:443 | arkoselabs.roblox.com | tcp |
| GB | 18.244.140.128:443 | arkoselabs.roblox.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | usermoderation.roblox.com | udp |
| US | 8.8.8.8:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| DE | 128.116.123.3:443 | pulsar.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| GB | 2.18.190.80:443 | sc0ak.rbxcdn.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | pulsar.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| GB | 2.18.190.100:443 | tr.rbxcdn.com | tcp |
| DE | 3.127.19.77:443 | s.ns1p.net | tcp |
| DE | 18.193.147.73:443 | s.ns1p.net | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| GB | 18.239.236.60:443 | sc0aws.rbxcdn.com | tcp |
| GB | 18.239.236.60:443 | sc0aws.rbxcdn.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.14:443 | play.google.com | udp |
| US | 104.21.45.84:443 | xeno.now | tcp |
| US | 104.21.45.84:443 | xeno.now | tcp |
| US | 104.21.45.84:443 | xeno.now | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| FR | 91.134.10.182:443 | i.ibb.co | tcp |
| FR | 91.134.10.182:443 | i.ibb.co | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | s3-eu-west-1.amazonaws.com | udp |
| IE | 52.218.97.123:443 | s3-eu-west-1.amazonaws.com | tcp |
| GB | 23.44.64.10:443 | www.stepstone.de | tcp |
| US | 172.67.135.229:443 | lootdest.org | tcp |
| US | 172.67.135.229:443 | lootdest.org | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 172.67.135.229:443 | lootdest.org | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| GB | 99.86.249.5:443 | d11kp34sgosvfa.cloudfront.net | tcp |
| US | 8.8.8.8:53 | api.taboola.com | udp |
| US | 151.101.129.44:443 | api.taboola.com | tcp |
| US | 52.216.60.42:443 | fingerprinting36542.s3.us-east-1.amazonaws.com | tcp |
| US | 104.21.21.90:443 | nerventualken.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 104.21.21.90:443 | nerventualken.com | tcp |
| US | 104.21.21.90:443 | nerventualken.com | udp |
| GB | 18.245.206.228:443 | d1wzdj81h1hubn.cloudfront.net | tcp |
| GB | 18.245.206.228:443 | d1wzdj81h1hubn.cloudfront.net | tcp |
| US | 8.8.8.8:53 | nnpjd.truthwasisadl.org | udp |
| US | 8.8.8.8:53 | curyrentattrib.info | udp |
| US | 104.21.41.244:443 | 1.onsultingco.com | tcp |
| US | 104.21.41.244:443 | 1.onsultingco.com | tcp |
| GB | 18.245.143.128:443 | curyrentattrib.info | tcp |
| US | 34.195.224.242:443 | nnpjd.truthwasisadl.org | tcp |
| US | 34.195.224.242:443 | nnpjd.truthwasisadl.org | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.21.41.244:443 | 1.onsultingco.com | udp |
| US | 104.21.21.90:443 | nerventualken.com | udp |
| GB | 2.18.66.73:443 | tcp | |
| GB | 23.218.72.229:443 | cxcs.microsoft.net | tcp |
| GB | 95.100.153.157:443 | www.bing.com | tcp |
| US | 172.67.135.229:443 | lootdest.org | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| US | 104.21.21.90:443 | nerventualken.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 104.21.21.90:443 | nerventualken.com | udp |
| US | 8.8.8.8:53 | curyrentattrib.info | udp |
| US | 172.67.167.208:443 | 0.onsultingco.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| GB | 74.125.105.103:443 | rr2---sn-aigl6nsk.googlevideo.com | tcp |
| GB | 74.125.105.103:443 | rr2---sn-aigl6nsk.googlevideo.com | tcp |
| GB | 173.194.183.169:443 | rr4---sn-aigl6ney.googlevideo.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| US | 173.194.140.234:443 | rr5---sn-q4fl6nde.googlevideo.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.14:443 | play.google.com | tcp |
| GB | 172.217.169.14:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| GB | 172.217.169.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.180.14:443 | consent.youtube.com | tcp |
| GB | 74.125.105.103:443 | rr2---sn-aigl6nsk.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6nz7.googlevideo.com | udp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 74.125.168.103:443 | rr2---sn-aigl6nz7.googlevideo.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.46:443 | www.youtube-nocookie.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 142.250.178.17:443 | csp.withgoogle.com | tcp |
| GB | 142.250.178.17:443 | csp.withgoogle.com | tcp |
| GB | 142.250.178.17:443 | csp.withgoogle.com | udp |
| GB | 142.250.178.17:443 | csp.withgoogle.com | udp |
| US | 172.67.167.208:443 | 0.onsultingco.com | udp |
| US | 104.21.21.90:443 | nerventualken.com | udp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | udp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | pulsar.roblox.com | tcp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| GB | 18.245.187.77:443 | static.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.82:443 | sc0ak.rbxcdn.com | tcp |
| GB | 52.84.90.101:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | voice.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | sc0.rbxcdn.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| GB | 18.239.236.105:443 | sc0.rbxcdn.com | tcp |
| GB | 18.239.236.60:443 | sc0.rbxcdn.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 2.18.190.100:443 | tr.rbxcdn.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| GB | 173.194.183.104:443 | rr3---sn-aigl6nek.googlevideo.com | tcp |
| GB | 173.194.183.104:443 | rr3---sn-aigl6nek.googlevideo.com | tcp |
| GB | 173.194.183.104:443 | rr3---sn-aigl6nek.googlevideo.com | udp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| GB | 18.165.242.74:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.3:443 | apis.roblox.com | tcp |
| N/A | 127.0.0.1:53291 | tcp | |
| N/A | 127.0.0.1:53295 | tcp | |
| N/A | 127.0.0.1:53298 | tcp | |
| N/A | 127.0.0.1:53301 | tcp | |
| GB | 13.224.245.62:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:53316 | tcp | |
| GB | 13.224.245.62:443 | setup.rbxcdn.com | tcp |
| GB | 13.224.245.62:443 | setup.rbxcdn.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.14:443 | play.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.169.14:443 | play.google.com | tcp |
| GB | 172.217.169.14:443 | play.google.com | udp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.22.49.74:443 | cookie.any.run | tcp |
| US | 104.22.49.74:443 | cookie.any.run | tcp |
| US | 104.22.49.74:443 | cookie.any.run | tcp |
| US | 104.22.49.74:443 | cookie.any.run | tcp |
| US | 104.22.49.74:443 | cookie.any.run | tcp |
| US | 104.22.49.74:443 | cookie.any.run | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 104.22.48.74:443 | cookie.any.run | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 173.194.76.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | id.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | www.solarwinds.com | udp |
| US | 8.8.8.8:53 | images.contentstack.io | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| GB | 95.100.195.173:443 | static.solarwinds.com | tcp |
| GB | 95.100.195.173:443 | static.solarwinds.com | tcp |
| GB | 95.100.195.173:443 | static.solarwinds.com | tcp |
| GB | 95.100.195.173:443 | static.solarwinds.com | tcp |
| GB | 95.100.195.173:443 | static.solarwinds.com | tcp |
| GB | 95.100.195.173:443 | static.solarwinds.com | tcp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | udp |
| US | 151.101.2.137:443 | images.contentstack.io | tcp |
| GB | 23.192.17.91:443 | assets.adobedtm.com | tcp |
| GB | 95.100.195.173:443 | static.solarwinds.com | tcp |
| GB | 18.165.242.72:443 | cdn-app.pathfactory.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 151.101.2.137:443 | images.contentstack.io | tcp |
| US | 13.107.246.64:443 | infrastructure.api.solarwinds.com | tcp |
| US | 104.18.39.141:443 | analytics.ahrefs.com | tcp |
| US | 104.18.39.141:443 | analytics.ahrefs.com | udp |
| US | 130.211.29.114:443 | cdn.perfdrive.com | tcp |
| GB | 79.127.237.132:443 | cdn.trackjs.com | tcp |
| GB | 3.166.65.64:443 | euob.herbgreencolumn.com | tcp |
| US | 35.241.15.240:443 | cas.avalon.perfdrive.com | tcp |
| IE | 34.251.101.162:443 | obseu.herbgreencolumn.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| IE | 66.235.152.221:443 | smetrics.solarwinds.com | tcp |
| CA | 148.113.163.217:443 | usage.trackjs.com | tcp |
| US | 172.64.151.166:443 | privacyportal.cookiepro.com | tcp |
| US | 172.64.151.166:443 | privacyportal.cookiepro.com | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 130.211.29.114:443 | cdn.perfdrive.com | udp |
| US | 104.18.39.141:443 | analytics.ahrefs.com | udp |
| US | 35.241.15.240:443 | cas.avalon.perfdrive.com | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | udp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.32.21:443 | virustotal.com | tcp |
| US | 216.239.32.21:443 | virustotal.com | tcp |
| US | 34.54.88.138:443 | www.virustotal.com | tcp |
| US | 34.54.88.138:443 | www.virustotal.com | udp |
| GB | 142.250.187.195:443 | www.recaptcha.net | tcp |
| N/A | 127.0.0.1:4444 | tcp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 216.58.204.67:443 | recaptcha.net | tcp |
| GB | 216.58.204.67:443 | recaptcha.net | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.204.67:443 | recaptcha.net | udp |
| US | 34.54.88.138:443 | www.virustotal.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| GB | 216.58.204.67:443 | recaptcha.net | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| GB | 142.250.200.19:443 | bigfiles.virustotal.com | tcp |
| GB | 142.250.200.19:443 | bigfiles.virustotal.com | tcp |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 2.18.190.180:443 | tr.rbxcdn.com | tcp |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | recaptcha.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | play.google.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.230:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.14:443 | play.google.com | tcp |
| GB | 172.217.169.14:443 | play.google.com | tcp |
| N/A | 127.0.0.1:4444 | tcp | |
| GB | 2.18.66.73:443 | tcp | |
| GB | 95.100.153.157:443 | www.bing.com | tcp |
| US | 52.113.196.254:443 | teams-ring.msedge.net | tcp |
| N/A | 127.0.0.1:4444 | tcp |
Files
\??\pipe\crashpad_1712_GJUTRUEAJEUKLVRG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir1712_576380202\614c4a14-185d-48ee-8acd-e2dd803ee57e.tmp
| MD5 | eae462c55eba847a1a8b58e58976b253 |
| SHA1 | 4d7c9d59d6ae64eb852bd60b48c161125c820673 |
| SHA256 | ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad |
| SHA512 | 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir1712_576380202\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 3502659ff5100b8b70ecfd0c739972a7 |
| SHA1 | 93bbb36c71eff77af8246af2d76ad3cb87b0107e |
| SHA256 | aaa5ca65bf413dfd1710075674ad8b7ad095eda120cbc9e05eeb9e1e5deb0ba4 |
| SHA512 | 654badea26e3cbee0a03650a15369717bc6b2e8b745c0ec5e7ca070f5e87afaebc2ff3e917855df8119e5086eaa53eb8adc7edc6adc7778a6f732c80454866b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c326a2759a6d44aef92220ce9e6a05bc |
| SHA1 | bf259b0008e36a62f16d0fd5ccf38b2a859beff8 |
| SHA256 | a73c50a135d66174b03b3362b5f62c1b8c19f0052babb3abb129e47665472588 |
| SHA512 | 81aaa1188f64103a112ae2b7d545904381d61e0ba8aca6044ad2826945b4aaaa7f7119c12d873fde515613054c8349eaccbc08c583471f3a64dc576238d8cf0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1e8469faf37933fb4bbde2fd71a121db |
| SHA1 | 3984c9e43e842b7fd939cdc4b44b67942185434a |
| SHA256 | 91a73889dcb589381226ccad265d551c4f086ff8e1742b7580d15b0866ef0952 |
| SHA512 | 1d1bfbd598312c3f596ca06cdd509d0b5f7128248c2471825d558763c722565161c73f48c8bab33fcbafb9d35669bc1ddfb65c04bf8aa0ed7c09c2bbc486fd2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b29bc9e8c2e0ab7064f2e0c2aef617e5 |
| SHA1 | a7f0d91e19d9b28ebecc71a6ee9e6f21053879ec |
| SHA256 | 5481eace9eab3750eef37a2c248921cd940ee6ff827ee7e3553626598281a093 |
| SHA512 | 5c780ad222f9ada31aa427d78da569b41039857e17aa8c8652a5b88cda89d62bc99127be55a2a9adde7a86b6376ac5f9b7aee23bcdddd06f69133f5e0ddba2a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 0b51d51a64645344d82484785e00b3dc |
| SHA1 | fa3dccdc05939fdf6e2ff399fa6c7534ff9109ed |
| SHA256 | 37c698ff27ff508c27d0004d505219d3b6e0086129aed0dd23ba753d689bd8ed |
| SHA512 | 7cebef7a6cac29d0c0070d392b9a4d5cbb6895647d146a480398eef918cfa593458b86374bd86dbe30a43fab2555806dc226c1f7f7aebac1b7c0c823ab9daf62 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 60ff4fe15131b8a6d325fd6260132562 |
| SHA1 | 397723a13ac5f47f4d552f4f59dc84f786ea5315 |
| SHA256 | 57c801bd62afbb05e3467781a85ea141b13681eae1c442fbba3fa4e049439cfd |
| SHA512 | fa1a1d0f37bcbe3e35a46bc70fd9dae86f3f6db862e5df6a1bc6dc7b88850d35b8f55fc7a0b681f05742ea5af2729ff3bea09a88666be5e254791602e9efe8dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b2c25fa44993c394d0b175c31f8bac21 |
| SHA1 | 1ba3c2655323cc3c0fde6019a2c2fdb56458c1fc |
| SHA256 | 1bb120d4c6149ef441366c06de14cedbb58e08369b3362470f119ecefb1dd845 |
