Malware Analysis Report

2025-04-13 23:01

Sample ID 250313-b9e59asjt3
Target Unconfirmed 655458.crdownload
SHA256 e9013a37c6ee9bb4bee376c5d93c58957dab859c938afc69198b5143250add3c
Tags
discovery execution xenorat defense_evasion rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e9013a37c6ee9bb4bee376c5d93c58957dab859c938afc69198b5143250add3c

Threat Level: Known bad

The file Unconfirmed 655458.crdownload was found to be: Known bad.

Malicious Activity Summary

discovery execution xenorat defense_evasion rat trojan

Detect XenoRat Payload

XenorRat

Xenorat family

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Checks whether UAC is enabled

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Command and Scripting Interpreter: JavaScript

System Location Discovery: System Language Discovery

Unsigned PE

Browser Information Discovery

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of UnmapMainImage

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-13 01:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

436s

Max time network

460s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Newtonsoft.Json.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Newtonsoft.Json.dll,#1

Network

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

441s

Max time network

444s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Xeno.dll,#1

Signatures

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Xeno.dll,#1

Network

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

439s

Max time network

442s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-convert-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-convert-l1-1-0.dll,#1

Network

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:13

Platform

win11-20250217-en

Max time kernel

436s

Max time network

457s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Infinite Yield.lua"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Infinite Yield.lua"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:06

Platform

win11-20250217-en

Max time kernel

437s

Max time network

443s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-filesystem-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-filesystem-l1-1-0.dll,#1

Network

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:06

Platform

win11-20250217-en

Max time kernel

899s

Max time network

849s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\index.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133863042635470750" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4852 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\index.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f420cc40,0x7ff9f420cc4c,0x7ff9f420cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1800 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2112,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2140 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4496 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4744,i,17445830758066174715,15955323095139412813,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4504 /prefetch:8

Network

Country Destination Domain Proto
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 224.0.0.251:5353 udp

Files

\??\pipe\crashpad_4852_IUJRWYXENRNSCEOO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 9137d7c89253d43d41f3b799143b2b50
SHA1 a314151b008a47dbaf13b74db3f8f553b00824c5
SHA256 46850e36de5bd682189f92c29db7d47d826e7e6eede3ca76d83112b96a22e663
SHA512 909adc2566339f8ccff185863b3a444fafa8b9f372cc58a4561a0295c0d03a9832209aca30c159e017e4ee9518617635382cec5e3847c077b4b85ad3269d1619

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 387a9f418c99b3a074c4080a3589f0c4
SHA1 cb168e87c768a18d36404d9146d5b882c2e97243
SHA256 5941bd9d8142f690553c09ef9c1c48743534a9a508f0b5968eb9039a26b35b29
SHA512 36452e67c8acb39c0dbb8707ddc92cd50838eb2cdd833d1209dac322cc420570a784fbc9efc96e0c90ae7bb1f5f18d4811a94e1b455bdc57e924e8638830b569

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7f50fd942d3c562007471a4a3b016476
SHA1 2a293dacaf708a0a3f398e3431682f6c3c94aa13
SHA256 c43cf94b8b10e583a4c59489827fdf639550a4e49ef17f850b02898582d149df
SHA512 13fba53490f03ad05265bd4392c85498a35edd6f2c2143c5771819f65e831f5c4ed8711d9b82854f3e61fc4a05b1e472249f80f944cae44d99d15f43453f4b12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ebf2c78f3a439b876994010e4164eb9f
SHA1 03b299221624bfe26d3a46aa50eab51d8d288889
SHA256 4dddc7c444602b8017f300163f22d0887ae5d88a23742b2fcd897b45be0758cf
SHA512 a8bb95aa8460d1412514658fb4daaa78c9e4cc7080ab2e24b4dc0634b8096cf57cbbb17d8041131bd6e8e37f74c7f1fa10c18537bf5e0a5616619acfbc0a06e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2b59d60ba552ca687fc29b7b6e942fa7
SHA1 5c243b4dd6f4a2d3583d8931a4573b13ee1cb9bb
SHA256 bf47e04ae5b1cf68a2c7add04c980d2836ea1ccb5350cb256ff1a7a6d42053e3
SHA512 4e971cdcf5e046295999213c6f246293490acd622b22966f7c2eae0df372c7c7843d1470a816250cdba36f4f57a83220409b12a6e26cb2f94a177964a62348d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8a2898c671f114111c3e2394c57d1d08
SHA1 d325345232cdab739246fe702160498cafb2643f
SHA256 71b2c94b8e47b59006a5d2a1ed270d9631beb7ab5f24a1fa8ba12158c27829a6
SHA512 c9651237169961a0b170187b6690b8111cf2d3456a64764ba46db3369f9aee990b453a2753614a169fd86f90899fa5a379018f5fe5e502de9a818be5f5f8b2e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a491ea68-83ba-4934-9087-bd4cf402551a.tmp

MD5 8dfa52f46fce1f464a69c10be70746a1
SHA1 535d27fdc089d94b935976b42d48078840d631e5
SHA256 88b32bb30a156cd720aec030b2a3fb003eedb131ff9e6b27c3623f70e17480c3
SHA512 6b39b4c8a78003599b3db33666ecaa956f31cd9a9d151902ce14227a6d62cd3f03fc00865133047f1f4af411b6c8eba10bfea2c0d59a42a2568b87c87884ad99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8ebd697f1f5858109a311d485792586c
SHA1 449685fc41da90e6cc6bb5688226097081033744
SHA256 42d3c93af2217b01ffc8e6a8b74d524ef0acbb02693bde8fcd434f1dd8b057a6
SHA512 f08af331c4f03a8426fbc9ff6047a44f8ed4b2f77250c61414472b464eb9bd9ce34c9b3a6c8c86b10c06bb8543b028dc8c747ec3a26c11d552397d36114d3cd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4af9ff81049e59c3c8d172cacc0050a7
SHA1 cc34f6cd7761fc2546e462d9e1d35fb7c50a5fb8
SHA256 6a3c17bda8ef646fecee537c13a2e865ab161c0d88705d00efcfbe3e6c70d8ae
SHA512 fbd376d46424020f1dd51273f1abd64d0b6a8aa2d8690ded1a7312bfcac6be7af6e103c7b7196c6c035c9427cadad7ad1581c4ed7beac8e7d27cab920d00bd85

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1aaaadf57cfc807fde6affd34ea84c97
SHA1 25f8c1f3104f14ac1a00ba9476f4c5475ec60dde
SHA256 9b6f681b867d3b203913b4c42774b420060f191c5892e56de920a9706d5afbf1
SHA512 4fcf09c53bfd28a0aaeea14f8f967a1f87fe7aa3002dc3ffc785541ab683bbc88789cefe7e626245122bcc547ca3ee1eddfbab8371a6d0442fe7a2a97558681c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e233becf9a5bf6ef54c8b90b8780532
SHA1 340ba1ae3c0b2ff940f6fd5e52f84bf7dd8ba4aa
SHA256 f2621634d9524a976bf58a409e211cc68867816ddc6bbe125cf44f48f63ffbbf
SHA512 043412816122ac732d7778dd540c5449951349459876baa0b0caba1c04ad359522cfb0a14b5e04bb3d02ef0f95f46d0ab46eb75acbc981ee86b43feda3a43b1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d1fd92a8229f7de5460471647f8dd28
SHA1 ad3698d45c8a74e7aa867dead8f367f066b4afbe
SHA256 d8df22edffee64b5eda2033c52d97a863d2adce8098440da0781226cd44cfb5b
SHA512 8e66d1a7749c1d694b1f3f35e1de217e90a8d71586cb402c562d4e5c639df8bb5f2bc0665d5701104693c21c6c9048bf8a1c95fa2fc6620a42c27aac6b53aca1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 167be1d812bf7d65d6ccb4158070a0c8
SHA1 5bbcc624963b5a3a458940c1a127a9d7ba288ced
SHA256 19704d5c357bff852d4d182fd944213c2ba6a5c82831aa89fc303d4102195122
SHA512 6ed3c89841bba59a50db2eaa197fbe45d0fbfe2dba2e52e53f9f7988dbadd6076d6e8a81ca0035392ca6956a5984efb101fb63dd6339ad1523c681431a585058