| SHA512 | f68691864ee8d32059602aa2264eb98cdad38a7d98246216cadb45c81160f3bc6508285465a405ca3a39bcae28e172c1bdb7065d762d65a280eede57ed13806c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
| MD5 | 9b7a2086392e7d158406daeee4ca1787 |
| SHA1 | 1fbf9562dd3ceadbad665683daaedf291f361597 |
| SHA256 | 5e4e3208d32fa78ca546ae2e9f2e2ecba82005be61854b5e0d75d46d73ba6cee |
| SHA512 | 3267a01a7bcc54a76911d7b28b8d3888ec5259b80d9a1d64ea1bbcdf7756c742d27f86d3ef5d21cd77a4e962c71d55b86705036cbf12e545dc731e9dcf051e4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9aeb7f4ebe1c6b69448715436473f72f |
| SHA1 | d8894c26cc4b9d1e0279838843907c0636a38870 |
| SHA256 | d0922e55a661f7114c197276b7eea2bcbc2e2be22c6c1a067733797114bd2f97 |
| SHA512 | 49f3520a850659efca96c265dc2ef45975ef3c98f35cbedb30aca5d1ba715d6fc2e751ead68e7e67f25fd959ae1f12b350091e8cd5270f13e8db46bba16ab7aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 123fad30b2094bdbde33c465dc476166 |
| SHA1 | 857fa88d1c5ad4c413edb2d6185e2fe77e378aa1 |
| SHA256 | 8e303bd53994cb98a9bf38ab9e5777bbaf863b1c1f6ddfbd11c73bf92465ef84 |
| SHA512 | eac97bc30554350040647f1027d08f0b8f6928f219ee03ea6df81a5c895e66e2faf50f8a09d622708f97b6b418e9dfc504757158d8e8450ef6aced5b9dff231f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f54f5b3d5873d005d385d70a55c07ac6 |
| SHA1 | 2d524b87718cd9993081035d66ef9bf2d878d221 |
| SHA256 | 7fad68bc0674338d23b4d194fbca7d1bc9e6711b4ec4e123655e445d5fdd78ce |
| SHA512 | 5bda8e17814a391b5eab8b83a8ce2907e3561c17726dd2dc496dee3581c39040a236c543bdd28702fba362e229c06069deedcf0d0202017878a84223d6da174a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1e330b2e4524df3ed35837e06e760693 |
| SHA1 | c1a9931739dea521b7b3ae025e93e080d484f677 |
| SHA256 | 1988c2ce9194a137dea95d045ff93a40ed54dfbcded1680472e30d0bf19eee50 |
| SHA512 | f563335b2c010a2743ba9e7cd44d18813327d1a3a5394c2314195dc769ccfdb4e6c19e865809378e0844fa0c16fbffd3a7c977cde967476aa4552417e672021c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4de18989d7244824e842a63e2502c706 |
| SHA1 | 1d5cc68d767c65fa99edba2d3c21e117cf30de27 |
| SHA256 | b91ef03de17a91c1ef9b26971aa958c5050bf6152d38825eee41e3e48a54ddae |
| SHA512 | 9fe59a36295783e72d91011857dbfe6002e3e60d355aa57343c021ff738e4c786d973a08c3ac1c3af3d4314098d93e9c1c00569ad7fb6b0caf94cfd0d9de6eef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 26869d1dd00afa39da81c567e737ac9b |
| SHA1 | 180c0eb3ee47ed1b496116f356995111bed5bae2 |
| SHA256 | 31dfeb80f5b3b929166dd8c721f19aa72d3a713da9a8db110cff486cb2549e8f |
| SHA512 | 04ea56e0e12203e15ce29331172e4073919a73293fcec06867634ea800247c3c7e548279169cfd0975386bc4dfd79263a52761a51fbb3c150c0e26b8170647f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c90e88a808884e3d16c4cb4804f6e4b0 |
| SHA1 | 04ff39ebf382346c0026267267e767025ff1d0c1 |
| SHA256 | e00ec52418210591fe0220d245b0b1bdc9eca2cf6acb8d9c3295b914144a63cb |
| SHA512 | be52095df4eec14885f5e0e8ca16a038a50b22f75c12de8ca8e112082ec207f7d761cbc39f2541b6271876e5ee2e46ad8706978080bfa86053551349c6e740c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 12d8b0319546b3301fe0444ed743bbb6 |
| SHA1 | d5af94d08e33a87cb0fb5ac250674e2dcabafc16 |
| SHA256 | 208f3d02c24fe7ccf8fd03e3b7097473e9fa478a9becaab7ab50125c5932bb17 |
| SHA512 | d0b2e95d27bc8e1ce6cc89fed0b092a0610e070bbc5a2e59805f5a37327e5a4dee682feaf2d52aa8eb6e3dbfc01167ff2575ce20bf6c702fa9feaffcd14fff21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7ed3406a933e89ee593dd42ace9066cf |
| SHA1 | 85f237c641eac681eee0d0a2f2c8285f7e3e3e23 |
| SHA256 | 545a6399c632b7eac3b68210fa835247cb99093718e20379b9819aaa9ecb399c |
| SHA512 | 1135aebd4d8145d1dde7bce090982513e28bd3861b7d315fb4b8c2283688447ce42d633ef5b97fae6741cf5deb5f2fd82ad9966e1afefc8bfc8102aa6c034a5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8402617c973c13906dc367f14a0b106d |
| SHA1 | 132b752c09ab7b5b13146cd2f7b94f91bf6c9d9a |
| SHA256 | 338ece2c896aa17112e39d3fbe3cea868a85de6c6f2dc4ade7c55acb99c8e455 |
| SHA512 | a3a0cfc78f4c23fbef584ac6a78f4e07038d9e251a9b6cef41f72ebe3698d94bccc3bd65e1ff7d95cc0f5522b26aa87587d57148c2dea2c59caae237e74ce342 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f85bb3c004b4395422353d77c0ae04b2 |
| SHA1 | 77f139957c2f47d274ac2fbee11d036cc625fdde |
| SHA256 | 9226073bd4c14794553911d79160d6c4f40a6a5189a6adaf2119bef36a26ae92 |
| SHA512 | 73e15feac3972f77c49736f28ebc5c5d24abde1ed03bd7c773c5faf47a39a0ca290caa57e931862133ad05b32c7b1359bda5ccc87728462cf2db3560ecb38da0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9db668a6ccede25ccee1011695b5aee7 |
| SHA1 | 76216f12fc8b79d05a9e7b8ec7b54aa1939a6694 |
| SHA256 | 55cf462d17d2ad2ae0d92c281e1553a2043f29a6a56897ab701dea817ff7fd2e |
| SHA512 | 316d3dda1195969c4375e4aafcf2f1443d7916b350aa293f5f43a4e1843c7c533402287333a7d64ae54e1ad296c57b8c48d81cd6b7743649fa247d2a9e00cc07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f24f79ad8772ac0e6e295774afffd39d |
| SHA1 | 14cb6c93d9b70b98dd65536f891ff9b2a8634dde |
| SHA256 | 5e8d03c23750b809a64c439d13144ae5b9451e85af7c4c85059b05e25350013f |
| SHA512 | ab58af9489213b71fbfec76b245c9543b94f36d37f39a76f74a88117c7a5af2495c2e3df2f2c21af80e9c4b1c930e2e678ad9647e75beca66b2474f30aac171a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e350a15efca518746cc8655853174f4f |
| SHA1 | 17a9bb13cbf1fb45c528a22811f23819703ae155 |
| SHA256 | b61b77158236d8aa0037677ca1eb6f0cc075fca72fbd4b5d6ccbe8b533321302 |
| SHA512 | 7de155e738c3a83003028f519904817e6f36758c4d535817a388a3a71f5350ac138f248b949f413c3a349b6c45e2b75d56b1d9741075b217e8c398f9de6995a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6686795d48774cca77f5f978cc6ac98a |
| SHA1 | 86175719260d3d99cda48d9bc3a67531ff8fb6c9 |
| SHA256 | 1b05acdbb689ec82db2328001f2297cb1fe2e017950359eaaf177601f4cec1d2 |
| SHA512 | d21df2da9bea0f4973449b90246f1406db66c0281ba88f3dd49c7213a661939ea26950e0fde086af7b6ad5fa76063819c417e54bf344ff9e518033c5c0b4cd3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 280de97ab5d158aecf33dbf4068e9e46 |
| SHA1 | 5d2392d02ac4732ee06629a85758e08337cc4887 |
| SHA256 | 33bba40f82620694b5209cc8aaae59845528a89a67f60f0321bf25f3c6685ec0 |
| SHA512 | 2ae24eef2eeed254aefcb58b4b99a16d6391282ed113955c382b5bd444856c312ba1524751a9a643c78d23438e5bd2f0c79ab70aa49f8faf7b95065b70c84cc0 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fcd669478d28af04ae7ed08141ac93a9 |
| SHA1 | a834545c11442bcabf63c0ae9bcb33dbccba39d6 |
| SHA256 | 7291b351abba410a9d801149ea24a47e5f14fa2ed6da5076cf480687b8923853 |
| SHA512 | d494be5985fe9052e881daaee034e612c10e51c206ffe4ce543df36a4437993a563a6496ec8f9eeb25485791c5dfefb8337d9e9228503833078ebfbde5033327 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d7321e46a61f1b4c94d444fa630b8f5 |
| SHA1 | f9c12c038524088820c2ef743f8ddacdd87cd8a4 |
| SHA256 | 5a2c37674d855f9e775f8b7c739db9ce63c58acc4c9641714bdca088918149e2 |
| SHA512 | 4d40b0ee10d622905b1b0701de65a64a6c2ef8693cfef6f0e3b048f6d0bbbc6dbb994fd93cecfa4ac167a24ad80cf40e5b8707f6f0762b82e3f78ad712cdba3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d82f1c9c7248f0b228471dbe673fbcad |
| SHA1 | 7912c13653a9a8303a6f505e9ce9f47566de507e |
| SHA256 | 77c9b7b694b69414bcfe662a5e48b1c65de8a1682a71b2839f42e637a6a475b3 |
| SHA512 | 5cf47bff772f07b11d7e83c7d91fe670841cff9d09407c1faf90ab16f3d11d1d43ee9f892f4cd1ca2b130819bfbe7043e604fb0476b5ceb9d9dc021c837e2d99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 07457a9aeea964cc1c872ee3bacf7175 |
| SHA1 | 2c5525e9969cfd7ce6e2bb92f2c92da982bade71 |
| SHA256 | 0f5ef66edc46f2d1cec453c39da7438be406a66bda261f1e9e6462aa0c0ed3c1 |
| SHA512 | b961db0f7ab5dc59e723cc0e1654506ecd66e8f2276a165a8a9f37b4884e7c9f5aaeca724e79933cd991f6f3f1d2d00aac209c451a62cb039829802057f59d0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d
| MD5 | bfef1c88c7a2462d08b6930531953552 |
| SHA1 | 6392a0f160eb73330bebd4c324535445e0783231 |
| SHA256 | 5bb0ddc5e9112db6992a4eb1252b36b666ca8de22aa5d09b1d083794f2acef4b |
| SHA512 | 339ddb4c82a5456623c9ec0bf2574b22d7e98f9b2002d5d9616197dbac6a76742e146ec77e8d3aa8caa3c6178125bea0d9ec57324b28dd52e778055a4eee204f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c651a077afad7b86b2faa14303beeea |
| SHA1 | 5383179fd8455a6cd12523ac8c011d9973988a86 |
| SHA256 | 859eb2906dadb4c0e1c5c451a1d2d8365af2896727051f63eb97748c35b847d0 |
| SHA512 | 5008b37754ad407bccaf4a3ba3b31ff78cb1790269ef2c5dba41029c8af5c148bbde4ee19e5e5b274ae7b79c8bf5fcc364b2dc1fc58d6d7903af1bb59526091b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00013f
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bf9ed2d0768daf81569250b3773c6ba4 |
| SHA1 | fa961092a77d0b104703b9d077a7a156a42a488b |
| SHA256 | ce59c9f1da3d512051b030d68d8d23c57eda353fbb77fdc48606a99223c389ae |
| SHA512 | 8fc5890d8a7ad8d139f33258c1f29d97db60334152b91007136236ea736b85ec1466db6a67bcd74157c46909b69456794c2c597a42aff12db6f3a3392b431915 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a55842fc7f99628134bb180522291a9c |
| SHA1 | 786b1d256b2ab4d97d79e8889c4f140622b905da |
| SHA256 | bcb3352e8fa8f651f161a17274be8ea630c8a19c4c7816fb3a7b873d7cf49346 |
| SHA512 | 05ef9e1b57c84881bec8acfd40d66ea48f2d8074b05ea511b535b5b82ee9eee2318dbb35922ad2f954850514c575c8e8ce35bd7d89869301b11cbdc58af1fdf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 500d847371440caa811731d21f0bc1f7 |
| SHA1 | 9e1c369a2803f7fecbe91a4d8c0d2e99f5052c95 |
| SHA256 | cfa943b3455a20e368f2f2e1c0fcf40c870c55e66f9500952712c26257d731ce |
| SHA512 | f02cb4bb66dd0a9c3d41c322582bbfa380e1ecdcbd9aa2cbc7c69b5cf435dec323c8c35d419b04a827dc38db969f3626fc795a12125fe9115654284d92fa5477 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9b37aad2be197745844055f7499455ca |
| SHA1 | b240b54819be8e907b80d7ce48b11008eca429d7 |
| SHA256 | 0e2551c758ff884c6c97d4fcd60d702d92b8d019c808ab03d81821b128e863a4 |
| SHA512 | 80318831bcf72eb065ecab7ba1e1d713e09b3b7888847a3b67f30f404b297e59850f419a9e9e5200e0bdc21d277832be9f4feecd6cfc990e75409f6a23060092 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000143
| MD5 | ce7b262351203b245322fe75044fb61e |
| SHA1 | 46fc201fa3a9a56cb91f3a08f4a380f6d2283e0a |
| SHA256 | 4d374f815118157d4ec62c285937df74fec28c75d9eec110f48d3e04cb321ba8 |
| SHA512 | 0af2f8fa0171107ca26b73d1eeed9599c0b67953e163441bf65dc3a5bae5c9aa82bdcc54255996e8d1d472db1b09ba3286859d595619f1706a8e61c464081dff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dfab3b92d38d609a4468263a362f0da6 |
| SHA1 | 4b389919381820ed27d67b51d27e7acfb4946499 |
| SHA256 | a58823b826c617169bc32b4893f1be53b89e852b1cffa6d7fdce710afa5a5f8e |
| SHA512 | 5f600ebfa882395202a9da7910bf077aee27469770bfe0adff2a25098cd22bf6cea7b009ae5fb127350b91ad4832b4c79d8c0bd95d6549c3c7a5f280957743a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b183834d609dbc24f4119d525152891d |
| SHA1 | 4e4e0808256ad56208b61336f115de3d6367f4ef |
| SHA256 | c624a7974c7b46536902b2dd1a65a304e2227a5197117205f36c7268496448a7 |
| SHA512 | c0350d9086cd679194af6cf0d7e73a77f509aea70b892880605f65fcc5f1596e228c6a2e9cfce05db036655aeb53419905a9be17556f9e44a1b69cefe1ce2799 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_nnpjd.truthwasisadl.org_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3264e6f20601855cd6ae94c0b88f2980 |
| SHA1 | eb2941be2f2704580dec8facb0ed4ea19309a943 |
| SHA256 | 2466926fb6be1cbf2e69dfb32af2983ef6d64fbffd9f1927e9e31f8f0683298f |
| SHA512 | 34a4f1ef6f0a75a99bcb0e971e122a63ba51c3d3f818ab46d38c3cdbc9b7f6e7001f91652a33338991a405a0d6fca5e2ca11a9e6da9fcd2eaa63d4bf4a148bc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 48f4b4a79ee4e97957fa9263ce0c4a83 |
| SHA1 | 46f8c355e6360d4b6222af60d2717d38eace514e |
| SHA256 | 14e3f07b66c8a571dad787481b8e6b953ddf26b4e9ed0f16b314f881dfdaae14 |
| SHA512 | 79761d595ff8f785b899b69ed9118466cad6b6acbf57498995f5f9a011f751e984717e1eb993508c20573248c0f6b768d1e9e217698ceaad0d8e84fc0bbcaf57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 98be2d1c27e7ee312f1247c1a45e6e73 |
| SHA1 | 9e9dada5912dc42ffb1cecd72c43948a7ee5050b |
| SHA256 | d16deef949a55623907c4178434e450e252c75ed099e74c7b2fa9cbd550b7ac2 |
| SHA512 | 3cb793bb75d0ddcd2858b6f16755af805b85d75a2e0857fce412744d90a90efbeb4b527d6a55c718077ec6cad0fca819c634484127f24836bf85569467d98ed8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2c270f7e6e8e324341d4fa8add3cac17 |
| SHA1 | 7ed7acd4a1b82f210818dc1f6ce8806660bfd452 |
| SHA256 | c07c84e1c3a8b2ab96682430a370afcef1b82d2936bc4f533fe4ef35bcd85b3b |
| SHA512 | e2b7720f9a8dccabf272eda9eb8ef4745b9541b45d8fbf46c62a4dfdd7bd907234d203f5eb9af5e7ae6c69fbde231ce0406ed330570f5278691fc6afccf1c75b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 66285bf72630b1145fa0b7d9d5e53101 |
| SHA1 | 3c0a2134af3707738ffa87d4a293ce4a780ee5b8 |
| SHA256 | 86c3e491a12ebc4c531ffeea2764d51907a797e920ee19dd7a9bbe46c91bfd48 |
| SHA512 | c54e1fb4a13ca1fee65a327339df736c8b736d2cd013240bcdaf256205d32a0a3cd959de844ca8c1c4b5efc5876215c3c762b72ed3fa891c558c070d29b4767c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a4ac176a043390b145b482d97a71a7b3 |
| SHA1 | 3eb1951c84cfdbecb081248fe5802578d380098e |