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f0580534c5b32963b0ce2b5c597fbe2
SHA1 d8204f7b8723a4bad3da7b918eb422580ffc4ee4
SHA256 4606d16bad905159766d42f78cbd3ee5200ba4e8d38c39f9179481d46897e190
SHA512 6b4959bbb9be1894ef26c6776a47cc67ab607629529da9b913fe045c993ffd98556c0530cac4a5ee75eec2d778d85ef10a3960243458a8edf49cc2cc91360100

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc8c60a6fcb72c8805b82afc8e7fd2b6
SHA1 05b171f3e05f6e0c06e92e6c844c2ca66255e5ad
SHA256 8e643b03d55d3055d2bf72c2372187134bdb9103887ee228656e37ea58194565
SHA512 f86979a2d84e63a62da8715fedfd6cb7b9b7bec342838f0e789fe6f54fc1be9a8a104fbbaf0fed402b1f2d812c67310c23aafcf26a71c7d5124472c807a3ff11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ad0f1bdf811f280a21b149e9d57fa6a
SHA1 3f28a6cf40d25e36d8ca1cbe66d5146e3f771a4a
SHA256 21f32e9dbec54f62fabc34cf49c0430786cfdcfd13bf37a2dea1061afd5177cd
SHA512 b58542291943fb33b513609c5583d080460dd95e05d7da7a7aec5da55b19d6ef53cd383c009093d61522cbfe6e3016f8c5d79ba0064deaa35e3f3204330fd18c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd23bf689dc2bdff9c05f09d7e2fcaa9
SHA1 733c0acffeaa02c86ad0255d8c1f48e00d56f15b
SHA256 ed2c67083a8c9e79641b3bbe636576fbd3e99c474c02b6049500776b4181ffc2
SHA512 dcab7406afffcc885b8b8b47e5608ce887e110d7beebd02b13bc4926ab52a8d58256b90043b77d7eda00a1f1c9e8120bf674cc353b3dfc79d3ebb6950f60d75d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1068e1d47f1148c39def0b5ce4c04a3a
SHA1 7591957ff4621b9278ff518ec2bfedab626b9c06
SHA256 97bc728fa0584a813b27dd2d7df0e0b2543b3910b3c5b8196347a4a05abbfc42
SHA512 d644f651a79ff1aef00edfefc3ff7ca566d46bc65e6457f71a88e7bc8c9f28a0edba20fb5b2f52e4fcaf64fdb130926aaa9c6787115a6fe02b8d5fe1293137b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b41c50cfaaaaf8a234f961a29246fb1c
SHA1 eff75b300d9839fe5d771215ef5acf32ae83951a
SHA256 13822bae064c175b659f74ebe6ed0cb4acf5ac5eed12ef3a0868b6ab885202fd
SHA512 a608461d537758134202d670e6be2d8aa611375309797ac13086d10e5521f9b33e3904a3a9e2d33a67a44a64e73c3d7607bd7b8c70f1afb4952c68a3571f6472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 880c831a8463503278c580763f29e4f5
SHA1 1836fe9cb0fb2dda11ac3d5921a3ad4791cd980c
SHA256 a9315265e5a80f24f22f7e3486358e8eaa726d8e1d4e38599a37e1be747eb6ff
SHA512 f9f0b241d86949fd91d033dac226f90ab6280de676a0734c91131e863b6b225e0e275c72397a78554bb42babd5e505a052cd3e9e7717995df63234ed5ddadcd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89d642051c7b73cde3556665f63574e8
SHA1 86a329ec872e761ec35f28548edd8a2e2cdc2847
SHA256 2f217b061049db996a47c374a9eae280e2679ad6d5835f5bca9df58f63e0f112
SHA512 89d7704039f8dcea6d3d837eb528e7e137ca164632ae3b843aebc1a8352a69f424c2255af94beb4a5aa44be493299782e9f462eb9f8b02bb7fb2ff8f1a3aeef1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 362d45e61b050b559ef60d319509f8ec
SHA1 fa66ff01b5fe47f051ee4d80f6c02ae435a8c6d5
SHA256 b235b844c89c5806c58bda99cafa94ba525fde75085c8e238d376cac464bd595
SHA512 fe35955f693e3be6973f5bb91d6e42f88cb7f8216b4d6a77ce6cb71f348d7bb31d45ce842f98a5ca0ba89ea994e542f45bcbd87e4abc4bd21fa6c2579f1a3303

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e37d27302212544e1e5d385bd21e44b5
SHA1 ef1ee7ab51cc4b2929f2e71a74203da53e2cf482
SHA256 05482fa1e0d0a324715dd1613ef0261e281fcef374125428f14b4aebae3f802e
SHA512 9c20a693b6eaf3ae4bca4653d93a749287795e978f3eb2411f7f59a295bc81f9d6fc78b51f93daedccc09c8501d06d570ba153018c96364d6f761700cad9273e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0951de17a4aa604ecedf8b8d4d8daea
SHA1 8b802440482ad946bf68c2fcf443fda270cd265a
SHA256 a02e88b863b8d3faa610a3247fda168e85253a845da020fc8f746de6ea91cf74
SHA512 7a7df24c39b51b03122a686111d39c55496c349190c56d084f954125ac599338217b4ab9bfa075967a03b35c39f9fbdefb2aa92e7c3b0c1c486661a9c8172a65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 000689bea927298c3c1428c7d77605d8
SHA1 8607336da5b6ef475b3bbe159c44f8a6324c43e6
SHA256 90d7a9cd197b9d9aa1e48721d8528cdcef3b6eb97395e5a882b6afbcc099a812
SHA512 59413bbcc120218f52758d0d28c7a5aa034f6ee7fa254ed7500a40ecde4d4d909005b0f40f2bb7e0974e1f83db715212d88d55e8ae6dc01bedfc2d96b3042d19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0bee9ceb76f0663610446a593908ae39
SHA1 cea22b32e5ffa4fcc1ac752fcb24e38efe6ecc36
SHA256 a1c2158ead13c110858f38dcc0f43e4d1e13e3dfff650cac6de42352756e4215
SHA512 056c309a998cda9c5249045d9bf21bcf2e9eebfac01f0cdb7f4783ed1ab057ef28590fefe133bf69815b1d007f52dbac137db1cd035faa94fb0f79321e329d10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac69ca43a52445a5eb2c92d9411564f2
SHA1 313849cb44ae6fca12ac816e4eb7f5d1ac69c8ba
SHA256 bcf028f5962cec1fae2500a81b753e92ba6b098356ba4d320b48a3da76c9405d
SHA512 509f7d5bed0220f188baf009d899ba90cd14eadb7ebce2a7372602d934c413dfd2856e2b1d4c2680a6f62e472a7ef7ab598bf3565dad0ba23cb38407ace59f38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3123565c6a0987e95e137a3da985219c
SHA1 8f08c7016be1abd34aa8317d8ba7c050ca3f1470
SHA256 f64b55077ca8840c5e0a8fd46aec502fb449c8a69117970fdfab7e0ddbcb1a70
SHA512 09addd6bcd8cfa1b75afccde3767d73e41f6b608eff927d92abdac9b9404e9d39dd126a7a68a75b8662d68879fe7a34cd1a9a7995ddfe9ecd7bcb24cca172f3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e84cb85d922453b73b5fd215965657d
SHA1 b31cab2b26b936994f3596983bd3910a5431fed0
SHA256 a999ff9b7535c1b318b5cdfe587c2d6f6f24223e8121ef048a32ce2e13f6c27b
SHA512 c8c2faf9117159d8ce9bdf88788711f178385258608a53bd0ffbf821bcd5e890254cabbe6a6ccf3eb5a3d8ce97e56ca074f635bf0bbe75564fd47098ef669188

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ebe9535f12d065b866e992e935a8c739
SHA1 20480b6b9b90ba36f82655c06199bd553992a20c
SHA256 7797f56d1a20600213fd04d1d1887c16a16b3e8b468e7f2e7e8c794320800f2f
SHA512 13a267ef0d3b299207ed618252599a8e3ce2c271addfd2f593316d04e1b7a4e7e0468be2042180eca2980d550e734cc9934b3c9274123efa34e747d2db20063b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7173394b31f777e0f64b9be28ce71380
SHA1 2fe88c339cdde012c2055ff911335c9206d039b4
SHA256 200ff95cacf6aa297c2ea13aa81c7434a91d10d15fec0aa05003f5fca2ba8aae
SHA512 f6daf2ef4b7c5d2d9c82ad0b08c8400a5e3ead90b092aa8a94477cc60d73970fdca455866bed2a674be82f8999daa1cbd0e5e42e52513e896b8cc624d7f804da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1dc3dfff11420195c8314ea5bba0f52c
SHA1 904cb7fd8a5c47d0647403b6cf51b76ab4bbde4d
SHA256 78acc72bc982256f8143fc57ab8168ee17343f38959131bb4c042b7b693b810f
SHA512 fe4b2f79b820d9f8c12ab9b24f28f66915c2b60e0257a0765d1c6e6af0ced6e26f54bbdcd63a499fdfbad5ac1e0129fe529d1c0f9fcb6da48d338a2c7dd0f3e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f106b5df74da0265d071ba1e516a965a
SHA1 8c2af9665f9966b32eb0809bbdd8ca8f29381a45
SHA256 ccc84a5d771f1bb90ead6113195b136ecf35b76b9eff25b739136ce307c426a9
SHA512 ee2d8e0bde36befc90558d3b04360efff0da192275cba1638f1dc4d92c89629d8550fe2205f799c3ca4bd3ed3143c0aa0c9fe909f7762f5178db0c79cae83b01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1c17cfd8241e390d7f7170d8c07e910
SHA1 1554610009c5ceae5d5346c91c573ca54579b98c
SHA256 1a0ecb396173ee4a518a3df869b8380c0b8df9473e01980033c08013fe021837
SHA512 cbb46e63b697e1fdf669d0e823d19e14ce0d070856cae7d79a743422297f86cd9f1c19e040509426195f855a44998758839cd2e6b40fef00f7fef9fe35fb434a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8f673f089864a8ec041086e9c0c5db9
SHA1 9c0c02b1b89dfded85bdee45dda9668319a9b335
SHA256 ed7f8d68e316275b2e7e23a2a66046656bb2ae547c838fb3358591bc9c3c103d
SHA512 44b9f79891e11bfea09f1af148d0ee50b301bb00bd5464459e511ffd39a42ab88a0d4ae2b7f27aa4c07e9bc95c225ca334cbe6d6c37608e696f3abb2780cf5d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 145015b8e3cf08e2d2a0b503d12edcb9
SHA1 eb692529162d2e4521e862f4f296192833a271f7
SHA256 00daa647c77466f218414a4576f3497707a4e2612625d7af67a2593fa2629fe7
SHA512 183aa8ae68d2dd696f0ed91543f8da2f086fdecb8a1553eefca1ba202b434adc3002e58037f01198246616609985e5c1fc46f81586aff1ce8427e0a5a553616a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7dd6c9805f8721d457993ebdcb2316ef
SHA1 84fdf847f01759b10e3b3b9a5ea85a2f7abd559b
SHA256 9bcfd2e3df0b56136d9e90827cc018e403c427812d3db9f0cf874cfff15f94e0
SHA512 d64da905d85c98def9a37c1c55b011102b2e6b95fa9f22ca9940f4cf3865d44f0ea9ddebe326c8b42980c1a41a15fafbf1f745e607abc606d2338012435a8e43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4eaa4af522da35a0cea8a0005d2671d
SHA1 eae1d672b43f65a97d31c373f148625ed2816106
SHA256 6d775ef05602327b3b1f1d6f5c02b39993688c7bf14b70ffe3e87c545c96cec5
SHA512 11da4770a6247f090deb12873adb1029894613895091d82df01d63e680c96cf59fe9c4f09560d51cfd06940fb7bea1d6d72369c5e6f7ff3c7a7ff3c23ce19eb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 44812cbed53ffbb5143445476d23abe0
SHA1 bd94a30aba2e68324c26c4fd0f2b7ee124a41b6a
SHA256 71732c90b5ec67df4afa20669742d5a67a4dfb570615005bc995f4896cd6197e
SHA512 49b8d91e8a9e84e77d28a6b957359a2462a0500788832079639ac224bee88f173ef73c3be9d205bc839bfdb531023f31ef8c5c63720d6f9d70ffd901b13dd60c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22c09083813bd2e7037b93b2fa69cda8
SHA1 c5c5400d2c5d7061cf38ccca8f4c75c7e9395951
SHA256 657ca8aadcb1cb2541ad18a25f12ccd6e56b7014feb8d15c1d7142631795ac3e
SHA512 78bce5a6abcb67f19fca15126c8b3d1e188cc305b01a375b5ef831b16fff988489b38aec42690f768e73526caa1f54d838863bb4f0f3fdc686d3bb44b81be508

Analysis: behavioral24

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

176s

Max time network

895s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.de.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.de.js

Network

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:06

Platform

win11-20250217-en

Max time kernel

420s

Max time network

428s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.exe

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.exe"

Network

Files

memory/2672-0-0x00007FF8E9C53000-0x00007FF8E9C55000-memory.dmp

memory/2672-1-0x000001E5C1AF0000-0x000001E5C1B0A000-memory.dmp

Analysis: behavioral16

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

429s

Max time network

434s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-runtime-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-runtime-l1-1-0.dll,#1

Network

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

445s

Max time network

448s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.js

Network

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

434s

Max time network

438s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.fr.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.fr.js

Network

Country Destination Domain Proto
US 52.111.227.13:443 tcp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

435s

Max time network

438s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.it.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.it.js

Network

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

430s

Max time network

435s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Microsoft.Web.WebView2.WinForms.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Microsoft.Web.WebView2.WinForms.dll,#1

Network

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

438s

Max time network

441s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Microsoft.Web.WebView2.Wpf.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Microsoft.Web.WebView2.Wpf.dll,#1

Network

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

433s

Max time network

437s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-math-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-math-l1-1-0.dll,#1

Network

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:03

Platform

win11-20250217-en

Max time kernel

777s

Max time network

780s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 655458.zip"

Signatures

Detect XenoRat Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

XenorRat

trojan rat xenorat

Xenorat family

xenorat

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\localizationUIScrapingOn.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\StudioToolbox\AssetConfig\listview.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick2Vertical.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\MenuBar\icon_chat.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\AnimationEditor\button_control_start.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\Debugger\Breakpoint.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\common\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\TopBar\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\models\AvatarCompatibilityPreviewer\pedestal.rbxm C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\AvatarEditorImages\Sliders\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Emotes\Editor\TenFoot\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\VoiceChat\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\models\AvatarCompatibilityPreviewer\bodyPreview.rbxm C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\AudioDiscovery\ok.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Controls\DefaultController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaApp\graphic\playBtnBackground.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Settings\Help\UseToolGesture.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Settings\LeaveGame\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\api-ms-win-core-string-l1-1-0.dll C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\fonts\Ubuntu-Italic.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\VoiceChat\SpeakerNew\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\configs\DateTimeLocaleConfigs\pt-br.json C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\avatar\meshes\rightarm.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\configs\DateTimeLocaleConfigs\es-es.json C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\GameSettings\placeholder.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\TerrainTools\mtrl_concrete.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaApp\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\localizationUIScrapingOff.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\fonts\Roboto-Regular.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\fonts\families\DenkOne.json C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\9SliceEditor\Dragger2OutlinedBottom.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\MaterialGenerator\AddImage_48x48.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\StudioSharedUI\close.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\StudioToolbox\AssetConfig\selected.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\PivotEditor\SelectedPivot.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\TopBar\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\VoiceChat\MicDark\Unmuted100.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\VoiceChat\RedSpeakerLight\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\InGameMenu\gradient.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\MaterialCursor.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ViewSelector\top_hover_zh_cn.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\avatar\heads\headP.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\DevConsole\Error.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\VoiceChat\SpeakerDark\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\AlignTool\Help.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\configs\DateTimeLocaleConfigs\en-au.json C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\DevConsole\Search.png C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\content\textures\ui\Settings\MenuBarIcons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xeno.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xeno.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xeno.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xeno.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "223" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133863042829233797" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-2b67309334b54dab" C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-2b67309334b54dab\\RobloxPlayerBeta.exe\" %1" C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 = 7e003100000000006d5a630f11004465736b746f7000680009000400efbe515a50a76d5a640f2e000000365702000000010000000000000000003e0000000000303550004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol" C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5000310000000000515af6ad100041646d696e003c0009000400efbe515a50a76d5a5c0e2e0000002c570200000001000000000000000000000000000000d8732c01410064006d0069006e00000014000000 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-2b67309334b54dab\\RobloxPlayerBeta.exe" C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\NodeSlot = "4" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000c382c0b27e81db01284c28928581db0124b8c3f7bb93db0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol" C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-112184765-1670301065-1210615588-1000\{FD8934DF-7D28-4379-890F-56472B07994B} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Release.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1712 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1712 wrote to memory of 5172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 655458.zip"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95536cc40,0x7ff95536cc4c,0x7ff95536cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1816 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2164 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4460 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4588,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4608 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4740 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4736 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4608,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4972 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5092 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4896 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4164,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5124 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5244,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5184,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3420,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5548 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4408,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5468,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5328,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4428 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5092,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5376,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4940 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3304,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5668 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5684,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3412 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3332,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5220,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5052 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5352,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4396 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5232,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5060,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5016 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6128,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=3248,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6112,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5864,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5840,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6356 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3276,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6384 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6024,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7056 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.exe" -personalizedToken XYWQHGYD97 --deeplink https://www.roblox.com/games/16732694052/Fisch -app -installerLaunchTimeEpochMs 0 -clientLaunchTimeEpochMs 0 -isInstallerLaunch 1200