| SHA256 | f3109267ebb76ce0df9c09964cbb3e0d2bf246cf735416055bf9042ad3e9e782 |
| SHA512 | b45b15ac883871fd022a5e285dd663c18795028e4d37569d7554e2d19fd071bbc61a6df934ac02a918470f672f7f748516adf8b0f36375cbaa7ec1332a87aa9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5ce4d9b6feca9d4274861c01657f357a |
| SHA1 | efc87ac4b960377885f3b33ab4f6b0b7a4568207 |
| SHA256 | c138a7691f53d5dd7a7f8423ea31d0a428d0f8480238081a8250eb7ce35e4d6e |
| SHA512 | 0c30cc8799afd51288f4945fbafb405268a967354c3d427766fc13706147632d9b515f9c4be3ef4fb5dab5b7fc1b0a4f2090e53c1d47526c57ab599053d57dda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 55d772269004b65f518ecf13ceae8fc6 |
| SHA1 | d011cb1fb6cd5328b4f78edadcef5208c503b56d |
| SHA256 | 03d5beac13ef63f9d4633eb8e98d8ae54d4b8b268f44902a63c95dd77b5435aa |
| SHA512 | dbbe79dfa0604b61aff9c61018f7ceaf55828a777c1e726362945971f5d6fdb856a059f150246f612990bbd5ce7e55bde354472cd330b1c830701fbf8d71b2eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a6957f3fab6c2b018d71c2cbbaec3440 |
| SHA1 | 0e271de3f1c81011c6affe251302be435ef8368f |
| SHA256 | c7f1559cbca79ca2052068147ba3033c89ed4f4c99d5d76c94d079546a37af82 |
| SHA512 | 79eb18c176a3cfaf9f4b1b54f3201ed71fe2329564dabdf3784873065a3915c5045a018156fb8585f95b3e6528418b9315703a93704432eb0ab0cca54623b511 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e547d438cf6dd0c82fbdfcda46dbd149 |
| SHA1 | 3a066e7b9b86bfbe4e9769ba3e48f3d9b0018961 |
| SHA256 | 7e8f1e81e78243f78007271e35460bab41460b3a9cf1f3f09594d0620f5dcfef |
| SHA512 | f22881ba8f84358fe3a965ee21adbf0179eb52a828816c099254e7b50e1fad750667485b2b64a38237a9bd6b8de14295163adfee648d66e9a10832571e0069fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ae8403826ef489d38201bd8a0badbe33 |
| SHA1 | 7af19a3dc5c05af5da200546f3cb34e83c1a84f9 |
| SHA256 | af6a1df00d14ba1ca128d5a1f85afba8be73fc7930366e9e448a9dbe5e1aabd9 |
| SHA512 | ded667ae31b490fc09481e4b16cc0fa1646c6b514e74b234f9b4bf8728584d3a354088390b18e0a12d0396de932b3bc10e356433f96891abb02b806a967896fa |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | c9bcf62c3583c83bd89b539453ec5379 |
| SHA1 | 205ec3512eb1814a49aab4c5532bb36b4bb9625b |
| SHA256 | b255ee3805deddb25cd1a56eeb6386b38761ab0fb53dc58f83e974dc04ab5a64 |
| SHA512 | 769479f4a0f1d75abdafaaa2ccb8ccfce1deb9861f1e49e8831d5ff315772f68e638eb8f57b5425a9cc0df0ad97260a4890eb9d4dda1f4f320a1cd599c5df9df |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 5c9bb89b67c7389392ec947daf3a44cd |
| SHA1 | a78b71a768edb1bf0849b57afe8eb54322b2ea2f |
| SHA256 | b60cef2c824abc2cf871f3ae9089e966927ff07282167d0bc89c38351d95db60 |
| SHA512 | 60d30dc3de4f0b8e1302bab0a004d8b593c8c4700927d3aea8624c3d773d163169dc9b46569b6657019bd90e521c9f18c814c98f143a7f9278cb39d123b7e5df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 54d28c288988e5724a3e0567138e6f23 |
| SHA1 | 432b320ca74d9387b8e806016f29e3792f583f88 |
| SHA256 | b5fcdad968e5b4310dac16fc3d235839311c7d821caaa04e9840cafc0bc4c4bb |
| SHA512 | 2680dbc3a24beb4c96fce43827c824a73c1cac02b94c117781679ef811392050d5471f66d4c984230eea1d13b2a61d337777a2d0ca7e3de793827068f5152233 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5d3e03b28a2bfc60deb1b81232b7bfc3 |
| SHA1 | c740eef04fb0c96e66a55a2edf7909423a8fadb9 |
| SHA256 | 29835499ccd9cd693d83bf034d6be5cd8f1b6f169581fe82ffbd005e8252ca50 |
| SHA512 | c1fe86731d10571f5fe6474097d2943b12edf772a53872f9f9726241ce9d9a52aca629acc34f3ae0344b3369df33ecb22942a666a0511e7591aff655f415d16a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 758700e596c02699fe173e4cd4fd76da |
| SHA1 | 897e3996c306980513277a84541b8a78243ff8e0 |
| SHA256 | 2cd1ab053c2b9c0a81322702f64f0cfa85118905aaf48aacf17bbb917b69256c |
| SHA512 | 281609f8943261c85444042b218714df2e57cb103647ad9cd2a4d3a89f92dd4cdf7f795cd85fff542745da6a0b4156a1612bf82a6df323ebe12128d9133199d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f7ae7784d64e7200b363cf07de2db3be |
| SHA1 | 283872a7ed5f397f9694f077dde20dc5fe18bd99 |
| SHA256 | 1f5e78b073f5f02c0d737949df4ce8856b5858fe83bc7761b27b755566d359aa |
| SHA512 | 952fd096ef980b1a528334034c898ad5c5fc092733a5f6936653969aa5aecdf863f4fe2b3f379bdb4c7fdcc10bef5508c4872f19ca1f57046f21423f7cfc436a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f6e2024086399a1f61031e72356d046d |
| SHA1 | e09120fe7bd0df0b8e64e6d7bb42ddd0ce07cbce |
| SHA256 | 54e03bd32d7d56640a853f7f465a7e9f45a01764353fb6457e689b984d58e355 |
| SHA512 | 61ca4123f6f3f9a73bfc41c844efa73633dfc06b844d8637f006835cd0613d4b524da65175d3ad22582930a0e6fd1cbf52afa1996447aab535a7f83ee09956d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a9fd0326b990fc3e9346bc435adf531 |
| SHA1 | c8c1c7e4ebd254e374c8ebef48f04b071c45d806 |
| SHA256 | ab078e63ba4f8e90ada9dab5b66716c38aa9a3fc4310bc9291a36d1c69d74ac1 |
| SHA512 | c89b2f6856cdc1cdc3e7c7fd3963e0848b6cbf9f5f0cda60d3cf0f555c3b854fe95aa0b65a252ec8cdad0864e3112be21d007c37be9c7c6e5154cb227dbff39e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fa1c966e0fe0d4e5184cd6d05e4ece74 |
| SHA1 | 9735b36700d7f6a16673127400c1b3039d58f694 |
| SHA256 | 82d3df0f71f8e913f248afe57f5eba867d6fabb434a2440ad75170a5395ef1c8 |
| SHA512 | 755f54a9215b14a3ea0e424477df6aafaa669c2842b964068030c984543c147368aea033d276463dbd17556592d994c5faeb3a2c5445a4ad3460c653695bd5bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 1e93cf467e4730dbfaa99ee5d035f890 |
| SHA1 | d9aad45a7b76ecdf8babf195382406740a3e962f |
| SHA256 | a9a486d074a344c10edd4e7be0fd670bc4ec437b79c94d563886498f80c50e44 |
| SHA512 | d843c61f225456c7c5316ec93221c373f03f8553c1fbdb4034338123901615c92163539edb43f1eebda15954ab683df9527cee5731832cfda95e29aaa8ab4824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c8a94.TMP
| MD5 | a261d185bb9d0a8d7b975b0805b422b1 |
| SHA1 | 4d46b66b3002e87e18432831b180049092c7c989 |
| SHA256 | ea14cf4ca9fd61b2db2f9b38cdabb6bd9fefaab55ef46b35ac4b85ab580b9a17 |
| SHA512 | ea901e7b7805216c262a5955d196806b75fed3dad6bd75285d1689dde0e24ccc84446ccb79cf6f5f9744c257a6e5a2a78dbf181a70dadb3d2464cbfe0ff8609a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1712_1405460930\Shortcuts Menu Icons\Monochrome\0\512.png
| MD5 | 206fd9669027c437a36fbf7d73657db7 |
| SHA1 | 8dee68de4deac72e86bbb28b8e5a915df3b5f3a5 |
| SHA256 | 0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18 |
| SHA512 | 2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1712_1405460930\Shortcuts Menu Icons\Monochrome\1\512.png
| MD5 | 529a0ad2f85dff6370e98e206ecb6ef9 |
| SHA1 | 7a4ff97f02962afeca94f1815168f41ba54b0691 |
| SHA256 | 31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6 |
| SHA512 | d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\79d5c483-c638-4c09-a983-99760f50495e\index-dir\the-real-index
| MD5 | f07f62ad37ed73bc87f19d98ce43f2a5 |
| SHA1 | 3925d4627c661186cec791e63332fb34897bb862 |
| SHA256 | fa59bf6432c30b129de3ad13c296bb17d9864b714c2b36ee69ff4d93d4d3ed93 |
| SHA512 | 73ef7744dbdb7c1c7ca66f3d0d6bf744699756c5f35385abebdcf43a7bc4ad319c79c577a1a6332201fc337b2b7a47110e18039959346dc5ba092d0393b260f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\79d5c483-c638-4c09-a983-99760f50495e\index-dir\the-real-index~RFe5c9d8f.TMP
| MD5 | 17e4b412297b29ba186d19a56e222edf |
| SHA1 | eba7f4ebf5030381b94a9e09902298ef600ba667 |
| SHA256 | 4c0e10d268f5b97bae5ea58e22b2094495354967b4d406d5486875dd2314b4be |
| SHA512 | 1412d9c582a5ecf5cd2e509a473c808edcd7cc86acbfe66c5c061ef854757d034c0a25543b82add7961006a749887f8da24a8eacf48bb6f086c3163216f95915 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7f84d16401f74079ead5c770d5cb7b6f |
| SHA1 | de2998ddb76fe469057f69f1e52c360a844c2828 |
| SHA256 | 2b0d3d70bd1b574211e8d27d3898269bbb750c5247904d9ceb25cf1060fb32ab |
| SHA512 | 65c943817497e91b17fd5f8ee244e4a250231967cf5e9d9807f3104cd773ed9ed8f032d9979e11ab3107cee0edc4de3ba865462742b0c3e0533dea8a26436a8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4d2c5a5280560e7ae9275692328cd068 |
| SHA1 | c9dc06a886b7d41531b6808fab10685fc4ac5c53 |
| SHA256 | cabbabcf8062e7c199c9f2d7bcf74fb31847657795bd8b6c1b149ac3f8d89ace |
| SHA512 | 9e8068305aab73eab3c21c874819d95802bf892f6f7e40af62132f2c3ac5e902051dac01534cd478b30e8aaf87d8dd29e4f83dfb30e150895ae97a44d8dfe871 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ed5c8b8b12ef5c6e376060a6ff64b30e |
| SHA1 | 30e448b5c3f2bd46bd1d1835b4d493f7801d811e |
| SHA256 | 0452fbc511943f32f70b1f2a7335186134af70cc181f0d63e00aa9897f0b7068 |
| SHA512 | 26e966f5f9077fd1e988b9f300cff1454b93c74e166049d1f6d8eeecc74fa61a4b67f1d74e1986d9fa2e90d5f8d9a50e632bbc7e655d0796a321fec8d8f9f452 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f4d0a9cdeda23e2edb5e7d27b590cb50 |
| SHA1 | 8a22a0bf4173b8de629bff098f05344263669ecc |
| SHA256 | e886fb776441417bdd8ca222fd8a9ca0089af519787cb53c67ea42bc6baef22a |
| SHA512 | d6423ec0bcaad302af0e7b4eda63d83075a880aa8e92f0ecc27bc06180efc66fd337392a24ef14e7f7bbf86d3d9f3d6ed038eb9b2d77a4aec2ea06028c2f312a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | eb460ecd805de04e1861616bf6898acc |
| SHA1 | c08fd85c6126d252bd2e4d59837ae7a661eebe12 |
| SHA256 | 08c39b215f9bf3daaad4e8094424bc793d0f4d189ab1a11769966d4453a28065 |
| SHA512 | 29a1b4d3b95fd4ad3549e90f266c56b56a0e226dc04cc881b91066f67479be7bdad002d8d068eba610a0f32913962e092d1d10e0783b4fe4b51ad2368c556b22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a8d15e92-6316-41ba-9bcd-3a74de75fbd5\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | aa4a775268935ba500fdf5f1fbb30a80 |
| SHA1 | 244abb2281210dc0e35d3d7468720f1dcdd77160 |
| SHA256 | 0f0e56a6e143847224bb9704c32751828bfa6022d12e18e80720c775a7cc0a84 |
| SHA512 | 0ca62cf9a78c3ae35b6f0f258e652c4bbc59e5f6aa39a9949fff39e4d4e22efe7135132897a5d115a1ff4c2110fd1bd92001bea902ff55d7932d1143a27893a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 680b515ec2e5d78e2146c69d50a53391 |
| SHA1 | bb1b43e2d47c2d6eed5afc11c547ce9495d489cb |
| SHA256 | 1443d43f83206a37667187b44a85b3c2655f90b6fbee7458a9c87c89f2fca240 |
| SHA512 | 2344e827d4d7ea4a1c675d64851cb6aa7d3c777128a48fddd7c784b8bdab82bde2385a0e6e037b147f604f2e698eedbf933e521bc973d7c7b44ffc2af950b9a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 09ecc018ab6d59bc387f5742896a3762 |
| SHA1 | dcc450362fbc24a0ab777c4e31968eedecd31b92 |
| SHA256 | d238be83d0f6835e0a438691818cd8c8264c51c0e960992178f1d5764997a2d4 |
| SHA512 | 93d7ad5f2ee0b56e2e7788e5f0e2d9f337fbcd384ea1ddfbdd4cfbb79a1e52fd1824ef3381814e078bb7c26aa3d99aa852abd8ee5636f30cd90cc36c7f24ef9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000151
| MD5 | d442ef17ce73023306fe98ad72c80aa2 |
| SHA1 | fc7baff30eb21d17a999105bb5ed99a570e7a944 |
| SHA256 | 73be2999ffac3d8740d483276f4527fc3a55fdaabeaa298465d715a27c896aa7 |
| SHA512 | 2ea168bf3c620f9a4eed102fbe516d9c163789ce4baf24fadaf1a9c57c2bc4dc9983922bce36e581c654d60d664c9f8e2c04ba1b6cb0e3803a6e1fd467ff6f40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000157
| MD5 | 466220195d9c7c71105dbbce6224a141 |
| SHA1 | 0c405614e479174403b3afd4afce93e3de622f09 |
| SHA256 | b4d8ebf801d2b079c0abfe07b8bcfd2987a0091a86e62ced9dbca7c883f34610 |
| SHA512 | ec5493829b7004aa19a13e8acf7ba5ed51788ed24dc731732066cc7f9b664d2c4514368028fc4ea4571eb6ea3c80479f512e1eae0834cd27161a822316829372 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000156
| MD5 | 5dbebec0f701639844a7bfbc08f93457 |
| SHA1 | e1f6bc191e9635a99f902477cbb46d7b45a667f2 |
| SHA256 | 73c12f9823742899d7c27bd24bd4dc2ea8db4f7d2e96e9a161983f5d09b6c6a4 |
| SHA512 | d3f15f7db61adbb3c63b576389bb7650cef7380d3b03f712c3b363076cce8bf3791ed8907161c5f5097f84beb4e19f15d761340355be4514bd94fbdff6eadc7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000155
| MD5 | c4b3d2cbb5080623d47cbb6fbbc3dd9a |
| SHA1 | 732afdd5262a1a34165224c7cc0335aeaa6a856e |
| SHA256 | aff7c8d2c603f5035e272b04e70c6d436ff84a06a7276506484514b85f0e1d8c |
| SHA512 | a71900125e8dfdaa25282c29f2683b0bef4b0fca8b692b42329d0f7f0adac45366c64dd99f69c495b0e8d7fffb214f2727379a02c69c9178a487d843ffaa411b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fc19f7428fc0d819e9647fca479a351a |
| SHA1 | bd0f7874c58a4ac0482f98b4c27024fef26ddb8b |
| SHA256 | bae8fa7ae57b231900c674dd5355cef4ac00232c5658f09909a8f085541b0bbe |
| SHA512 | f9712694b928abd8a40fb2b8881045f942af94477c906e4a78f3afdee61081f0ade04dd5a8f1a3313f2182b0851ba26654a7bf78ca3c1749a03a54c726a62a0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e4738c6434bbdfa260ae64461eaa55a |
| SHA1 | 176bc0926d48d50786bf87f7184579ea357614e5 |
| SHA256 | 518c85883fa4c6af7b79c2096f6551cb59984a224709f71a597e99db3e9f6a0b |
| SHA512 | 3b908d36cb977f3ee0324fc18399447b1c186c9f7d7bde363d98986e11c3b1dd96f2b681ea24d456a24bed7a9cf481924e9c887885791c646617c6b2311fba7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 4b3e40af35cec962e2c0ad40f12c224b |
| SHA1 | 800ddce8e80c4001962e218dd04b7ea94942bee9 |
| SHA256 | 8149bea39b086b28f6f416155877a8bea4e01d3dc70c06ab8dbacf781c92b0a3 |