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6860,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6808 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7332,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7344 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7328,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7364 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=5972,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7500 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7064,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7372 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6020,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7068 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6248,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7416,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7480 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7684,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6040,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7820 /prefetch:8

C:\Users\Admin\Downloads\Release\xeno rat server.exe

"C:\Users\Admin\Downloads\Release\xeno rat server.exe"

C:\Users\Admin\Downloads\Xeno.exe

"C:\Users\Admin\Downloads\Xeno.exe"

C:\Users\Admin\Downloads\Xeno.exe

"C:\Users\Admin\Downloads\Xeno.exe"

C:\Users\Admin\Downloads\Xeno.exe

"C:\Users\Admin\Downloads\Xeno.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=7080,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7736,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4396,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7016 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7164,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8088 /prefetch:8

C:\Users\Admin\Downloads\Xeno.exe

"C:\Users\Admin\Downloads\Xeno.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6172,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8084 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=7692,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6988 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6900,i,810526912768174807,7407626744414098973,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5228 /prefetch:1

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3994855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
GB 172.217.169.14:443 play.google.com udp
GB 172.217.169.14:443 play.google.com tcp
GB 172.217.169.14:443 play.google.com udp
GB 172.217.169.14:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 clients2.google.com udp
GB 142.250.200.46:443 clients2.google.com tcp
GB 142.250.187.225:443 clients2.googleusercontent.com udp
GB 172.217.16.238:443 ogs.google.com tcp
GB 142.250.187.195:443 ssl.gstatic.com tcp
GB 128.116.119.4:443 roblox.com tcp
GB 128.116.119.4:443 roblox.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.187.85:443 static.rbxcdn.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 18.172.153.77:443 apis.rbxcdn.com tcp
GB 52.84.90.122:443 images.rbxcdn.com tcp
GB 52.84.90.122:443 images.rbxcdn.com tcp
GB 52.84.90.122:443 images.rbxcdn.com tcp
GB 52.84.90.122:443 images.rbxcdn.com tcp
GB 52.84.90.122:443 images.rbxcdn.com tcp
GB 52.84.90.122:443 images.rbxcdn.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
GB 18.244.140.128:443 arkoselabs.roblox.com tcp
GB 18.244.140.128:443 arkoselabs.roblox.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 usermoderation.roblox.com udp
US 8.8.8.8:53 sin4-128-116-50-3.roblox.com udp
US 8.8.8.8:53 fra4-128-116-44-3.roblox.com udp
US 8.8.8.8:53 dfw2-128-116-95-3.roblox.com udp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 ord2-128-116-101-3.roblox.com udp
DE 128.116.123.3:443 pulsar.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
GB 2.18.190.80:443 sc0ak.rbxcdn.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
DE 128.116.123.3:443 pulsar.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
GB 2.18.190.100:443 tr.rbxcdn.com tcp
DE 3.127.19.77:443 s.ns1p.net tcp
DE 18.193.147.73:443 s.ns1p.net tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
GB 18.239.236.60:443 sc0aws.rbxcdn.com tcp
GB 18.239.236.60:443 sc0aws.rbxcdn.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
GB 172.217.169.14:443 play.google.com udp
US 104.21.45.84:443 xeno.now tcp
US 104.21.45.84:443 xeno.now tcp
US 104.21.45.84:443 xeno.now udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
FR 91.134.10.182:443 i.ibb.co tcp
FR 91.134.10.182:443 i.ibb.co tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 s3-eu-west-1.amazonaws.com udp
IE 52.218.97.123:443 s3-eu-west-1.amazonaws.com tcp
GB 23.44.64.10:443 www.stepstone.de tcp
US 172.67.135.229:443 lootdest.org tcp
US 172.67.135.229:443 lootdest.org tcp
US 8.8.8.8:53 unpkg.com udp
US 172.67.135.229:443 lootdest.org udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.17.247.203:443 unpkg.com tcp
GB 99.86.249.5:443 d11kp34sgosvfa.cloudfront.net tcp
US 8.8.8.8:53 api.taboola.com udp
US 151.101.129.44:443 api.taboola.com tcp
US 52.216.60.42:443 fingerprinting36542.s3.us-east-1.amazonaws.com tcp
US 104.21.21.90:443 nerventualken.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 104.21.21.90:443 nerventualken.com tcp
US 104.21.21.90:443 nerventualken.com udp
GB 18.245.206.228:443 d1wzdj81h1hubn.cloudfront.net tcp
GB 18.245.206.228:443 d1wzdj81h1hubn.cloudfront.net tcp
US 8.8.8.8:53 nnpjd.truthwasisadl.org udp
US 8.8.8.8:53 curyrentattrib.info udp
US 104.21.41.244:443 1.onsultingco.com tcp
US 104.21.41.244:443 1.onsultingco.com tcp
GB 18.245.143.128:443 curyrentattrib.info tcp
US 34.195.224.242:443 nnpjd.truthwasisadl.org tcp
US 34.195.224.242:443 nnpjd.truthwasisadl.org tcp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
BE 64.233.184.84:443 accounts.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.21.41.244:443 1.onsultingco.com udp
US 104.21.21.90:443 nerventualken.com udp
GB 2.18.66.73:443 tcp
GB 23.218.72.229:443 cxcs.microsoft.net tcp
GB 95.100.153.157:443 www.bing.com tcp
US 172.67.135.229:443 lootdest.org udp
US 151.101.193.229:443 cdn.jsdelivr.net udp
US 104.21.21.90:443 nerventualken.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 104.21.21.90:443 nerventualken.com udp
US 8.8.8.8:53 curyrentattrib.info udp
US 172.67.167.208:443 0.onsultingco.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 74.125.105.103:443 rr2---sn-aigl6nsk.googlevideo.com tcp
GB 74.125.105.103:443 rr2---sn-aigl6nsk.googlevideo.com tcp
GB 173.194.183.169:443 rr4---sn-aigl6ney.googlevideo.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 142.250.200.54:443 i.ytimg.com udp
BE 64.233.184.84:443 accounts.google.com udp
US 173.194.140.234:443 rr5---sn-q4fl6nde.googlevideo.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
GB 142.250.200.33:443 yt3.ggpht.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
GB 172.217.169.14:443 play.google.com tcp
GB 172.217.169.14:443 play.google.com tcp
GB 142.250.200.46:443 youtube.com tcp
GB 172.217.169.14:443 play.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.180.14:443 consent.youtube.com tcp
GB 74.125.105.103:443 rr2---sn-aigl6nsk.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-aigl6nz7.googlevideo.com udp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 74.125.168.103:443 rr2---sn-aigl6nz7.googlevideo.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 yt3.ggpht.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.230:443 static.doubleclick.net tcp
GB 142.250.187.193:443 tpc.googlesyndication.com udp
GB 142.250.200.46:443 www.youtube-nocookie.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.227:443 www.google.co.uk tcp
GB 142.250.178.17:443 csp.withgoogle.com tcp