| SHA512 | 23a26996943c977a28a8a877d770a737642f689f7ad0e94c9e84a234aa1cbc746c36b5a7a3ad365882ef76c4f1b981d116beff2053341b1d50ac7860ce51ee52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b44d5d555c353f131896f4054a2fb14f |
| SHA1 | 2fcb25d087aeb227462ad40b8fbab6f8689d303f |
| SHA256 | 27e8fb9c3c7ddf1bec57f00eb19aa3588da44c1d9620d67515ec234535828287 |
| SHA512 | 2de4099634718a4f6180c9a02d0c1193c1cd7c914d7aaaf478e116e1d5a0c2518e68cc7895f6b506c48cdc8aea08635e6f2bb00da3e61426004a3310072333eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f19f89f6-b118-47d7-9dda-5f01fb632d7c\index-dir\the-real-index
| MD5 | 55bf1ae2e692261e968a21b1cfa1e88a |
| SHA1 | 65b3dca92e584f48fc6cdc9461830bc44d1e2d65 |
| SHA256 | 0902445403463b6dfcb54fd3edb61c7708559a642877c6b813ae4315d7c9e91f |
| SHA512 | 638e0b3911184f34397194d0c8cf8cdba6fb613cfe0f3fb4de26eacd2473f9faa08be8691b7d0ebc55400e1d3dcb03976e6da5147d07f8b705fac3116b3b84f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f19f89f6-b118-47d7-9dda-5f01fb632d7c\index-dir\the-real-index~RFe5cfc3a.TMP
| MD5 | 5031d4dbf43ba90d3bc9c51c7e7ee1c4 |
| SHA1 | 0b93e2ca8f60c06d5d546e6786dc53c408c2f688 |
| SHA256 | f098c465ca85cee88cfda821e1e1038ba30e58d82796e18d85cb42c986464c8b |
| SHA512 | c13aed20c4f382b4e7b641152131e4412539d785aebe6ca560273c8731eae91d2acea1398260dcbff2c5aa666c8a7a187604a332320026d728c8dd39bd9fc8ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b4a35e77-90e3-4865-b1da-f03d857c557b\index-dir\the-real-index
| MD5 | 4f96e69b0800b05000e435471776fe8a |
| SHA1 | e508ab85f2693e23c5292ce1c7d02c2a3eb928da |
| SHA256 | f00c1f7fa5524414ba3186360bb77f6572b63b71bde8b4b36fe4a77ba22ca053 |
| SHA512 | 46a34a8e343ff71f668a4ad62c38c9b4a8282d2e446c018aa6c8fef93e77f2df0dbe368354ac79efd89bf18b7796283959524e61c3f04628b0e9c112e35e770a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b4a35e77-90e3-4865-b1da-f03d857c557b\index-dir\the-real-index~RFe5d01e7.TMP
| MD5 | 0a4fc29872c2b800a7a139ed127b3c3b |
| SHA1 | f2ff517f8cd8209a4eeee036b3111e0391671191 |
| SHA256 | 29fd8648ddbb3f1ced52d5e01e71a8ac5a88b1e99e7faad96568fe079f98bea3 |
| SHA512 | 9c0ffb921d43f68986084872c54cc3e8eb72e5018a25b4e51537ce17c1201d9ff591af42df538511525cc5b6ca8565e4eb4880ce9ff380f1fe62b04a6c8e972c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 7ef33581bdff2ce1b8b5b5795f42bc80 |
| SHA1 | 3353d284e502a3079a5ea0b90f07b17aede951bd |
| SHA256 | 34b6b02c31354bd80dda024024e65c581bfafbc14c71f1c2c4262c2da7ae179c |
| SHA512 | 9a8fb142e6909b879648b5b8fdef2f581fde561619e6329951e6b3b4730b8e6f6238eeb0e47c611ec5e00a0129af15adafc86c70723af519c702e6c3b49b41e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8783b6b42eb0d460deb4872eba443ba5 |
| SHA1 | 37f3d6143e4b50bf5bc33bf9aca658bf36a0d0ec |
| SHA256 | 3fc26d863f64a85e8575fbad06658bb9cfadb0baa33df8b483cc989dba4530cf |
| SHA512 | dcb0e3a011a9d5724ec7f13e5a3d110677aa58c43cd5df21123abaf7359150e7ecf53d8668e4f8b22589f30950c7c57543d0283013e95cdf78ad2c503e821e38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b67454fea1dc9512c623bddbc205e5ce |
| SHA1 | a481c2f058d549798dc3d7dd05850030dd951515 |
| SHA256 | 25fce238b85fad8393070986aad639ec01fd399abec8d87f35eefbe845bc5c62 |
| SHA512 | 1cfc4739a9801a35d9d04b6fb94d9e215db3056bd77d78cff71f603f8f074a5594425261490ccaaac04e08ff1998e578dc246099e55223495281c7248a3dc78c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 30d654bdd45eb193506dd427e6219c20 |
| SHA1 | 1cff7d07b5fba743264c05db2c14a85469b9d654 |
| SHA256 | fb7810850f9f5dba38fa777cbee570bcee01f0a4a545534562dbeea4dc938101 |
| SHA512 | 03ee52954ef31fee810b0c0ab839f99bf6e8d35beae3073fe241a9383498f07882978ca2584671a69a6be28dd80735e5717722edc98077542757893e04abf1c3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 2fcd4a6ebeb715e5db49126955346fef |
| SHA1 | 2a93f5cf36c0a5f1f43cda0bae9da85e3f4e574e |
| SHA256 | 86817ca30619d7a8a87a81301aa06ee303ba0142c38ede7a51660a5e03574c6e |
| SHA512 | f02c2c6f079ad0dd16f1ee4d94a13d901c9d8332ae1bec6ae735266d2967a63968c3800385901b1f2ad78f6e2731cd5c857e5837c75b878290a8b050fea0b32f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eb91583b4b40c959d28a987544ee6212 |
| SHA1 | a6a7cbafa2f5a5426ce8f4ddb5f2c4b0ccaf47c3 |
| SHA256 | 9151c0aa6b72b0925969bc314209e07f26f2e908229e81e1779dc0892f59f45f |
| SHA512 | e131c20a62d03f3ed2af0b4ca856c5c95f32c7d76cb59bc2e5c54fc15384f93fc2b0c5facdc7647283186d9bda2ea9ad4f25ec655afc301deebd20f5c130a13d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1dfdf5ee4cd704544e0a38c7668519c7 |
| SHA1 | a2a6a8204cfc9e4985dddb236526a4c02cf0fd9f |
| SHA256 | 0071b6581758e1d58e481edca1ce571bdc0f89c433e4b5b5d72bf22101a3db75 |
| SHA512 | 6e112466dffbdf281e4addf9c356ded3aacc781564412035b039148b0fcfa4159a02b5f8145d3cab7c311703e7ddb32a03086114ab2fcb02fbb7648139dcb9f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f064fc1434db88f567f6f755a04e0eac |
| SHA1 | 10a633446124296f9bfd9ce56649177520413381 |
| SHA256 | 1433d8f5a98628a933f78f5f1bd791e3f6fc52d38f196541b7adb9d43e8cd73a |
| SHA512 | b201f5cea8d0fbe0996422fb5d0a2efd96bc8acad7070e06cf6366e319287f348da27915806abefbbbdf0b8c7f2912b9d9a616041d594999e9268057f651a185 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | de8b37589a700a62ee01696d266cc646 |
| SHA1 | c66b94da42f107e5d58fcbd2028526fe4c135654 |
| SHA256 | fcfa328a8ec221117924fe1cc1292531daed230c881a524a9346dff176796d30 |
| SHA512 | ac08147faf8b022b84a43c8b8a51dfeb75cf6316919666459a111923bb47034a1b3a816e8b7d3e166fd8ad4538fb9fa71fe5f40604a34e6a4406d5067adc41c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 01003b713a1e41a63425a72042693b0d |
| SHA1 | c362f5c722573ae273e83b401df524b7867f3055 |
| SHA256 | db9ee5af769674e8d673a394cf68076e8dfabb8eebfdab3991046ce243d5ab8c |
| SHA512 | 1d198bc7a9f7a6f65a04e9808755468d9859e8320483934aeab227e115fdeedce5b4218e5ebbccec2d1ef0fb590ef939a38931a7cf859244235453d28d4fa0fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2b661fa9d362803a8206c2f1a70b9657 |
| SHA1 | a07eab8130d9b2580598acadce7f9d93cd3aa907 |
| SHA256 | 8cddfa0d4c1d5f4387d6c87fed9a3d31637ccf07c1e2dfa411531c5b89440245 |
| SHA512 | b9b1756e515bfd12f4882e59f9e7aef0085022fadae7de01617bd3665dad6f4e8bdf93ae30b5ad3d6c1ed9bc7f7e16fcfeaa0e21f890f8840c89fbb81fd432bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | be3119ac9dfab8cd59f9d3cd2b0eea1b |
| SHA1 | a95731615d881f3391fde7c18e2af9e26d81022f |
| SHA256 | 821ceb1c945ba47338fef36f35208530d891ff2caed4e6fd78386731aed853a9 |
| SHA512 | 91e7c314ae15382238a90651e11e3bc05561da94fe73ea123b4e3b3f4d1ce30c457afafb1ac6ccbc865599bdf097c9c5288cc23d45441f70d624363500b9f135 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 776a7070744b67de63e58e195ee4439a |
| SHA1 | 01eb4f61f0c579b872c209e7224913e486bfecb5 |
| SHA256 | a504daf1c3a6c1170589660ccdb6c37a95e329b56cf9d466f37c14f54969b223 |
| SHA512 | 0f4ac3d10e5d8ee7ffe83a80e29d4231b98549b3858d2fe0f48fc858adf0bad1c54315b1863a1f519af0169f871df6445072871fbfca29834018759e75fa9e42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1a773759705b65536e1fc5dd5b3df8ad |
| SHA1 | d987b952f206d15c55244b569cb45e4c4199d712 |
| SHA256 | c80dfb9c1f70e3c080dc7c16fe3ca99ea1ef703bc4ae545f8b3b73ca7ff2f980 |
| SHA512 | 14cb1199a8d644eb3debfa6274e258d3161451e877688fd4fb3eb9a8d1c4e3562bb38b5e88084004843e06def928f154489a55a20d2d3b9fed5b395825c0a3fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 301d34d6db69c91aab8ac31c0d8e22ee |
| SHA1 | 1dc1ee7b39c1247c031b82f4b4f6da81b534207b |
| SHA256 | 852951e33d6533c86d6dc032e45abed1d185aad3bc37b8b5ea3f6c79a3ac8364 |
| SHA512 | 971fcf11fe49d9a7951d7b4d35886563c455df1dc482fce1f47564cadf8d446f2308671be25527d838f34b28c9960ca5331397d2c1c1993c4ff008418ffd1e1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5e3efb.TMP
| MD5 | a99ba5b30c3e605b0d92706446828003 |
| SHA1 | eb3b49d5843eb3ae60693acc9cf6bc6900b60979 |
| SHA256 | fcbeedc66d12a01a43021c65374ada3e9eb494ff24162b6cf30cb24a95f0084f |
| SHA512 | d22998a391a2cbbf5e5e88a4b0f46bfe2fad0e2e23defd9a374335ba6c6a2d87a0256eba4bc7f4ccfae70422dc2bc6c124a0fff62134a74139ac332e66dd2115 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000177
| MD5 | efe5292e8d04d99caa4dcaa169330b6d |
| SHA1 | 11a8e64ea2570dde50e65eba825a2b3cf38e3961 |
| SHA256 | d1ad71461deb535b2147a9d5bed382b8c64c119218d8a17ef7f183632995513c |
| SHA512 | f826c5d791d9fadcb7ce3e1d914cdcb5b0102882e1b8a4cc8667290c60944ba3c0941f05a25ac51b42185a0129e336c4ac17129cc54d0ca6def4648131685e36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00017a
| MD5 | a4ba4de058ee567b2f5328f90e4d79a5 |
| SHA1 | 3875d9ab9a3bd87a229b4480750dc143fe3c0bba |
| SHA256 | 97dd4a875e1aabe81a329a1e1057dd8dd3a7906a85cff642a0ba6eb43c787318 |
| SHA512 | 13adf3ee3d4afbd163947af42f5e2692f8218c1adea614ce1c71c3b11663ca17eb6e9669688aacf1556780ea119b23f6418a3f777d4cbcc277556a0b795f37b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\5\CacheStorage\index.txt
| MD5 | 18f7172da27ffda8680876046bd6976c |
| SHA1 | e68622f057938dc0db145eb084858c60f9abe45c |
| SHA256 | c0c19ce5375bbf60b7ef8976bc0a9ca6dc62e23da2e9cbd7f00a43e46b4b3e5b |
| SHA512 | b3aba20915831b3212a4004e3b3ad1559f2317df661691941e2e1be079e8b4dabf2a95fbd4ac9c451d3cb7fb87962a781ec6ed5f8842222fb310b8309f7c4370 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\5\CacheStorage\index.txt~RFe5e47a6.TMP
| MD5 | 7f76bf7fde22b15d4fdf9fbfee6e18ae |
| SHA1 | 6ac6f6b46daaf5d16f3887e4eee6f14e9fd1e66c |
| SHA256 | 5afff7a5f8d92e98b6baf49f3873e588d74d885264c14699bb9f8c5ce4c1ba99 |
| SHA512 | 199d7498798fa338afb8b8b48304cfca41936e5883f3bc3bd31ee986483cf72ade9f4302bfffcc66d9ff125fa44b86fb6c5c3840de84cb2cc80dcbd240206f8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00017d
| MD5 | b96aa6c4f86b475b0bb63c8461dc9a59 |
| SHA1 | 874b70dcc07a936a8f2a16052f14cb49e6497af1 |
| SHA256 | c0b43631ea58a15f59e91517a936dd170e966b0e7f0eb12d682f4b8613d90f3d |
| SHA512 | 7aeef6732fd7850e987ea0fc763a70038c804d3bafc42c84c0864444a088887db5d06b89b58e863335c62c23bf742b2c9e76ad55659dbdd6d8f02c2e4723e6dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 18098abe67c07da8ba82a28c4f645264 |
| SHA1 | 2a97539499c4cd3ad0225d9a42c711f2c26fbc7f |
| SHA256 | dfdeb41bef53aae56766192b58232c13612ffeeb7fd0261956acca21d239f402 |
| SHA512 | 8eb5efea4dc08b3bcba0cf06a6c183520d047570edb6984e0821bda40d90e61dd3ec1a5d54e906a33f4e7ec32d05ba1b8366330ea4e0da9f63ec8b7efb88e8e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7057cf92344d5b84f8148d53aedda719 |
| SHA1 | 96bb0ab893ac6c62939e5f6d0a7bac917a6e756d |
| SHA256 | 3e5932a5d9f0a978447f506f6f4d2f6627f667959a1e6693290eb025fbcd1626 |
| SHA512 | 994a4a0c3b0b5c0583e22aa48ebb344f8dadee60dd52f1a408e69963276373bb8488c54b1217a005c3c699e1afec834d65952ed34304ea0b9465791789244f69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0599ba4cd5124fb4419470d62938e975 |
| SHA1 | 8d34eb5328238faaee7f8ba3a9f4ec9da2111e76 |
| SHA256 | f3bf1e8709cc91d64426bd76ef05cce856d13ba84ff4be6f9e333a4eef1fb4cb |
| SHA512 | f3764ae07f8286230c4280a3acba731ad75e80c9dd015d683bcf9bed679609b7a9fc68c56a6e784048c88e864484c9e589f5c353634797db26c021d548acf97c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d71e3fdf0cb7dae2387dcf82d916f32 |
| SHA1 | 550f48525f4e081b6e490595ddb2838d14937224 |
| SHA256 | 50999fda81689b37446af90eb4158f59d9146fbd977eae80ce1fa695060acf6a |
| SHA512 | 94b80c36572cb147298eb298e5b4c6f5ce2e3515e88a88c440716d6f612c69e24d8b493a5ae35fb69ead074d3a44420707936193522e4d350884e3c6720d20f0 |
C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 603f36907563096fa71e8372824146b9 |
| SHA1 | e34d0ba7180e09251d0f0bd1aeb54792dab4b357 |
| SHA256 | f29b011c7d777e95933a76d9d416799126f95d1ece49931ef21e87356f0232ea |
| SHA512 | 4df28a7ac50223746128c6983f362febaa7672fd44d92968c44e23f037e970534191cbc1e35e2b24b9e0168ef8991df2115e40c2ae1bf26e327c97960b3d7a73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 07217a84aed85ca16a59623aae44ab36 |
| SHA1 | 9e518c1312a2c1ae110ddeecdd2d81fe28c26be2 |
| SHA256 | 6b4930dd1a0b5d4eacb7d685a1755f151ef2f15af8b78ecd6dafbe35f2fd752f |
| SHA512 | 7f1b0e052de29e724c02b60a0493e2b2ff3b87267750b1ac0809c60ed01dc39f63b9127af23d1f39b7d7c9148111fa902ea10793b15a87c1eefb27d41cffde92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 429f004528cb5a70f4f02f643224ab83 |
| SHA1 | 3927eb08908febf25306e3ff5bf347429ffb252c |
| SHA256 | c79f2f9e3a84431f34f6f87ba8e4a3cdb119b33d9d756372d9dec6b6a9dca2d9 |
| SHA512 | f6d16da2dbccf509108b3962073a621482ea1f236b2262ed6a53e6abd4fa04a60b7d7d53da2e645c056de3bf3c57f72678fa3c9b4f3650f078ed6d48aa52d017 |
C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe
| MD5 | 6a43b83f9199b2b49c4379f7789bce65 |
| SHA1 | 243b669c116d03e310f2d046dc607151ee17a39b |
| SHA256 | a469adeb606f747e7834f807277b55992955c27659943a38fb97814dee0872e0 |
| SHA512 | b120b5bae21e02fd3945975bdb7c920ea45d45015991555f09abdb9311376f0617ef440620b5557a5c52f168ccbec418ca644771f1d91cd476e8dcdea26d969d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b0b52497285909bca7e462d7064a7d8c |
| SHA1 | 1844603d036c0ac669d27a3164a5d97f2aa733ba |