GB 142.250.178.17:443 csp.withgoogle.com tcp
GB 142.250.178.17:443 csp.withgoogle.com udp
GB 142.250.178.17:443 csp.withgoogle.com udp
US 172.67.167.208:443 0.onsultingco.com udp
US 104.21.21.90:443 nerventualken.com udp
US 142.250.31.94:443 beacons.gcp.gvt2.com tcp
US 142.250.31.94:443 beacons.gcp.gvt2.com tcp
BE 64.233.184.84:443 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
US 142.250.31.94:443 beacons.gcp.gvt2.com udp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
DE 128.116.123.3:443 pulsar.roblox.com tcp
US 8.8.8.8:53 fra2-128-116-123-3.roblox.com udp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
GB 18.245.187.77:443 static.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 2.18.190.82:443 sc0ak.rbxcdn.com tcp
GB 52.84.90.101:443 images.rbxcdn.com tcp
GB 128.116.119.3:443 voice.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
US 8.8.8.8:53 lga2-128-116-32-3.roblox.com udp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
US 8.8.8.8:53 sc0.rbxcdn.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
GB 18.239.236.105:443 sc0.rbxcdn.com tcp
GB 18.239.236.60:443 sc0.rbxcdn.com tcp
GB 142.250.200.46:443 www.youtube.com udp
GB 2.18.190.100:443 tr.rbxcdn.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.33:443 yt3.ggpht.com tcp
US 8.8.8.8:53 auth.roblox.com udp
BE 64.233.184.84:443 accounts.google.com udp
GB 173.194.183.104:443 rr3---sn-aigl6nek.googlevideo.com tcp
GB 173.194.183.104:443 rr3---sn-aigl6nek.googlevideo.com tcp
GB 173.194.183.104:443 rr3---sn-aigl6nek.googlevideo.com udp
GB 142.250.200.33:443 yt3.ggpht.com udp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
GB 18.165.242.74:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.3:443 apis.roblox.com tcp
N/A 127.0.0.1:53291 tcp
N/A 127.0.0.1:53295 tcp
N/A 127.0.0.1:53298 tcp
N/A 127.0.0.1:53301 tcp
GB 13.224.245.62:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:53316 tcp
GB 13.224.245.62:443 setup.rbxcdn.com tcp
GB 13.224.245.62:443 setup.rbxcdn.com tcp
GB 142.250.179.228:443 www.google.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.14:443 play.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.169.14:443 play.google.com tcp
GB 172.217.169.14:443 play.google.com udp
US 142.250.31.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.201.110:443 consent.google.com tcp
US 142.250.31.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.22.49.74:443 cookie.any.run tcp
US 104.22.49.74:443 cookie.any.run tcp
US 104.22.49.74:443 cookie.any.run tcp
US 104.22.49.74:443 cookie.any.run tcp
US 104.22.49.74:443 cookie.any.run tcp
US 104.22.49.74:443 cookie.any.run tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.17.247.203:443 unpkg.com tcp
US 104.22.48.74:443 cookie.any.run tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.179.228:443 www.google.com udp
GB 172.217.16.227:443 www.google.co.uk tcp
GB 172.217.16.227:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 173.194.76.157:443 stats.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.227:443 www.google.co.uk udp
GB 216.58.204.67:443 id.google.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 www.solarwinds.com udp
US 8.8.8.8:53 images.contentstack.io udp
US 8.8.8.8:53 assets.adobedtm.com udp
GB 95.100.195.173:443 static.solarwinds.com tcp
GB 95.100.195.173:443 static.solarwinds.com tcp
GB 95.100.195.173:443 static.solarwinds.com tcp
GB 95.100.195.173:443 static.solarwinds.com tcp
GB 95.100.195.173:443 static.solarwinds.com tcp
GB 95.100.195.173:443 static.solarwinds.com tcp
US 142.250.31.94:443 beacons.gcp.gvt2.com udp
US 151.101.2.137:443 images.contentstack.io tcp
GB 23.192.17.91:443 assets.adobedtm.com tcp
GB 95.100.195.173:443 static.solarwinds.com tcp
GB 18.165.242.72:443 cdn-app.pathfactory.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 151.101.2.137:443 images.contentstack.io tcp
US 13.107.246.64:443 infrastructure.api.solarwinds.com tcp
US 104.18.39.141:443 analytics.ahrefs.com tcp
US 104.18.39.141:443 analytics.ahrefs.com udp
US 130.211.29.114:443 cdn.perfdrive.com tcp
GB 79.127.237.132:443 cdn.trackjs.com tcp
GB 3.166.65.64:443 euob.herbgreencolumn.com tcp
US 35.241.15.240:443 cas.avalon.perfdrive.com tcp
IE 34.251.101.162:443 obseu.herbgreencolumn.com tcp
US 150.171.28.10:443 bat.bing.com tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 172.217.16.227:443 www.google.co.uk tcp
GB 172.217.16.227:443 www.google.co.uk tcp
GB 172.217.16.227:443 www.google.co.uk tcp
GB 172.217.16.227:443 www.google.co.uk tcp
IE 66.235.152.221:443 smetrics.solarwinds.com tcp
CA 148.113.163.217:443 usage.trackjs.com tcp
US 172.64.151.166:443 privacyportal.cookiepro.com tcp
US 172.64.151.166:443 privacyportal.cookiepro.com tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 130.211.29.114:443 cdn.perfdrive.com udp
US 104.18.39.141:443 analytics.ahrefs.com udp
US 35.241.15.240:443 cas.avalon.perfdrive.com udp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
GB 142.250.179.228:443 www.google.com udp
GB 172.217.16.227:443 www.google.co.uk udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
US 142.250.31.94:443 beacons.gcp.gvt2.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 142.250.31.94:443 beacons.gcp.gvt2.com udp
US 142.250.31.94:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:4444 tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
US 8.8.8.8:53 virustotal.com udp
US 216.239.32.21:443 virustotal.com tcp
US 216.239.32.21:443 virustotal.com tcp
US 34.54.88.138:443 www.virustotal.com tcp
US 34.54.88.138:443 www.virustotal.com udp
GB 142.250.187.195:443 www.recaptcha.net tcp
N/A 127.0.0.1:4444 tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 recaptcha.net udp
GB 216.58.204.67:443 recaptcha.net tcp
GB 216.58.204.67:443 recaptcha.net tcp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
GB 216.58.204.67:443 recaptcha.net udp
US 34.54.88.138:443 www.virustotal.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
N/A 127.0.0.1:4444 tcp
GB 216.58.204.67:443 recaptcha.net udp
N/A 127.0.0.1:4444 tcp
GB 142.250.200.19:443 bigfiles.virustotal.com tcp
GB 142.250.200.19:443 bigfiles.virustotal.com tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.31.94:443 beacons.gcp.gvt2.com tcp
US 142.250.31.94:443 beacons.gcp.gvt2.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
US 142.250.31.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 games.roblox.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 2.18.190.180:443 tr.rbxcdn.com tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
GB 142.250.179.228:443 www.google.com udp
GB 216.58.204.67:443 recaptcha.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.202:443 ogads-pa.googleapis.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 172.217.16.238:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn1.gstatic.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com tcp
GB 172.217.169.14:443 play.google.com udp
GB 216.58.212.206:443 www.youtube.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.230:443 static.doubleclick.net tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
GB 172.217.169.14:443 play.google.com tcp
GB 172.217.169.14:443 play.google.com tcp
N/A 127.0.0.1:4444 tcp
GB 2.18.66.73:443 tcp
GB 95.100.153.157:443 www.bing.com tcp
US 52.113.196.254:443 teams-ring.msedge.net tcp
N/A 127.0.0.1:4444 tcp

Files

\??\pipe\crashpad_1712_GJUTRUEAJEUKLVRG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir1712_576380202\614c4a14-185d-48ee-8acd-e2dd803ee57e.tmp

MD5 eae462c55eba847a1a8b58e58976b253
SHA1 4d7c9d59d6ae64eb852bd60b48c161125c820673
SHA256 ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad
SHA512 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

C:\Users\Admin\AppData\Local\Temp\scoped_dir1712_576380202\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 3502659ff5100b8b70ecfd0c739972a7
SHA1 93bbb36c71eff77af8246af2d76ad3cb87b0107e
SHA256 aaa5ca65bf413dfd1710075674ad8b7ad095eda120cbc9e05eeb9e1e5deb0ba4
SHA512 654badea26e3cbee0a03650a15369717bc6b2e8b745c0ec5e7ca070f5e87afaebc2ff3e917855df8119e5086eaa53eb8adc7edc6adc7778a6f732c80454866b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c326a2759a6d44aef92220ce9e6a05bc
SHA1 bf259b0008e36a62f16d0fd5ccf38b2a859beff8
SHA256 a73c50a135d66174b03b3362b5f62c1b8c19f0052babb3abb129e47665472588
SHA512 81aaa1188f64103a112ae2b7d545904381d61e0ba8aca6044ad2826945b4aaaa7f7119c12d873fde515613054c8349eaccbc08c583471f3a64dc576238d8cf0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e8469faf37933fb4bbde2fd71a121db
SHA1 3984c9e43e842b7fd939cdc4b44b67942185434a
SHA256 91a73889dcb589381226ccad265d551c4f086ff8e1742b7580d15b0866ef0952
SHA512 1d1bfbd598312c3f596ca06cdd509d0b5f7128248c2471825d558763c722565161c73f48c8bab33fcbafb9d35669bc1ddfb65c04bf8aa0ed7c09c2bbc486fd2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b29bc9e8c2e0ab7064f2e0c2aef617e5
SHA1 a7f0d91e19d9b28ebecc71a6ee9e6f21053879ec
SHA256 5481eace9eab3750eef37a2c248921cd940ee6ff827ee7e3553626598281a093
SHA512 5c780ad222f9ada31aa427d78da569b41039857e17aa8c8652a5b88cda89d62bc99127be55a2a9adde7a86b6376ac5f9b7aee23bcdddd06f69133f5e0ddba2a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 0b51d51a64645344d82484785e00b3dc
SHA1 fa3dccdc05939fdf6e2ff399fa6c7534ff9109ed
SHA256 37c698ff27ff508c27d0004d505219d3b6e0086129aed0dd23ba753d689bd8ed
SHA512 7cebef7a6cac29d0c0070d392b9a4d5cbb6895647d146a480398eef918cfa593458b86374bd86dbe30a43fab2555806dc226c1f7f7aebac1b7c0c823ab9daf62

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 60ff4fe15131b8a6d325fd6260132562
SHA1 397723a13ac5f47f4d552f4f59dc84f786ea5315
SHA256 57c801bd62afbb05e3467781a85ea141b13681eae1c442fbba3fa4e049439cfd
SHA512 fa1a1d0f37bcbe3e35a46bc70fd9dae86f3f6db862e5df6a1bc6dc7b88850d35b8f55fc7a0b681f05742ea5af2729ff3bea09a88666be5e254791602e9efe8dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2c25fa44993c394d0b175c31f8bac21
SHA1 1ba3c2655323cc3c0fde6019a2c2fdb56458c1fc
SHA256 1bb120d4c6149ef441366c06de14cedbb58e08369b3362470f119ecefb1dd845
SHA512 f68691864ee8d32059602aa2264eb98cdad38a7d98246216cadb45c81160f3bc6508285465a405ca3a39bcae28e172c1bdb7065d762d65a280eede57ed13806c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

MD5 9b7a2086392e7d158406daeee4ca1787
SHA1 1fbf9562dd3ceadbad665683daaedf291f361597
SHA256 5e4e3208d32fa78ca546ae2e9f2e2ecba82005be61854b5e0d75d46d73ba6cee
SHA512 3267a01a7bcc54a76911d7b28b8d3888ec5259b80d9a1d64ea1bbcdf7756c742d27f86d3ef5d21cd77a4e962c71d55b86705036cbf12e545dc731e9dcf051e4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9aeb7f4ebe1c6b69448715436473f72f
SHA1 d8894c26cc4b9d1e0279838843907c0636a38870
SHA256 d0922e55a661f7114c197276b7eea2bcbc2e2be22c6c1a067733797114bd2f97
SHA512 49f3520a850659efca96c265dc2ef45975ef3c98f35cbedb30aca5d1ba715d6fc2e751ead68e7e67f25fd959ae1f12b350091e8cd5270f13e8db46bba16ab7aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 123fad30b2094bdbde33c465dc476166
SHA1 857fa88d1c5ad4c413edb2d6185e2fe77e378aa1
SHA256 8e303bd53994cb98a9bf38ab9e5777bbaf863b1c1f6ddfbd11c73bf92465ef84
SHA512 eac97bc30554350040647f1027d08f0b8f6928f219ee03ea6df81a5c895e66e2faf50f8a09d622708f97b6b418e9dfc504757158d8e8450ef6aced5b9dff231f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f54f5b3d5873d005d385d70a55c07ac6
SHA1 2d524b87718cd9993081035d66ef9bf2d878d221
SHA256 7fad68bc0674338d23b4d194fbca7d1bc9e6711b4ec4e123655e445d5fdd78ce
SHA512 5bda8e17814a391b5eab8b83a8ce2907e3561c17726dd2dc496dee3581c39040a236c543bdd28702fba362e229c06069deedcf0d0202017878a84223d6da174a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e330b2e4524df3ed35837e06e760693
SHA1 c1a9931739dea521b7b3ae025e93e080d484f677
SHA256 1988c2ce9194a137dea95d045ff93a40ed54dfbcded1680472e30d0bf19eee50
SHA512 f563335b2c010a2743ba9e7cd44d18813327d1a3a5394c2314195dc769ccfdb4e6c19e865809378e0844fa0c16fbffd3a7c977cde967476aa4552417e672021c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4de18989d7244824e842a63e2502c706
SHA1 1d5cc68d767c65fa99edba2d3c21e117cf30de27
SHA256 b91ef03de17a91c1ef9b26971aa958c5050bf6152d38825eee41e3e48a54ddae
SHA512 9fe59a36295783e72d91011857dbfe6002e3e60d355aa57343c021ff738e4c786d973a08c3ac1c3af3d4314098d93e9c1c00569ad7fb6b0caf94cfd0d9de6eef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26869d1dd00afa39da81c567e737ac9b
SHA1 180c0eb3ee47ed1b496116f356995111bed5bae2
SHA256 31dfeb80f5b3b929166dd8c721f19aa72d3a713da9a8db110cff486cb2549e8f
SHA512 04ea56e0e12203e15ce29331172e4073919a73293fcec06867634ea800247c3c7e548279169cfd0975386bc4dfd79263a52761a51fbb3c150c0e26b8170647f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c90e88a808884e3d16c4cb4804f6e4b0
SHA1 04ff39ebf382346c0026267267e767025ff1d0c1
SHA256 e00ec52418210591fe0220d245b0b1bdc9eca2cf6acb8d9c3295b914144a63cb
SHA512 be52095df4eec14885f5e0e8ca16a038a50b22f75c12de8ca8e112082ec207f7d761cbc39f2541b6271876e5ee2e46ad8706978080bfa86053551349c6e740c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 12d8b0319546b3301fe0444ed743bbb6
SHA1 d5af94d08e33a87cb0fb5ac250674e2dcabafc16
SHA256 208f3d02c24fe7ccf8fd03e3b7097473e9fa478a9becaab7ab50125c5932bb17
SHA512 d0b2e95d27bc8e1ce6cc89fed0b092a0610e070bbc5a2e59805f5a37327e5a4dee682feaf2d52aa8eb6e3dbfc01167ff2575ce20bf6c702fa9feaffcd14fff21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7ed3406a933e89ee593dd42ace9066cf
SHA1 85f237c641eac681eee0d0a2f2c8285f7e3e3e23
SHA256 545a6399c632b7eac3b68210fa835247cb99093718e20379b9819aaa9ecb399c
SHA512 1135aebd4d8145d1dde7bce090982513e28bd3861b7d315fb4b8c2283688447ce42d633ef5b97fae6741cf5deb5f2fd82ad9966e1afefc8bfc8102aa6c034a5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8402617c973c13906dc367f14a0b106d
SHA1 132b752c09ab7b5b13146cd2f7b94f91bf6c9d9a
SHA256 338ece2c896aa17112e39d3fbe3cea868a85de6c6f2dc4ade7c55acb99c8e455
SHA512 a3a0cfc78f4c23fbef584ac6a78f4e07038d9e251a9b6cef41f72ebe3698d94bccc3bd65e1ff7d95cc0f5522b26aa87587d57148c2dea2c59caae237e74ce342