| SHA256 | a207ea72eabdf1b5a92e8a596e7f2aade0be32c185e6a2512808b461cd0b8383 |
| SHA512 | 31085e97b0d87fa8778855a774712aa9ba75e339768f1d97a16117825fbb969d8a9c119951fc8674a9149388f89bee272afce3604da97f9d1e9a670d197a23e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eacf555a5f2a5dabc7a79c83584bea80 |
| SHA1 | 949c85f6b35c114ea6b503d29e489588416f5030 |
| SHA256 | dd77a89395b3a79aae55def6cf008f1dd615cc812fb32d989019c8f7ea19f195 |
| SHA512 | 4b464767471d81e6c79ee3113b50bc9b94bc781f87bf20a7bce2032924063ebcf7a1a420f211b7064f903623941c6083f242a176359e60f73528bbd044afc6f4 |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 25073f4cb774505914c4401aee524361 |
| SHA1 | 2ae76353491a8cc30f89cd3e94497b15f59623d8 |
| SHA256 | be11eb7b05c6380fcc8391cbc02a35d4a32690ca77e900a2f3b1a34aeb2cb8ca |
| SHA512 | aa1ea84f29419b3e5c326771c22ce532706ffe812bff2fc4513ffd4566ffca04ebee4b03bb6313c254dbde6c28488e0cf75073cf5cceec84372ed6cf283ccbba |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\0c9e1cc5627137aa94a65e25346a7083
| MD5 | 0c9e1cc5627137aa94a65e25346a7083 |
| SHA1 | c7a31de26742178018ff0333166712d34d4d88d3 |
| SHA256 | 8aaba55f3a2ac281b7a40691a540c3074ba88f2a628386dd383c32fc0abcb40e |
| SHA512 | cf3747611d1e64fa5ff1dbffae40c542f3e58a8ef395f08417d6baabb9c179f0843ae797e50df35df14562d60498bf72f69922be2106f1c1faf0604ba6f1bbad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c2ff220aa8480e943c9171018ece54df |
| SHA1 | 62c2f92ca1cb0fad90d886ccb1701bf7b9674b47 |
| SHA256 | 6bfad055f63ddd7806055c454d598a4c402d1ed5aca2ca3c7d3895e542b73a47 |
| SHA512 | a1b04475fff2145b8d441c907b9a92fdcac18d3eacf6d5a29da971cad3d6e6359205c5acce3e18f386d6a5d173ccd2a1228a4d74f0ed15c6dfcdbc53bb90d4b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 948606c38db2c81235abd14118704f96 |
| SHA1 | a80f81e67c2bf143dc6b4b00451096ee8dcdc0ee |
| SHA256 | cf12395532c0db250b4d742e4df953ce176cdb1f9edf0a39cf6c0c22e7e9788c |
| SHA512 | 22486ecbb6caf0adc790502f2e6ef4bc47a7b5d3990e4f2627d47f61791d9e0517c3908bb25dea37b56fb6c29af279e3a16d5af18130def8b6c3fa08fdfccd1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 996bccaaa5cd2986cedddbdaf58e2467 |
| SHA1 | 29e676e8d3faa57e5b4052221c59e132ce9d97fc |
| SHA256 | b4688bd70addca577c4c2c0bd81fd7858f2b16945181c9541d05453c8efb5770 |
| SHA512 | 335efc50cdaecd25841c9bfb351f428c1ed7c187769cae86554330a1dca96135b161755cde9ee848d03f59ea64a512699ab1d69f2087606d01f873f6bd326335 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4dcfadb323fab4b10e61c542aee3fff7 |
| SHA1 | 9551ff9829bcf6e2989556901f8eacb65d156b67 |
| SHA256 | 056cd0bbab8318e6855389a2874e667a15c8ef56fb3295572dce99d28a26ba55 |
| SHA512 | a0f5be77ece9e697cd867f9d058fc5e5e8b0d87d32f3c5afbe10d5e2720a7d304f11a24ed1aa87292ae761c1bff6a908ef1dbcb0e721577dbd9cab03e23c7f67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | c8a14a9de994b06e39dbc1b5f131037e |
| SHA1 | 49fbb6b59b478a03cd283df2cc6a44185f462de2 |
| SHA256 | c98e2a86dda7d425171a8a92e30b3407211ecc0ab49d63d1fee801a54fc1eb3a |
| SHA512 | f7a1984882de8da2e4f5c7f9c44be48ce4c5667655af3e677d5359151c908ecf407f42280db5b3072350bdc01c33026fb177b87dbe1b6c0dd0f72ddc784675ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 0dc52d5156e0e3423a20671f85112a3a |
| SHA1 | de63219e966279d23d5d9ebfb2e3c0f612a814a0 |
| SHA256 | 55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f |
| SHA512 | de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6 |
C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.dll
| MD5 | 1dc3b743677793b5df85cd8ef62bc07e |
| SHA1 | 11ffd78d4ee488e921b178a42540340439764ebf |
| SHA256 | 05ecd9ac5ac30ffe3259a02d7e0f7fc9d40703fb1f5ad104c9db80dc6df9ffb0 |
| SHA512 | ac24561da6af0b4077dedb24d0802cb696740a3abc8b04963c32cc6161922dcc66b5b832487b12cfab10c237b3f57735a38d277b3f2b35ad2c62c9ebc7509ac0 |
memory/5816-3468-0x00007FF9647D0000-0x00007FF964800000-memory.dmp
memory/5816-3472-0x00007FF964860000-0x00007FF964869000-memory.dmp
memory/5816-3471-0x00007FF9647D0000-0x00007FF964800000-memory.dmp
memory/5816-3470-0x00007FF9647D0000-0x00007FF964800000-memory.dmp
memory/5816-3482-0x00007FF963000000-0x00007FF96300C000-memory.dmp
memory/5816-3481-0x00007FF962F10000-0x00007FF962F30000-memory.dmp
memory/5816-3498-0x00007FF962CD0000-0x00007FF962CDD000-memory.dmp
memory/5816-3509-0x00007FF9626A0000-0x00007FF9626A9000-memory.dmp
memory/5816-3523-0x00007FF961BD0000-0x00007FF961BF6000-memory.dmp
memory/5816-3522-0x00007FF961BD0000-0x00007FF961BF6000-memory.dmp
memory/5816-3521-0x00007FF961BD0000-0x00007FF961BF6000-memory.dmp
memory/5816-3520-0x00007FF961BD0000-0x00007FF961BF6000-memory.dmp
memory/5816-3519-0x00007FF961BD0000-0x00007FF961BF6000-memory.dmp
memory/5816-3518-0x00007FF961E00000-0x00007FF961E20000-memory.dmp
memory/5816-3517-0x00007FF961E00000-0x00007FF961E20000-memory.dmp
memory/5816-3516-0x00007FF961E00000-0x00007FF961E20000-memory.dmp
memory/5816-3515-0x00007FF961E00000-0x00007FF961E20000-memory.dmp
memory/5816-3514-0x00007FF961E00000-0x00007FF961E20000-memory.dmp
memory/5816-3513-0x00007FF961DD0000-0x00007FF961DE0000-memory.dmp
memory/5816-3512-0x00007FF961DD0000-0x00007FF961DE0000-memory.dmp
memory/5816-3511-0x00007FF961CC0000-0x00007FF961CD0000-memory.dmp
memory/5816-3525-0x00007FF9647D0000-0x00007FF964800000-memory.dmp
memory/5816-3526-0x00007FF9647D0000-0x00007FF964800000-memory.dmp
memory/5816-3524-0x00007FF964650000-0x00007FF964651000-memory.dmp
memory/5816-3510-0x00007FF961CC0000-0x00007FF961CD0000-memory.dmp
memory/5816-3508-0x00007FF9626A0000-0x00007FF9626A9000-memory.dmp
memory/5816-3507-0x00007FF9626A0000-0x00007FF9626A9000-memory.dmp
memory/5816-3506-0x00007FF9626A0000-0x00007FF9626A9000-memory.dmp
memory/5816-3505-0x00007FF9626A0000-0x00007FF9626A9000-memory.dmp
memory/5816-3504-0x00007FF962680000-0x00007FF962690000-memory.dmp
memory/5816-3503-0x00007FF962680000-0x00007FF962690000-memory.dmp
memory/5816-3502-0x00007FF962680000-0x00007FF962690000-memory.dmp
memory/5816-3501-0x00007FF962CD0000-0x00007FF962CDD000-memory.dmp
memory/5816-3500-0x00007FF962CD0000-0x00007FF962CDD000-memory.dmp
memory/5816-3499-0x00007FF962CD0000-0x00007FF962CDD000-memory.dmp
memory/5816-3497-0x00007FF962CD0000-0x00007FF962CDD000-memory.dmp
memory/5816-3496-0x00007FF962C90000-0x00007FF962CA0000-memory.dmp
memory/5816-3495-0x00007FF962C90000-0x00007FF962CA0000-memory.dmp
memory/5816-3494-0x00007FF962C20000-0x00007FF962C30000-memory.dmp
memory/5816-3492-0x00007FF962210000-0x00007FF962220000-memory.dmp
memory/5816-3491-0x00007FF962210000-0x00007FF962220000-memory.dmp
memory/5816-3490-0x00007FF962210000-0x00007FF962220000-memory.dmp
memory/5816-3488-0x00007FF9621F0000-0x00007FF962200000-memory.dmp
memory/5816-3487-0x00007FF9621F0000-0x00007FF962200000-memory.dmp
memory/5816-3486-0x00007FF962040000-0x00007FF962050000-memory.dmp
memory/5816-3485-0x00007FF962040000-0x00007FF962050000-memory.dmp
memory/5816-3484-0x00007FF961ED0000-0x00007FF961EE0000-memory.dmp
memory/5816-3483-0x00007FF961ED0000-0x00007FF961EE0000-memory.dmp
memory/5816-3493-0x00007FF962C20000-0x00007FF962C30000-memory.dmp
memory/5816-3489-0x00007FF9621F0000-0x00007FF962200000-memory.dmp
memory/5816-3480-0x00007FF962F10000-0x00007FF962F30000-memory.dmp
memory/5816-3479-0x00007FF962F10000-0x00007FF962F30000-memory.dmp
memory/5816-3478-0x00007FF962F10000-0x00007FF962F30000-memory.dmp
memory/5816-3477-0x00007FF962F10000-0x00007FF962F30000-memory.dmp
memory/5816-3476-0x00007FF962EF0000-0x00007FF962F00000-memory.dmp
memory/5816-3475-0x00007FF962EF0000-0x00007FF962F00000-memory.dmp
memory/5816-3474-0x00007FF962E60000-0x00007FF962E70000-memory.dmp
memory/5816-3473-0x00007FF962E60000-0x00007FF962E70000-memory.dmp
memory/5816-3469-0x00007FF9647D0000-0x00007FF964800000-memory.dmp
memory/5816-3466-0x00007FF964780000-0x00007FF964790000-memory.dmp
memory/5816-3465-0x00007FF964780000-0x00007FF964790000-memory.dmp
memory/5816-3464-0x00007FF964660000-0x00007FF964670000-memory.dmp
memory/5816-3463-0x00007FF964660000-0x00007FF964670000-memory.dmp
memory/5816-3467-0x00007FF9647D0000-0x00007FF964800000-memory.dmp
C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\WebView2Loader.dll
| MD5 | 577f05cd683ed0577f6c970ea57129e0 |
| SHA1 | aedf54a8976f0f8ff5588447c344595e3c468925 |
| SHA256 | 7127f20daa0a0a74e120ab7423dd1b30c45908f8ee929f0c6cd2312b41c5bddf |
| SHA512 | 2d1aea243938a6a1289cf4efcd541f28ab370a85ef05ed27b7b6d81ce43cea671e06a0959994807923b1dfec3b382ee95bd6f9489b74bba59239601756082047 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7f838621b4e7a754f176d6ce8d3fba5 |
| SHA1 | 89f101cf558855a2b18e63431647ea178d78d7ee |
| SHA256 | 05b68e5873c6f6ba27065056aeb7611dddaba52e27e0824a9b0b1c77a1e688a9 |
| SHA512 | 84a09f84efb26444d92e56f4c4464b25e0da8bda51191446c61759553bc3e25613cb880420fbb21cfc57b02e3248ccd9a473c4965dac5227e821424520fdbbb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | caa6b28df20d13b4999f185ec44f27ec |
| SHA1 | 8c7ccef84f81f4aa85700abfe70cb9f713fce76f |
| SHA256 | c916d3848b87897f3384a7aff4ba656dcf25343e8aad255260e3518eb3fc4414 |
| SHA512 | 3b4797f1075152a2f38a3d57b764e903eea94ab69999caaa6a0e4f59508577572b9e1a3d74d342fcfbcb5f6235e7f388f58163e0eb75d65a88512504a5d8701a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4c32ba0989aa03d7ae61437a92cc8c59 |
| SHA1 | fe0e7054a19b741e66a312a54f48143ef1df5337 |
| SHA256 | e28c56d8caf9dcba94ae704430d5bf30e86058186f6c0c5eae9ed7dea5d67680 |
| SHA512 | 0e8df7b12ac036ef25c9beddd7f8fdc1f4bb2e6d5aaff4f2f0796dff47f701f42abd82e5d112c3d87287921811b1d1e85b3ba5a226116b395c5fc541cdba7bb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0a216cc034f78a760c9b637369ba061e |
| SHA1 | 5a1c9c92f95ec5bf30a12e1212af248289f18761 |
| SHA256 | 21f4c88ba92500c8b4e26f83666d6fc7466fa20565bec13da8b908f865fed572 |
| SHA512 | f3da2349c32f9f4b05eba2330bf0b09f720d126614afe78d92efef1eaf1091afeee7e6a41a84e22f0aaa275e27273e2f3eb08cf9be78aa439d3621ecf8d0d7d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7cc28b3b03c4a5262dd2337f9b7da7ee |
| SHA1 | b5afc378e82026f3119740e13aabe1d71bca5413 |
| SHA256 | 1b53c15f5ab11bd47a0a02789abfb6a5a059e49f4767592ab4e670e3aebf058a |
| SHA512 | 9ce56f141512b142c42d4d98db97f5b4ac338742678b1dd3b494fdccae54ccda4b94cc7c2c594e58b8d80c7afcb66934c88f1ed6b5fc320d901c251365bc3bdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cf66b46186420a240bd5651fe1210525 |
| SHA1 | 6cb19e047663c15269a17e7d83f99c46e034e256 |
| SHA256 | 6863639d92ad548817304ffb9dce0a73200f067254c720abed818fd2c5514add |
| SHA512 | 1dd3c6385657419b0b32247906e6dbb7a5c5d96b53b8b275d07ad56b2759cc4a91732c66f48e961ff1b45daa949eca1fae37f6f7d427dc8f565021a391e5f624 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4e56fb4799d770faf5abf43ec6da118f |
| SHA1 | d5883d18f832c1fa4f40c5b621acd9d4aebc2d90 |
| SHA256 | c01c35d4da11d8f09040d0c262c989002fc5134a887103f7805a98a7a3670a6b |
| SHA512 | 4d7739588c3ababea647a7b60719ff0c6fb85349830c398ef5cd4e292abe783ac4b5e61b97a483946332a85d9076e9de45521aab0da0ea3e946766934c3f742d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 6433d1da706c5d2c9e6292f410f7be81 |
| SHA1 | 8175636224cf15a955e1ea0ccc8fc31b6fca85cf |
| SHA256 | db6a809af0232218843b7e1ba8a8ddcae5be401e4523ea9d91d082aed0afc87b |
| SHA512 | 65ace7cc433a88e22614da1a28c4f85dc48bdbef58b338960b76d76a18190101b613362906db566429fca20ed56642fbcf938462095c271ed2a75cb77902e41e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4f348bb287d235adefa5630e90cf70bd |
| SHA1 | 88daf1ca7abdabf513d53c8f39492e5b8543c95f |
| SHA256 | bb2eeff53d64d512564085c6bff33ff68256dc086b84c08324f50dc8689b1ccd |
| SHA512 | 4b6482dfc8263f7daffa9649c059b2ac00a5c4e30f85c52ee9e14ea7244bbb8b0f559e381a70d3725399a4d037748b508d8c888b6ebca75df20e81358fbc3012 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f685437ae0b1d67084f780ce43d6da89 |
| SHA1 | c12bac08257db2c51b8208af7cbf13c01fef4004 |
| SHA256 | ad442fe731aebde6e88144199d0e1e8c403eb28f4e9bf86fee2147fd699174fb |
| SHA512 | ae726d16733f9ef985da65f849dbb1e921c18a4ede1cf8a6819360c9b23c917d14d3113070799d347d3cbd1b5a73f9f572c0eab92d6c2bf4158ee110f380ffa7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00019d
| MD5 | edb5137735da78c90b04efddf721c4b8 |
| SHA1 | 89b7d4ca0022bb90b165c91f08a5eea1a4f4b042 |
| SHA256 | 398eddf3391537cb7b5bb8783c84bf14e0f049ee8b110470b7601d13b83d6811 |
| SHA512 | e5b263be5b13cdfb94b738584ab37093b37a2b4fe919d65be74ee101d6a628493a9ba3bc046760b905907f572169f2359d0fdd35da1473165f1a5685a93ff6d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001a1
| MD5 | 8cc2c8d59bf761924271fa07117acfa1 |
| SHA1 | e37810a744996519da4818db51476cb943f5c2e1 |
| SHA256 | 3a3f279e508caa7b84af6a9bd16d76401a3aa6cecd1674bfb3ebdb4929386456 |
| SHA512 | 941041a2d0a478d574726bbae2e80ea1387915ef78b018c6190170295e8349325ec77dc9efbb2e72a48ad82b7d243ad259fa8c4aceb2ce0cd314090dc8cf0bfd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 656841f3d6128548e56023e6132ab4aa |
| SHA1 | 39fc64614c0cd0ae41441ea9e675f19ffb8eebde |