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f85bb3c004b4395422353d77c0ae04b2
SHA1 77f139957c2f47d274ac2fbee11d036cc625fdde
SHA256 9226073bd4c14794553911d79160d6c4f40a6a5189a6adaf2119bef36a26ae92
SHA512 73e15feac3972f77c49736f28ebc5c5d24abde1ed03bd7c773c5faf47a39a0ca290caa57e931862133ad05b32c7b1359bda5ccc87728462cf2db3560ecb38da0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9db668a6ccede25ccee1011695b5aee7
SHA1 76216f12fc8b79d05a9e7b8ec7b54aa1939a6694
SHA256 55cf462d17d2ad2ae0d92c281e1553a2043f29a6a56897ab701dea817ff7fd2e
SHA512 316d3dda1195969c4375e4aafcf2f1443d7916b350aa293f5f43a4e1843c7c533402287333a7d64ae54e1ad296c57b8c48d81cd6b7743649fa247d2a9e00cc07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f24f79ad8772ac0e6e295774afffd39d
SHA1 14cb6c93d9b70b98dd65536f891ff9b2a8634dde
SHA256 5e8d03c23750b809a64c439d13144ae5b9451e85af7c4c85059b05e25350013f
SHA512 ab58af9489213b71fbfec76b245c9543b94f36d37f39a76f74a88117c7a5af2495c2e3df2f2c21af80e9c4b1c930e2e678ad9647e75beca66b2474f30aac171a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e350a15efca518746cc8655853174f4f
SHA1 17a9bb13cbf1fb45c528a22811f23819703ae155
SHA256 b61b77158236d8aa0037677ca1eb6f0cc075fca72fbd4b5d6ccbe8b533321302
SHA512 7de155e738c3a83003028f519904817e6f36758c4d535817a388a3a71f5350ac138f248b949f413c3a349b6c45e2b75d56b1d9741075b217e8c398f9de6995a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6686795d48774cca77f5f978cc6ac98a
SHA1 86175719260d3d99cda48d9bc3a67531ff8fb6c9
SHA256 1b05acdbb689ec82db2328001f2297cb1fe2e017950359eaaf177601f4cec1d2
SHA512 d21df2da9bea0f4973449b90246f1406db66c0281ba88f3dd49c7213a661939ea26950e0fde086af7b6ad5fa76063819c417e54bf344ff9e518033c5c0b4cd3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 280de97ab5d158aecf33dbf4068e9e46
SHA1 5d2392d02ac4732ee06629a85758e08337cc4887
SHA256 33bba40f82620694b5209cc8aaae59845528a89a67f60f0321bf25f3c6685ec0
SHA512 2ae24eef2eeed254aefcb58b4b99a16d6391282ed113955c382b5bd444856c312ba1524751a9a643c78d23438e5bd2f0c79ab70aa49f8faf7b95065b70c84cc0

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fcd669478d28af04ae7ed08141ac93a9
SHA1 a834545c11442bcabf63c0ae9bcb33dbccba39d6
SHA256 7291b351abba410a9d801149ea24a47e5f14fa2ed6da5076cf480687b8923853
SHA512 d494be5985fe9052e881daaee034e612c10e51c206ffe4ce543df36a4437993a563a6496ec8f9eeb25485791c5dfefb8337d9e9228503833078ebfbde5033327

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d7321e46a61f1b4c94d444fa630b8f5
SHA1 f9c12c038524088820c2ef743f8ddacdd87cd8a4
SHA256 5a2c37674d855f9e775f8b7c739db9ce63c58acc4c9641714bdca088918149e2
SHA512 4d40b0ee10d622905b1b0701de65a64a6c2ef8693cfef6f0e3b048f6d0bbbc6dbb994fd93cecfa4ac167a24ad80cf40e5b8707f6f0762b82e3f78ad712cdba3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d82f1c9c7248f0b228471dbe673fbcad
SHA1 7912c13653a9a8303a6f505e9ce9f47566de507e
SHA256 77c9b7b694b69414bcfe662a5e48b1c65de8a1682a71b2839f42e637a6a475b3
SHA512 5cf47bff772f07b11d7e83c7d91fe670841cff9d09407c1faf90ab16f3d11d1d43ee9f892f4cd1ca2b130819bfbe7043e604fb0476b5ceb9d9dc021c837e2d99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 07457a9aeea964cc1c872ee3bacf7175
SHA1 2c5525e9969cfd7ce6e2bb92f2c92da982bade71
SHA256 0f5ef66edc46f2d1cec453c39da7438be406a66bda261f1e9e6462aa0c0ed3c1
SHA512 b961db0f7ab5dc59e723cc0e1654506ecd66e8f2276a165a8a9f37b4884e7c9f5aaeca724e79933cd991f6f3f1d2d00aac209c451a62cb039829802057f59d0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

MD5 bfef1c88c7a2462d08b6930531953552
SHA1 6392a0f160eb73330bebd4c324535445e0783231
SHA256 5bb0ddc5e9112db6992a4eb1252b36b666ca8de22aa5d09b1d083794f2acef4b
SHA512 339ddb4c82a5456623c9ec0bf2574b22d7e98f9b2002d5d9616197dbac6a76742e146ec77e8d3aa8caa3c6178125bea0d9ec57324b28dd52e778055a4eee204f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c651a077afad7b86b2faa14303beeea
SHA1 5383179fd8455a6cd12523ac8c011d9973988a86
SHA256 859eb2906dadb4c0e1c5c451a1d2d8365af2896727051f63eb97748c35b847d0
SHA512 5008b37754ad407bccaf4a3ba3b31ff78cb1790269ef2c5dba41029c8af5c148bbde4ee19e5e5b274ae7b79c8bf5fcc364b2dc1fc58d6d7903af1bb59526091b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00013f

MD5 588ee33c26fe83cb97ca65e3c66b2e87
SHA1 842429b803132c3e7827af42fe4dc7a66e736b37
SHA256 bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA512 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bf9ed2d0768daf81569250b3773c6ba4
SHA1 fa961092a77d0b104703b9d077a7a156a42a488b
SHA256 ce59c9f1da3d512051b030d68d8d23c57eda353fbb77fdc48606a99223c389ae
SHA512 8fc5890d8a7ad8d139f33258c1f29d97db60334152b91007136236ea736b85ec1466db6a67bcd74157c46909b69456794c2c597a42aff12db6f3a3392b431915

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a55842fc7f99628134bb180522291a9c
SHA1 786b1d256b2ab4d97d79e8889c4f140622b905da
SHA256 bcb3352e8fa8f651f161a17274be8ea630c8a19c4c7816fb3a7b873d7cf49346
SHA512 05ef9e1b57c84881bec8acfd40d66ea48f2d8074b05ea511b535b5b82ee9eee2318dbb35922ad2f954850514c575c8e8ce35bd7d89869301b11cbdc58af1fdf4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 500d847371440caa811731d21f0bc1f7
SHA1 9e1c369a2803f7fecbe91a4d8c0d2e99f5052c95
SHA256 cfa943b3455a20e368f2f2e1c0fcf40c870c55e66f9500952712c26257d731ce
SHA512 f02cb4bb66dd0a9c3d41c322582bbfa380e1ecdcbd9aa2cbc7c69b5cf435dec323c8c35d419b04a827dc38db969f3626fc795a12125fe9115654284d92fa5477

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9b37aad2be197745844055f7499455ca
SHA1 b240b54819be8e907b80d7ce48b11008eca429d7
SHA256 0e2551c758ff884c6c97d4fcd60d702d92b8d019c808ab03d81821b128e863a4
SHA512 80318831bcf72eb065ecab7ba1e1d713e09b3b7888847a3b67f30f404b297e59850f419a9e9e5200e0bdc21d277832be9f4feecd6cfc990e75409f6a23060092

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000143

MD5 ce7b262351203b245322fe75044fb61e
SHA1 46fc201fa3a9a56cb91f3a08f4a380f6d2283e0a
SHA256 4d374f815118157d4ec62c285937df74fec28c75d9eec110f48d3e04cb321ba8
SHA512 0af2f8fa0171107ca26b73d1eeed9599c0b67953e163441bf65dc3a5bae5c9aa82bdcc54255996e8d1d472db1b09ba3286859d595619f1706a8e61c464081dff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dfab3b92d38d609a4468263a362f0da6
SHA1 4b389919381820ed27d67b51d27e7acfb4946499
SHA256 a58823b826c617169bc32b4893f1be53b89e852b1cffa6d7fdce710afa5a5f8e
SHA512 5f600ebfa882395202a9da7910bf077aee27469770bfe0adff2a25098cd22bf6cea7b009ae5fb127350b91ad4832b4c79d8c0bd95d6549c3c7a5f280957743a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b183834d609dbc24f4119d525152891d
SHA1 4e4e0808256ad56208b61336f115de3d6367f4ef
SHA256 c624a7974c7b46536902b2dd1a65a304e2227a5197117205f36c7268496448a7
SHA512 c0350d9086cd679194af6cf0d7e73a77f509aea70b892880605f65fcc5f1596e228c6a2e9cfce05db036655aeb53419905a9be17556f9e44a1b69cefe1ce2799