| SHA256 | 50c56e24a21130c7f5bea17bce9454a0b961c15f735199a2057e7b876131acdf |
| SHA512 | 04fa185ce6d19788482cdd7be6bcfa8a40ee50d50c083e5f59abc34869eac7e1122012b319c652083063aa8005c98f81513177afd5a347b07b609f39c2b95025 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 066a70cee84450bfd1925b5e9a207e0a |
| SHA1 | 078158e4658e9c9c627c06d2736e88e6f5334674 |
| SHA256 | c406fa82d757193134caa102f8c43b0575519d31349398c259dc67421a19011f |
| SHA512 | bbeea21fc4c7571cd5100871fc3d13e5f2c10216d94cd131ae39b9909e88f890d26311966116cd8ede6178ad3b1ba8f23a12849b4691303bb88757a1b55370dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a6ed4d466e5cb792bb5fb26c216fe00c |
| SHA1 | 67d2a849d47e1a54a3a342bd438aa4f0c15785b1 |
| SHA256 | 0b129c95df382e38d28c88f2820396bce0293ebcbca61f480d888faa3a2e8331 |
| SHA512 | a7cdd06bea3e96834602d364d62db1f05e7462c450f5f4bd81483d7197946b6b76e4c293d5137c20a01b64a38d6111e38ba359e746c23f17b1d8d1fd52e73701 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eb7175aff731b4e9364f8a2208b04cb2 |
| SHA1 | 8080d39235b9c32577416dd5217ed5c5b9b89ce6 |
| SHA256 | b858559858bbd6d3f17e6bb745d5c2ef30a03c4e6a5bb625b62f40ce5ce3f666 |
| SHA512 | dc843fd1f7654061f7dc866cbb45e6503085db0b349124a5de642d7ada702ef9e6713c2019be1c3e26024f04b6f6648096b3a7867a9d4db65a60ce0c97a1b309 |
C:\Users\Admin\Downloads\Release.zip.crdownload
| MD5 | 89661a9ff6de529497fec56a112bf75e |
| SHA1 | 2dd31a19489f4d7c562b647f69117e31b894b5c3 |
| SHA256 | e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd |
| SHA512 | 33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 9516d23dded41215af0db7bbc79ab4c4 |
| SHA1 | 60f0fd6c7c5555c286a62ee4f4735b11b8e72de3 |
| SHA256 | 2268218c9ae5d3c93341bea85091ea392c87be83a950c72a7e450214ae681054 |
| SHA512 | ed2a8d9b696f82d563e1fafdacae12d56d5935811b0d9219ca7fbbdd0e0f58c07d9f9a439a2cb910617effa125719d97473aa8417b3526e753d8a2f0e8cce25f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 230e76c3c1620788c94592f953c01547 |
| SHA1 | 2f9d487add33198a95aa6afd514b3ef023291e5a |
| SHA256 | 3a4682171d16a4918b023f7b44755137bd31154e434286e5a87bec0c11b2308c |
| SHA512 | 19b31bbfd44cd05dbb21e14cfacf7a60757febeb12fdfb65dd08d569df2c519f261fc248df332c96573e42d570f39abdac8c88ef298a186f72f623aed16ebae7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2e361245ef47e5c079333b68bdcf9567 |
| SHA1 | 0538cb4080aaa8bcc713372bdeb4078aefcb2da2 |
| SHA256 | 15ccd32b860154fa95e3b2f3bfdde197580b09295d215cf72a857b34fd922498 |
| SHA512 | 032e9261b29ec9f2dca4a2684325f37ff61c40e855b9233d2b282f9d7649db8fbbe987e1dde4ad4987462a4f601cc9f2811bdf3f3784b4ff3da914e61ab99571 |
memory/4080-4249-0x0000000000010000-0x0000000000212000-memory.dmp
memory/4080-4250-0x0000000005480000-0x0000000005A26000-memory.dmp
memory/4080-4251-0x0000000004D20000-0x0000000004DB2000-memory.dmp
memory/4080-4252-0x0000000002780000-0x000000000278A000-memory.dmp
memory/4080-4253-0x0000000005050000-0x0000000005064000-memory.dmp
memory/4080-4254-0x0000000005FD0000-0x0000000005FEA000-memory.dmp
memory/4080-4255-0x0000000005FC0000-0x0000000005FD2000-memory.dmp
memory/4080-4256-0x0000000009610000-0x0000000009632000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 54582b66c06f1b8bbdd5f92ca0ae72d5 |
| SHA1 | 2994d22baf4597631af78c37896db4084eaed04c |
| SHA256 | 09a0c9cb06b3f236126008107b4c34779456e7b18cd8ba54f73e92dc1e4221d6 |
| SHA512 | b8ff741ffb69a0420311d664d283d8524fb5c60ae909c2f0ff2e38bb58e2ffe88bf73be1a4010e49f59af22b31b54a457c9060d13e1212caee9152155dbcec52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0eb7ac69f3717e2133141efcbedbd97c |
| SHA1 | 9d88d12ec8654be2ac711784c976323b86df2fb8 |
| SHA256 | 594765b7cef68522d2d057e418efd7afe0cd440bc39774357056e26da181664e |
| SHA512 | d1110ef2f2c7e2594abc50f308030ae3d777c265af471cd0b58c2662eeda3abd2fd80ab283cd52c5c67ed121a49d228a7b94d7714754ac313222db60396f6296 |
memory/4080-4275-0x0000000007810000-0x00000000078C2000-memory.dmp
memory/4080-4276-0x0000000007D00000-0x0000000008057000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 567509c4ec14c4876aad79905102d9cf |
| SHA1 | 4a7c4cb869f29b055dad8f8857f619c1fa98dae0 |
| SHA256 | fd7045a70fc35d387e4a51835c73668dd783e39b55054e7faaa547afa6e7ed90 |
| SHA512 | 5f858ded6d8882174e7b277deff6fefa2e3a5c28141da059651e6e3743a1019a9bb08df503f1d5f0158380d596bbcd269a6181e19dbb0605767d165e701218c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6b4c29cf0934888cc3c7b1993215473e |
| SHA1 | a96b05262a0f1f80637ff2234507a3499afc8be3 |
| SHA256 | 97b8ce5ad06d302394b6bf7ebb3bd75f57c2d61901cb270d98e54ad4e6cf1487 |
| SHA512 | bfdf606920c34a63748c750f742e7764f88c2a02885e554294b0ccd3259e44ad43405b11b0bc31a7e8d33a7aa6601bc24cf79677600df51f9e5f64191a716622 |
memory/4080-4306-0x00000000078C0000-0x00000000079E4000-memory.dmp
memory/4080-4307-0x00000000079F0000-0x0000000007A0A000-memory.dmp
C:\Users\Admin\Desktop\Roblox Player.lnk
| MD5 | 1951cd22480fc3c8f7c27d5cfeb78b70 |
| SHA1 | 9221c16aa59066a96a215e514c2112df961a0231 |
| SHA256 | 7c4543f4f18e887be42e6a9dc1a838dbd2d6d94089cf0986e1a28c0a0f675423 |
| SHA512 | 9e88f27ca2edacc28602b67d711cbc3fee46afdd4d0c4dfa6be91a8675559435130dee8d1fe116406c90ff327106b7dcdd1ec50023caaa4d8bce2205c959f462 |
C:\Users\Admin\Desktop\Roblox Studio.lnk
| MD5 | dfac2109f95d2c6d89a1dde61e9f964d |
| SHA1 | be42f90fbda4c89eafa30bbe2b899489a3910dc0 |
| SHA256 | b9b861d75e53fe4da2dfea5fd8417b25c25c0a474ad806efde24fd220fab25ae |
| SHA512 | 2f43103f2ca5702d7e23ea4c52037057b85c3f595e13c70de3ea3b5e8f01ba6ebaaaffcc185126cbad700bdeecaab98cbdc04592e338c35f690a3b887cc45511 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 16e3f50591365534963c1262145dcd73 |
| SHA1 | 95056eb345e5a7ca6672d9ed36697aa71fb98a17 |
| SHA256 | 7a015eec8fbaf6d6aa631b8d03bb06ec1d42d86bb1d0f9e0b8ca594d676ea4a9 |
| SHA512 | 243338039fe88f9aecf82d7667c2256b1e841be7a74a48d9122dca6144ef98deaaef07ac871eb10d6381c3ab810f08ec123fc8770a95f52e1173139a1fc02fc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6de9fe3eedc7cf0a515d841690bcc341 |
| SHA1 | 1c1a67da7d8c9d6577bdec524fe0eeb928cd580c |
| SHA256 | 34f946a2c27dab362a2d58ac33e2e4313cd85d46a9ad18a191b145ac4710bc4f |
| SHA512 | 210e713c5d92f0034f3209305961bf19a944142042416e146014a6f6bc03de502649e13dde0b7a404b9f0eee0dcf73adf2f315db81ecf4ed5c869782005ceac5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 60bef6d7f1ea21949a5037aa38717860 |
| SHA1 | 6e80462e3972bb8980c84cd5a3bae6efdf9e9f73 |
| SHA256 | d398217a2cbcfe74ecacf5eb51179d72e97e09b709e6c60846b5fc0eec62cb5c |
| SHA512 | 4add1de06498532879349ee2c344d924f674cd8551af409138b268f63bdce709cb29e5da69aa87498f409119f926505ad17283a817c05bcc8123e7cfb816d0cf |
C:\Users\Admin\Downloads\Xeno.exe
| MD5 | 0655903e652998c0bccd98e11d8b883e |
| SHA1 | 3b7354e2ddf0450e4ee5c47e67fbb7dccdc9ad68 |
| SHA256 | b160f009d6db85505674803dc1b290dcfd1c174fe4c8ea5ac95baad4c5b1c8c1 |
| SHA512 | 199835b47f3852c86e747c2d6ea21a79320bc044ef83531c67c501cdf141c58861538515030f2a9817fbb882b97278f661793d226d420059edf83cd70f4a781f |
memory/1376-4347-0x0000000000F70000-0x0000000000F82000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 36d97525282bf9062d8f0c6f8a2c0528 |
| SHA1 | 129579b34d1a86c81fc3f1a1f5c7a12d6aee2425 |
| SHA256 | 3f6668c2fd7d6e41982b94ae486b7fb09f385a383b4d360607603e0cb4662daa |
| SHA512 | fc256c34612db45d8388179ef7e3d07a097f77b4c9e9ef0c94d100c7b1567926befe82aee95ac4b841491821d368c9221a8787ed7f68c08151eedd93d2fb78de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a4090834-8607-43b6-89ba-09a83c5c5411.tmp
| MD5 | 8ca2124bee86ab6b11e0d344dce2df0e |
| SHA1 | c63dd19077eef2859e2af1c7e4bd730f1f9032cc |
| SHA256 | dffcf2941e0f47cf28e2b2807ebf615b003133da0a08c93c33fe4b15d6ddd83d |
| SHA512 | c57100d27803dab4bbde134dc60876e06caa1035c94f427a31e5efb49bc2f6bf247fd0d88b5f354be650f9023ae53983b9d4d67b97dc9f923002950d30c3da47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dfaf66ff3963ae4e25b8785cc1747d71 |
| SHA1 | a4de30e03e476ac0228c7028243fa2732c145f19 |
| SHA256 | fb92449c6dc2cb39b42382d88d5532a05374bb80f0f0c6a208474ea380ee63a8 |
| SHA512 | 658537da0d3c6ee5d6656b120eecaa73bbfd92fa4b921fec7f19f5a3ea2183c57d4a00966de3836bdc11d39da6e48802ac4b08632f3ea495c5258d2c668c0396 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | afb70c9422324682a12fca53e33e3e84 |
| SHA1 | 3a49cdef82b8574f78e3094c8a1bf7f232d53125 |
| SHA256 | 265662bb7790b5d826620c6ed1c5bf442a6bf87e48944ae8f18adf0f3f8a0e1a |
| SHA512 | d81c5222a1f5ed169b9d4683e61811815f3b9fb39c0307d6640dd7a729e5a8af713b630c2930b9c8ab83d637811f529b9d3a723c43e151121773dafae3fabf01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f9f7b2e0061039dc03b79055f35b0576 |
| SHA1 | 94dd0696db149c635b072e5ea087aa3add7c4e7c |
| SHA256 | 7e2c64b0ec81722c291958746a57fdabe835e2189c8a35cf63bcf290ffaefc28 |
| SHA512 | 61f923f0b12e443cc5e124b5cc1c6dd95b1fb6eeaa6b23a959c92ba51e5efb73149005cdf2b8fac865d5874ee235bb9571eeb916d97864352eafc54413845982 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 266c1b7237498540a03661d77ebc2065 |
| SHA1 | 33ca838352d59f92e089901ff38a8f7f3b31c7f8 |
| SHA256 | c58dbea8d4541379e229a5fed0c79d330e09d34e3ce9f68f202ed9cc3bc332ed |
| SHA512 | 78a536593ca632b0a2fb15897e9b550859c934175a90f6ad0b3868988113f1bdfeb1721282c859ca7c3f539c8652a421c18a687a8b3e0e0e636ffaccd3a5523f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c6fdb09689525a7b61140f62775c6200 |
| SHA1 | af701498fdf3a6f73b31015d5cfccda56cc2fc4d |
| SHA256 | 9ee99f3155b14a32967b59bb4d6202b6f16b041e50c4ab7b1eb6bfbd14457d0c |
| SHA512 | f6e4a13a5d797afa59f6ff112e99b89aff09bb79341b95cb7c3bf798c13688c436ce155e30cf697bcde276dc060d25bff8a2cedbf0d2d8c7264d69ac3c97b631 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001c0
| MD5 | 786c4894e2393c2a6df8fe0fd6aeee3f |
| SHA1 | 2242cd681f699ef3d642ed9ed1f202dbf6b0c1b0 |
| SHA256 | 258ce3bda497a9ddf8e00e70ab2b08608c3f3211aecc90348179eea95be084a4 |
| SHA512 | 73751c1624a8a7e8141c387159a700f637e4fed6f5974d7402fc4faf4dd72c0779eae74049746098ad2c05765fa97329c51e9cc5f422c02abaaa92035aa991db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d6107990f85d19a2b4febc66f5992085 |
| SHA1 | d66205ec19720e6a51d482ec36fd75649440bf47 |
| SHA256 | 67e46bc75d6e593a28881a686fed1c200c461fe1636be9854bed521442b74122 |
| SHA512 | 96bdd306ff033c8174702c96cf8fb0bd59c9f0a2c66ffefd0536c06e453470f9b6a894c0410efca0a90ad1b249a9ae528a9c92bbea4f5aa45093863b5c6d59ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1594d8583c59d7f1db9d9b1d14125328 |
| SHA1 | ad755c4d1c51e779f105adb53fb66cc5de8c57de |
| SHA256 | 06411dea6d013bfc4e9e859bf5392b0d57d94a08640af618d6b75e7cdf0c4cee |
| SHA512 | 136d9febb0ca62942aa93b62aac9a181a2e3bc29818db38a152da765b640f598bb00a2deb7027cd7761d9e50a23af1f8d4f907c62a32d739dd54770ff138a200 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f731df165902e10db9d7bca3782d9a2e |
| SHA1 | 0cac49c5606fabb0a3744016cf0fdc0713c6d2ce |
| SHA256 | d78413698c593e837f6407576d88cc76b3b100b2486f6a287eba899d1f490ae2 |
| SHA512 | 53f08dc8769e1cb103b03f0aacabf5d3eabc4b495bd96adfeb8a9fb5b85a5a5ea4b2b7bdd7b71a6c66d8708f84e5df3b387c99ea07f7b621a41776d41e62663f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a6e1f9ac3b475fadf759d6ce6b6ac4fc |
| SHA1 | 5914cfba8cfb37f75db20dbf21642d2ce260d481 |
| SHA256 | 47345575326f1a902ea867aa45902069446a7a3635e391253929d7a2150d9da6 |
| SHA512 | 850246f4abe70325593252938929069f978bbae80dda2e112848ab00328164c6e27a6a8a027ce5cd636f73cd94df26068676da58eef930731d2f5410e1842b34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1678401189d2df1ba3f37d6f551a5cfb |
| SHA1 | 5d389b87d81e2c1ffba4391600d917b6e9887415 |
| SHA256 | 458c3838373599a34241181f9bcac8c5a76a61f5f582c93e5d23e5f9a5ac983b |
| SHA512 | f39100f94a70d628e4553b4e824af56447f19ee3c76ccf6897db3226a5203de33718f272e694c979dede11a5cf2f4947309da08c9f7b0881800c686b28023984 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20449cb4afdba5d5206a294c275d618b |
| SHA1 | 6f248f6f7c62787115d99518955a3f6d1d669395 |
| SHA256 | 37f45a1c54e3826eb15427e81d7588e794b6a3fa826b2e4ce724067ff2fcc7de |
| SHA512 | e3dfb2bc704d911af7e6cba8ee6c9a7364c6cb29e7c2f78487bacd41cda5c413289dfb174cb0a66fa54a03191bf0c57ce8e052b5e50eac81471f38dda237be6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8252d35e1501cd5a90cf2e103cd68145 |
| SHA1 | cd27dac690b3949ae44f0eb254bd9047304f8fff |
| SHA256 | 701fcb55191bd6a1bfd70c7c2c283d0380864f67c076227266afdfe4addbd180 |
| SHA512 | ad90f8ffa3d42c9ed7e27a5648e750754ea368f2f02f940abb328cc96344e6b5084a409124acb5c93ab22d27165845ca20551be639a5b97af530c71e4091ecd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 55cd536d6d2a04ade35b3872582f3b4a |
| SHA1 | a67567a98b27e0bcc3b9c54295f1a166fa578f38 |
| SHA256 | 53c0028a1a9e44dc3cecab734175093c5a7c7cb13bc1558480b75e4833e36b58 |
| SHA512 | 12938caa5f47762bb0d414c7097075c4c72ea3251b49c2024f805a741e91f35b75446720776712d41502b2f110f107ff55be3859672520b73e3ecbb50878d8dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\83492203-d42d-4e99-bce1-c856bc35fc7f.tmp
| MD5 | 1122156bb1ed6e722f449a4171ee79a5 |
| SHA1 | 796736929e3b9a0a1a8a0c82f5b1dcf15efd702d |
| SHA256 | e600437f8b8b225f26d9e3608803315b879c0e1febe24b050ab0b592eee83409 |
| SHA512 | b1d24af9873f3a7ed91b456b868b42284803559d81f2ead066f09690cc22c97f40b15a838179e57e1b5bc62c454eefae32e352dcaf476af9f0ad6f27131647db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 174a3871301576c1485f704df20bd23f |
| SHA1 | d8947b65f7a199043f00cf6878c1855dcefe64b9 |
| SHA256 | d0be132eb94998d0669e514b9f88f6406bc6c625b6d0528d4eaf881b3a0eb131 |
| SHA512 | 9f0f534269936ff1f60a03e18889d7e6e709310e2f02d102428b26a4d9352552873e730580204bdcbf7070cbd4e2368a33b044e48dceae2060fbe2994df829c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ee4ebff53c89890bdd2f16487091ba39 |
| SHA1 | 731c339acadb9c410c085bb95e5b10af777f8d73 |
| SHA256 | 7ecf06a6eb017027288cc2a6852c9dc52fc95135a6021ca18a6392aae290ac73 |
| SHA512 | 6780bc064df12c05fbe7d41b9b4bd70d45ffc27b1c2f996be8031765a34a121cd972f0505c3c65a8c33f82c42b34958a7f2781fcff3e7361b0a3fd55b3b7a963 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7f288abb39bc8f5aedff6c192d6f2f85 |
| SHA1 | 642a13cdac5531f66ef330aeb806fafc6d3327a7 |
| SHA256 | 3c009b71a224cdcf81481c8d82167d2c6756fed5f21479fb0efdb4b5a9dee311 |
| SHA512 | e42ddac61b374a85406a41a521d43d56a7a1e44dd270ebd7e150b58eb6cfd542dcc38c7545ee99461f0025c7bf5c69a3e9550e3c5d3e9b8a61913f47daca668a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e5cedcb090f09a1bad4dbe4423bba7a8 |
| SHA1 | 97ce32e7c059e31463a764913bbc43c4e0938622 |
| SHA256 | d27813d36c59e6ac536f5c44735b8a0fbf8381ba161cb80b2679299d215a321e |
| SHA512 | e14336488e010cd5bce6e4c08652a540efddea40d479aa66b40cb74405847ccc507c90ce48680d703da43944d1ac8813db6fa338cc8fc7058075b9c1e18eed18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 655f350188432b71153dfe5d385509a4 |
| SHA1 | b369f2213986bcc3b48f32caa42b5efc4fad1faa |
| SHA256 | 255a68eb784e78ee1deba3938a246eb923def9d333a2de323b338c3d41c9d297 |
| SHA512 | a6810ccc165c89cf4b801cb0d1249288656af4842e70290b095743090e8a054437cc16d730e8ac5a2d83604eb9c11134d6e7b71ee0b541925e2d66badab681c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000181
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000182
| MD5 | 20a5a164ba2dae0410b9b313e866cd90 |
| SHA1 | f54a317d3ec70e84cff1adc5539efe4e5d73bcf6 |
| SHA256 | 9af9b0e7af47ffd8ad17c4eb49c00186b3d8f17991864c9d7d96b776693d6815 |
| SHA512 | 5694424746d343340350cba7789f42a4ef1d0457a7815aa78fd9f20c541123ee5b525de86390f173963d70a2269cf8efe347f9cb56a80271456288617f62af39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000199
| MD5 | bb601bc4b9348719207f839577fe20c8 |
| SHA1 | 420fa7de4fe6a29d0be231d81fc07b2cd3d9668c |
| SHA256 | 04dca4ed9547f2a001db21099d2dd855939e0f050a6ddfbe9f16b4b90e91f105 |
| SHA512 | 13a259ce39f643ac20d7af42e4d71600d8825207ad20a9ec9ba34e9d9f0b077f897cf4ffb79d3508126fda39ce0ff2e94a5558a8a29d7609df0e00b7292aafc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\9\CacheStorage\index.txt
| MD5 | 9f4f940dd750d88c1c3af9d3e0e66173 |
| SHA1 | 114599a33260a37f54940960ffc9fc83e009b14c |
| SHA256 | 48c2c01c8da7da78e4176a9d0f5e0a7f1b5f61bf07d5c610e25508d0f2c5b9c6 |
| SHA512 | 00e3d5bd7bed7e69b892e67447e129674fb49c9979e648d19f6f017287616b5a119e10bb9d1b814e151a41de8894948ff24965f8443d07bfb1c41e0985007f5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\9\CacheStorage\index.txt~RFe6363e0.TMP
| MD5 | 8d73daac56dbe6142e3f2204ee32ac20 |
| SHA1 | 52331a89508ccc5da3027943018905e399db88df |
| SHA256 | 77e505b70d74a8e0d67cc18a9e8aae0793f95498c6c7856052fe5d2e2e7680c8 |
| SHA512 | 5cfa6d9343b149e308ef0a46e7c16ab85126b7406cb6f0b5e80c66e0c0533bf59e7ac58502a15793e1243f4b3f8c1f13097aeb7e1bfdc68a328b02ef3d1724ad |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\01c9b894-fcbf-484a-9b59-1570d238b036.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d52674d43a62118c6a13f996bbc756a6 |
| SHA1 | d70dbc29efdbfbd55a4a113876e9932269497542 |
| SHA256 | f293e44a627da8552ceaa755c27d4d18aedf8fc86f759da505667e47df62797c |
| SHA512 | ecd89139ef1ab28ceddab69f6b8d3ea6f43b3571e2a753953d3d8e8c8aeb1677eafc9ae3af94035df2dc743ad751e4d3cfab04c5431320448dd617c937bef5e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5cf8a9551713e7ba80f876773860aad6 |
| SHA1 | 39213717459992718670c9c176df28b04dfb0b1a |
| SHA256 | f83650fa9de8b52c39afebefd644a4479dc0fe74b6ed36d0409c52f00592d4ef |
| SHA512 | 7594a9c4708502439e6546eab8dab4829d47f268c6bd0a12cdfb04c660a193cd1be742afc806a5447ca5729ab4d9f69ff7295a1acfbc33874e1b0721899d5798 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 31c02abaca2afba54d5ae93c9b00b350 |
| SHA1 | c6740c8f72ca1c53fb0b042648aa8372b764b56c |
| SHA256 | 4aa650d3e0d4e184de6f137ef6c0a3a0baa5af4c541672a4c6c64f83be4c41fc |
| SHA512 | 1c01392776bfaf39440be3d31827ae6ce401c27c7658cdaafd04a500c0012ff6b458a43181ef7387ebf4d3778a9d872a4a6fd766e4ddc064ddd790df9820ebd4 |
Analysis: behavioral13
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250218-en
Max time kernel
876s
Max time network
880s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-heap-l1-1-0.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3816,i,11614662984397188522,10052431758593679358,262144 --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4244,i,11614662984397188522,10052431758593679358,262144 --variations-seed-version --mojo-platform-channel-handle=3860 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3840,i,11614662984397188522,10052431758593679358,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:14
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.192.18.101:80 | www.microsoft.com | tcp |
| GB | 2.20.12.95:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| IT | 91.81.129.182:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| IT | 91.81.129.182:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| IT | 91.80.49.20:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| IT | 91.81.129.182:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| IT | 91.80.49.22:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| IT | 91.81.129.182:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| IT | 91.80.49.21:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| IT | 91.81.129.182:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| IT | 91.81.129.182:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| IT | 91.81.129.180:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| IT | 91.80.49.20:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:07
Platform
win11-20250217-en
Max time kernel
436s
Max time network
438s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Dex.lua
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:13
Platform
win11-20250217-en
Max time kernel
431s
Max time network
433s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Sine Wave.lua"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
425s
Max time network
490s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-locale-l1-1-0.dll,#1
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:19
Platform
win11-20250217-en
Max time kernel
433s
Max time network
459s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Spinning Donut.lua"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250218-en
Max time kernel
818s
Max time network
867s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Microsoft.Web.WebView2.Core.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4244,i,15195321112227810029,13870653243844057049,262144 --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4064,i,15195321112227810029,13870653243844057049,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3116,i,15195321112227810029,13870653243844057049,262144 --variations-seed-version --mojo-platform-channel-handle=3800 /prefetch:14
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.192.18.101:80 | www.microsoft.com | tcp |
| GB | 2.20.12.74:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| IT | 91.80.49.21:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.18.190.98:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.18.190.98:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:06
Platform
win11-20250217-en
Max time kernel
439s
Max time network
446s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\basic-languages\lua\lua.js
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
424s
Max time network
444s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3444 wrote to memory of 1076 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 3444 wrote to memory of 1076 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.css
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.css
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
430s
Max time network
441s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\base\worker\workerMain.js
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
440s
Max time network
444s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.es.js
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
440s
Max time network
442s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Xeno.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Xeno.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
441s
Max time network
443s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.deps.json
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:05
Platform
win11-20250217-en
Max time kernel
899s
Max time network
903s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133863050543861256" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.runtimeconfig.json
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff840bccc40,0x7ff840bccc4c,0x7ff840bccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1800 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2200 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4720 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3424,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4732 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4228,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4948,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4980 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3388,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3360 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4332,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4348 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3260,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3340 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5136,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3316 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4296,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3328 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3344,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3356 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3556,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4536 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4912,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5000,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4376 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5460,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5376,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5564,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5620 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.187.225:443 | clients2.googleusercontent.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 142.250.187.195:443 | ssl.gstatic.com | tcp |
| IN | 142.250.194.163:443 | id.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| IN | 142.250.194.163:443 | id.google.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 172.217.16.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 67.223.118.72:443 | shica.org.uk | tcp |
| US | 67.223.118.72:443 | shica.org.uk | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ipwhois.app | udp |
| DE | 195.201.57.90:443 | ipwhois.app | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| US | 67.223.118.72:443 | shica.org.uk | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 99.84.11.131:443 | d2jiwo73gmsmk.cloudfront.net | tcp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 18.165.196.54:443 | dvwowtnmyluv4.cloudfront.net | tcp |
| GB | 18.165.196.54:443 | dvwowtnmyluv4.cloudfront.net | tcp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| GB | 108.156.32.137:443 | d2lmlpk6xgu7kg.cloudfront.net | tcp |
| GB | 18.165.196.54:443 | dvwowtnmyluv4.cloudfront.net | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 52.85.142.204:443 | d39fkvblvwpxa1.cloudfront.net | tcp |
| GB | 52.85.142.204:443 | d39fkvblvwpxa1.cloudfront.net | tcp |
| GB | 52.85.142.204:443 | d39fkvblvwpxa1.cloudfront.net | tcp |
| GB | 52.85.142.204:443 | d39fkvblvwpxa1.cloudfront.net | tcp |
| GB | 52.85.142.204:443 | d39fkvblvwpxa1.cloudfront.net | tcp |
| GB | 52.85.142.204:443 | d39fkvblvwpxa1.cloudfront.net | tcp |
| GB | 52.85.142.204:443 | d39fkvblvwpxa1.cloudfront.net | tcp |
| GB | 52.85.142.204:443 | d39fkvblvwpxa1.cloudfront.net | tcp |
| GB | 52.85.142.204:443 | d39fkvblvwpxa1.cloudfront.net | tcp |
| NL | 34.91.218.141:443 | app.fast2cloud.com | tcp |
| NL | 34.91.218.141:443 | app.fast2cloud.com | tcp |
| US | 104.18.38.233:80 | crt.sectigo.com | tcp |
| US | 34.199.134.4:443 | t.afftrackr.com | tcp |
| US | 34.199.134.4:443 | t.afftrackr.com | tcp |
| US | 104.18.21.83:443 | nationalconsumerscenter.co.uk | tcp |
| US | 104.16.247.135:443 | www.cdn925.com | tcp |
| US | 104.16.247.135:443 | www.cdn925.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 104.16.242.248:443 | www.clicken.us | tcp |
| US | 35.190.72.161:443 | fqtag.com | tcp |
| US | 35.190.36.172:443 | cdn.fqtag.com | tcp |
| US | 35.190.72.161:443 | fqtag.com | udp |
| US | 8.8.8.8:53 | stun.counterpath.com | udp |
| US | 8.8.8.8:53 | stun.veoh.com | udp |
| US | 8.8.8.8:53 | stun.counterpath.com | udp |
| US | 8.8.8.8:53 | stun.wwdl.net | udp |
| US | 8.8.8.8:53 | stun.voxox.com | udp |
| US | 8.8.8.8:53 | stun.voipzoom.com | udp |
| US | 8.8.8.8:53 | stun.voip.aebc.com | udp |
| US | 8.8.8.8:53 | stun.veoh.com | udp |
| US | 8.8.8.8:53 | stun.node4.co.uk | udp |
| US | 8.8.8.8:53 | stun.nas.net | udp |
| US | 8.8.8.8:53 | stun.jumblo.com | udp |
| US | 8.8.8.8:53 | stun.gradwell.com | udp |
| US | 8.8.8.8:53 | stun.budgetphone.nl | udp |
| US | 8.8.8.8:53 | stun.botonakis.com | udp |
| US | 8.8.8.8:53 | stun.2talk.com | udp |
| US | 8.8.8.8:53 | stun.wwdl.net | udp |
| US | 8.8.8.8:53 | stun.voxox.com | udp |
| US | 8.8.8.8:53 | stun.voipzoom.com | udp |
| US | 8.8.8.8:53 | stun.voip.aebc.com | udp |
| US | 8.8.8.8:53 | stun.node4.co.uk | udp |
| US | 8.8.8.8:53 | stun.jumblo.com | udp |
| US | 8.8.8.8:53 | stun.gradwell.com | udp |
| US | 8.8.8.8:53 | stun.budgetphone.nl | udp |
| DE | 77.72.169.212:3478 | stun.jumblo.com | udp |
| CA | 216.145.109.98:3478 | stun.nas.net | udp |
| CA | 66.51.128.11:3478 | stun.voip.aebc.com | udp |
| US | 216.93.246.18:3478 | stun.counterpath.com | udp |
| US | 70.85.220.74:3478 | stun.wwdl.net | udp |
| US | 35.190.13.203:443 | aux.fqtag.com | tcp |
| US | 35.190.13.203:443 | aux.fqtag.com | udp |
| US | 142.250.31.94:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_2148_GKQSRRTSJABHQVQL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 786c4894e2393c2a6df8fe0fd6aeee3f |
| SHA1 | 2242cd681f699ef3d642ed9ed1f202dbf6b0c1b0 |
| SHA256 | 258ce3bda497a9ddf8e00e70ab2b08608c3f3211aecc90348179eea95be084a4 |
| SHA512 | 73751c1624a8a7e8141c387159a700f637e4fed6f5974d7402fc4faf4dd72c0779eae74049746098ad2c05765fa97329c51e9cc5f422c02abaaa92035aa991db |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2148_818305957\5f5bae42-5809-482c-b5d1-48d9f7740451.tmp
| MD5 | eae462c55eba847a1a8b58e58976b253 |
| SHA1 | 4d7c9d59d6ae64eb852bd60b48c161125c820673 |
| SHA256 | ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad |
| SHA512 | 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2148_818305957\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 295c5ee8edbebe0f5828f9e3a74fda6a |
| SHA1 | a3aed7e728e48704b928df516b4f26f242495936 |
| SHA256 | 14680712165cd59a5fcd32513fd7745768a0a48a973e686e1e30e51ca5c5f272 |
| SHA512 | d5967ab2557d1a962fad95746e7191bcd938f752492f15e10c9cd685d324c29a65c91baa416ce3ed7c714dcae997ef59e2e7d745753a8c462653235500fcfcb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bf1d98626f1cbf145214263a2f01cf1a |
| SHA1 | 9924a96d6af677916259e4c7c2cd6740ef733228 |
| SHA256 | 4211cb4710f7369cec4e369c9b64f2355149d616cdd269838dadebd147ab4ff3 |
| SHA512 | a65cb18ec25e9d926aac9390acabdeece3913d44b1280a3a693079e3150e3b270150f81fb4e0d5afd096606128cb89a8511d6124dc56e406c86c2993d0d8cc2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c00ed8aa754f20843d5ccb92cea2356 |
| SHA1 | 64c6b97ea8dc6d54a7c770eeb2baded323193ea3 |
| SHA256 | 67ad69e578f0a24dec110ac4e430ffa65ea4cd3c154f7839c60928841b35becf |
| SHA512 | 3afcb3024b7308063c3522ca86586d0a68a0745ee9e977a2da1fa62461842fba8d7c9f5854890468f894477f64e98cc932642b91f926ffd15c8f302cbc919f8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8362cb070abe9c874e67cbf5526bb9fc |
| SHA1 | d775af9428ee799d15029a65ea0d24e2cf52658f |
| SHA256 | e488c1fd6b60c904ef76abc0358db3c7fb1ddfb2c2a76bf5c5ba7974a29f06ce |
| SHA512 | f0a57eb032b35a41dbf64838247008c37033b6cc259355a606fe90903faa1b3e0526241ef5db2a63a4d10180b7e652c0eacc2a8f556f5677b9d45921919f1518 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 554d0cd517c0dab17385893e2b3744e5 |
| SHA1 | b890395e51d40ddc3bd02137210e4ae6f70d9495 |
| SHA256 | e4ff058ccc556dc4adc625b724c0efd9ab19967f5297cefa13a73ddcfe3058ce |
| SHA512 | 92b1c1e0a6ba01112eeca233da924dd5e43c7c54c48283f8170d077f3625918b413580d2e0f77486316109487e98c5c06d684d912bd07de9f21ab63d6f1d7265 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 37b06f39397218b103c1db75df6efe92 |
| SHA1 | fd66e2bce3cd3cc2abfa9329e108dacd7e90ecab |
| SHA256 | 3a33281035379ac98fe6d7ca9aba4f4d935c1b877c0e78cdf746cc712764dd2b |
| SHA512 | 8c7083157de07b268b59d2486c313adb3855ee924ecee3a4fff073a664e879b3f6f09c5569625ab6a9497505127ea5afbeec33f3ab49423dc6e5eef639546632 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aa17423d5395b6acc1cd3da4d3f12516 |
| SHA1 | 6dc8bb50fcd737fc476dd9b6bc68ab37e85be04c |
| SHA256 | 707940c59648a8f480f7c45533670bdb2b1fd2835ca188704bd6e1ac09116568 |
| SHA512 | 4e9d62d04f9e7f58bdcec8d25eb1d56a36506f80da60c257ebc0767f85042e4009fb389f605913f8caa77108f3f8b322eb9d4d2419229def82477c22a5ad4b4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 212240be275c237fba8568cdf8de6570 |
| SHA1 | 6478dee4f64d3d259bf334878d0991a057361f00 |
| SHA256 | ef62bc4d2de4e59dfec9e4552cee13a57dad3a0a17a366026dad2770b2867c4a |
| SHA512 | cd1f238dc25cfbe52040672b85daa0aae8fccf61da1c19ec5c9eb2f3550fce5f11f5ede5a0597f9ac3f600c9c250ac1ccd11982b7bc7afe9e4f49a0d2806c81c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 19486d2cef870818db4d596ba6724da9 |
| SHA1 | 4b6feb93ee82c62949de1765db6343ddb13148a4 |
| SHA256 | 8dd7ca320ae24f06b213541bca770e89318c1ddb13f4dc2857fb4c78c733124c |
| SHA512 | 892fbc3e5e542650dab3547214910b3b8e005abf9b4e97188e710de28ed375b710389678e65ab7eaf4a247c8b6342e853186b258c35ce41943c2da12e2c743fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d3cc3507403e3d4c76120331ef05fe88 |
| SHA1 | a7b46c53626f294808198ae7d7352e5fe69d5234 |
| SHA256 | ba82935780c2d8f79cc959d699875a78915b1473bfe4c4dd9b03516f24c93290 |
| SHA512 | 3f03e7d2de760fa5ed1d76ab52cef720272310f9ac5eb4be6aaab8395812b67ff1525b69f67f99afa2eab638a3e8b91e1d3bf09c08fda6c2606095d8b7dbd2b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 07078a5a260d0773b89d1709fcc113f5 |
| SHA1 | 0ba42e458c8d37cf2e3e97dc11ac46cee89fec1f |
| SHA256 | 273b4ddb247fac2c390d03947c6a836b4d246aab435d19d601a8a1b623ba436d |
| SHA512 | f8e548a50b76a9b06ee4284bff2d672bdf93f3d3bf4c79efa8dfa35bfd3d9dc33e5cf570e191933aa7c55b0569743d9c6a82508a11c3445ef916741cb55b5b08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | a7a2f6dbe4e14a9267f786d0d5e06097 |
| SHA1 | 5513aebb0bda58551acacbfc338d903316851a7b |
| SHA256 | dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc |
| SHA512 | aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe645b8e.TMP
| MD5 | 71101d73066d176c84ac40cd4dbb01fc |
| SHA1 | 8033dd290be33ca3ec5ec6f121340e5ef7210b99 |
| SHA256 | 55f85ecc84e2f15898d09c153461a787c3eb84a5176f73067d59a5d2031f3649 |
| SHA512 | eb20e3a45617826ac9698c51f1a97b48019bfe239705af36c127aa4ca6e40123ba8d4149f1a7a0000d01c226eaa35a113db70498eedf6e3381de87874976c8f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e70063725e34a383f6c29ece0f4a31e |
| SHA1 | 95c815b95666f6bf863ded5a9f10f982da055609 |
| SHA256 | befb95c355470729072e970753c60f0a68bd060698b6fb7a5f8db825186f7f01 |
| SHA512 | 8c8c5f11862d26dc82a233a3cc6a01a65274ff4327fbb6e38e4b672d95be875660bcf607bcd16c535d7550d99e42e5b09e7fb6cdb5f751b8386f7e3881078006 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a9f0862fefc64b95467a791f14de32fd |
| SHA1 | 84ea5c52ed1ccecea4810a42ef10c401053c7c8e |
| SHA256 | 9122c63b8721e5c92058b774fdd771de0472486314a0c60bf327dc275e834a3e |
| SHA512 | 9c38b48156f3129cf9c38d17f9b6996d8b02a557548d63a213c7d5b1b339398526074df60ade6c49dac9a5e66fd8af8337a7fc06415a6211d3c8cf1c1cc3d0b0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ad2cba3c9e95ef9c425342be30435d83 |
| SHA1 | 85496e5d80112fe1bd4f9e3a655a5a7bc1c80f2a |
| SHA256 | b4517c52a7166519fc9a4ec1633e38ef3de673a820bbfa796d01768e7c2a9009 |
| SHA512 | c434bb2ac366532623f4ebccdcc2caa08c9f217ae40dfd09313b14f16239901962f4d232a5798e398ab7f85feb32584ab4f72c55bc17d571bcf7656b7ea44093 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b4133f866767c09986da9734fb9e0f22 |
| SHA1 | 3b522b9ce63db4d70e8d77957de13a2f5fd9e383 |
| SHA256 | 4d34cf40b06fd9e94c610b5220ca8f6fa4c90e54d9ff3fc9cbf356ac332356e4 |
| SHA512 | 4c69915af6f9778e5a3133b42fcdd978a997e43ac329b8cc84480b54037264c38133ac4a567a05129454308ec5be8729751e81fb1d31ba0483d4fac2ee9d96f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dd7ef1df2eb06e6d4d84939913c65278 |
| SHA1 | 1ec38f6c1883b15769d34d2af1af703484eebba4 |
| SHA256 | 5589b3b3a0c19575d75d5289812d8e8c762385b24eb2ce33bc0f6e375ba453dd |
| SHA512 | ca09d9e5b112669348bc7b4f8a5a1c09fbce208cbbd634f006e94f4e7393ae33723a0cc4863c31efb1758a1d585042485c3d2ac898cea023ed5fa8f3e65fbbae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ed94e9caca1ce0069bd4bbafc9326b68 |
| SHA1 | 9ec132092bc614ceac76269f3d63557ad3953793 |
| SHA256 | a0b50113ca141cbea13bcdcd3e594585e650560bc57ddd11fc8270f293a414fb |
| SHA512 | aaf6a7268c6a12954977153766c8b3aaa478bb6f9a952c27cb9ff4150826ebc5621cbbe2b3842579c56031e0aa1c17811871ebb52ef0e9b9f7df93731be4dd32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\360cd95c-1390-4360-a49e-9e6c3d927f9d.tmp
| MD5 | 3a2d4e157402b37e34ca1df3a553ddc4 |
| SHA1 | 56c1ee0dca9be2532b46c2145973e17e5b27f156 |
| SHA256 | 33b5de7bfe0fdfb7dc83297f8e030a5b010465b971bac51bb3f3665424de5171 |
| SHA512 | 2837f538629da8a6c63e6b8a7f021f887cdb52c3aeca92b1a7e8dcc1b7bcd10ebb10b9c818c1262b88f350cdd6b0b7f6a01ac93266a22fde64926fdcc54b8c5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 066bbbda7059b85adcff7b74f19ba9b3 |
| SHA1 | e9927ec4c72aa1205a863c88f5979e7110d4e81a |
| SHA256 | 6b4ec160cc52f3b678787f49104bf1608fb3dccbd3565155065f8cb2bc2f07a7 |
| SHA512 | 33acead07be1fac6473cd8edb3ee439eb5b5e073b28d822336e087d5d0dde6b417e3394eaba0c85039cb3a04b64420784df38fe0c237df4da34c5695df2f66a8 |
Analysis: behavioral17
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:06
Platform
win11-20250217-en
Max time kernel
667s
Max time network
684s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-stdio-l1-1-0.dll,#1
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications
Network
| Country | Destination | Domain | Proto |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/3112-0-0x00007FFC8C0D3000-0x00007FFC8C0D5000-memory.dmp
memory/3112-3-0x0000022F45F60000-0x0000022F45F68000-memory.dmp
memory/3112-2-0x0000022F45F30000-0x0000022F45F3A000-memory.dmp
memory/3112-1-0x0000022F2BCC0000-0x0000022F2BCEC000-memory.dmp
memory/3112-5-0x0000022F476B0000-0x0000022F47758000-memory.dmp
memory/3112-6-0x0000022F47340000-0x0000022F47362000-memory.dmp
memory/3112-7-0x0000022F473A0000-0x0000022F473B4000-memory.dmp
Analysis: behavioral18
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:06
Platform
win11-20250218-en
Max time kernel
831s
Max time network
881s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-string-l1-1-0.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4296,i,15097001321230888692,16543789583043501740,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3344,i,15097001321230888692,16543789583043501740,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4632,i,15097001321230888692,16543789583043501740,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:14
Network
| Country | Destination | Domain | Proto |
| GB | 2.20.12.74:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.192.18.101:80 | www.microsoft.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| IT | 91.81.129.181:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| IT | 91.81.129.181:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| IT | 91.81.129.181:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| IT | 91.81.129.181:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| IT | 91.81.129.181:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| IT | 91.81.129.181:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.18.190.173:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2025-03-13 01:50
Reported
2025-03-13 02:06
Platform
win11-20250217-en
Max time kernel
435s
Max time network
443s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.ja.js