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_nnpjd.truthwasisadl.org_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3264e6f20601855cd6ae94c0b88f2980
SHA1 eb2941be2f2704580dec8facb0ed4ea19309a943
SHA256 2466926fb6be1cbf2e69dfb32af2983ef6d64fbffd9f1927e9e31f8f0683298f
SHA512 34a4f1ef6f0a75a99bcb0e971e122a63ba51c3d3f818ab46d38c3cdbc9b7f6e7001f91652a33338991a405a0d6fca5e2ca11a9e6da9fcd2eaa63d4bf4a148bc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 48f4b4a79ee4e97957fa9263ce0c4a83
SHA1 46f8c355e6360d4b6222af60d2717d38eace514e
SHA256 14e3f07b66c8a571dad787481b8e6b953ddf26b4e9ed0f16b314f881dfdaae14
SHA512 79761d595ff8f785b899b69ed9118466cad6b6acbf57498995f5f9a011f751e984717e1eb993508c20573248c0f6b768d1e9e217698ceaad0d8e84fc0bbcaf57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 98be2d1c27e7ee312f1247c1a45e6e73
SHA1 9e9dada5912dc42ffb1cecd72c43948a7ee5050b
SHA256 d16deef949a55623907c4178434e450e252c75ed099e74c7b2fa9cbd550b7ac2
SHA512 3cb793bb75d0ddcd2858b6f16755af805b85d75a2e0857fce412744d90a90efbeb4b527d6a55c718077ec6cad0fca819c634484127f24836bf85569467d98ed8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2c270f7e6e8e324341d4fa8add3cac17
SHA1 7ed7acd4a1b82f210818dc1f6ce8806660bfd452
SHA256 c07c84e1c3a8b2ab96682430a370afcef1b82d2936bc4f533fe4ef35bcd85b3b
SHA512 e2b7720f9a8dccabf272eda9eb8ef4745b9541b45d8fbf46c62a4dfdd7bd907234d203f5eb9af5e7ae6c69fbde231ce0406ed330570f5278691fc6afccf1c75b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 66285bf72630b1145fa0b7d9d5e53101
SHA1 3c0a2134af3707738ffa87d4a293ce4a780ee5b8
SHA256 86c3e491a12ebc4c531ffeea2764d51907a797e920ee19dd7a9bbe46c91bfd48
SHA512 c54e1fb4a13ca1fee65a327339df736c8b736d2cd013240bcdaf256205d32a0a3cd959de844ca8c1c4b5efc5876215c3c762b72ed3fa891c558c070d29b4767c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a4ac176a043390b145b482d97a71a7b3
SHA1 3eb1951c84cfdbecb081248fe5802578d380098e
SHA256 f3109267ebb76ce0df9c09964cbb3e0d2bf246cf735416055bf9042ad3e9e782
SHA512 b45b15ac883871fd022a5e285dd663c18795028e4d37569d7554e2d19fd071bbc61a6df934ac02a918470f672f7f748516adf8b0f36375cbaa7ec1332a87aa9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5ce4d9b6feca9d4274861c01657f357a
SHA1 efc87ac4b960377885f3b33ab4f6b0b7a4568207
SHA256 c138a7691f53d5dd7a7f8423ea31d0a428d0f8480238081a8250eb7ce35e4d6e
SHA512 0c30cc8799afd51288f4945fbafb405268a967354c3d427766fc13706147632d9b515f9c4be3ef4fb5dab5b7fc1b0a4f2090e53c1d47526c57ab599053d57dda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 55d772269004b65f518ecf13ceae8fc6
SHA1 d011cb1fb6cd5328b4f78edadcef5208c503b56d
SHA256 03d5beac13ef63f9d4633eb8e98d8ae54d4b8b268f44902a63c95dd77b5435aa
SHA512 dbbe79dfa0604b61aff9c61018f7ceaf55828a777c1e726362945971f5d6fdb856a059f150246f612990bbd5ce7e55bde354472cd330b1c830701fbf8d71b2eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6957f3fab6c2b018d71c2cbbaec3440
SHA1 0e271de3f1c81011c6affe251302be435ef8368f
SHA256 c7f1559cbca79ca2052068147ba3033c89ed4f4c99d5d76c94d079546a37af82
SHA512 79eb18c176a3cfaf9f4b1b54f3201ed71fe2329564dabdf3784873065a3915c5045a018156fb8585f95b3e6528418b9315703a93704432eb0ab0cca54623b511

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e547d438cf6dd0c82fbdfcda46dbd149
SHA1 3a066e7b9b86bfbe4e9769ba3e48f3d9b0018961
SHA256 7e8f1e81e78243f78007271e35460bab41460b3a9cf1f3f09594d0620f5dcfef
SHA512 f22881ba8f84358fe3a965ee21adbf0179eb52a828816c099254e7b50e1fad750667485b2b64a38237a9bd6b8de14295163adfee648d66e9a10832571e0069fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae8403826ef489d38201bd8a0badbe33
SHA1 7af19a3dc5c05af5da200546f3cb34e83c1a84f9
SHA256 af6a1df00d14ba1ca128d5a1f85afba8be73fc7930366e9e448a9dbe5e1aabd9
SHA512 ded667ae31b490fc09481e4b16cc0fa1646c6b514e74b234f9b4bf8728584d3a354088390b18e0a12d0396de932b3bc10e356433f96891abb02b806a967896fa

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 c9bcf62c3583c83bd89b539453ec5379
SHA1 205ec3512eb1814a49aab4c5532bb36b4bb9625b
SHA256 b255ee3805deddb25cd1a56eeb6386b38761ab0fb53dc58f83e974dc04ab5a64
SHA512 769479f4a0f1d75abdafaaa2ccb8ccfce1deb9861f1e49e8831d5ff315772f68e638eb8f57b5425a9cc0df0ad97260a4890eb9d4dda1f4f320a1cd599c5df9df

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 5c9bb89b67c7389392ec947daf3a44cd
SHA1 a78b71a768edb1bf0849b57afe8eb54322b2ea2f
SHA256 b60cef2c824abc2cf871f3ae9089e966927ff07282167d0bc89c38351d95db60
SHA512 60d30dc3de4f0b8e1302bab0a004d8b593c8c4700927d3aea8624c3d773d163169dc9b46569b6657019bd90e521c9f18c814c98f143a7f9278cb39d123b7e5df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 54d28c288988e5724a3e0567138e6f23
SHA1 432b320ca74d9387b8e806016f29e3792f583f88
SHA256 b5fcdad968e5b4310dac16fc3d235839311c7d821caaa04e9840cafc0bc4c4bb
SHA512 2680dbc3a24beb4c96fce43827c824a73c1cac02b94c117781679ef811392050d5471f66d4c984230eea1d13b2a61d337777a2d0ca7e3de793827068f5152233

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5d3e03b28a2bfc60deb1b81232b7bfc3
SHA1 c740eef04fb0c96e66a55a2edf7909423a8fadb9
SHA256 29835499ccd9cd693d83bf034d6be5cd8f1b6f169581fe82ffbd005e8252ca50
SHA512 c1fe86731d10571f5fe6474097d2943b12edf772a53872f9f9726241ce9d9a52aca629acc34f3ae0344b3369df33ecb22942a666a0511e7591aff655f415d16a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 758700e596c02699fe173e4cd4fd76da
SHA1 897e3996c306980513277a84541b8a78243ff8e0
SHA256 2cd1ab053c2b9c0a81322702f64f0cfa85118905aaf48aacf17bbb917b69256c
SHA512 281609f8943261c85444042b218714df2e57cb103647ad9cd2a4d3a89f92dd4cdf7f795cd85fff542745da6a0b4156a1612bf82a6df323ebe12128d9133199d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f7ae7784d64e7200b363cf07de2db3be
SHA1 283872a7ed5f397f9694f077dde20dc5fe18bd99
SHA256 1f5e78b073f5f02c0d737949df4ce8856b5858fe83bc7761b27b755566d359aa
SHA512 952fd096ef980b1a528334034c898ad5c5fc092733a5f6936653969aa5aecdf863f4fe2b3f379bdb4c7fdcc10bef5508c4872f19ca1f57046f21423f7cfc436a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f6e2024086399a1f61031e72356d046d
SHA1 e09120fe7bd0df0b8e64e6d7bb42ddd0ce07cbce
SHA256 54e03bd32d7d56640a853f7f465a7e9f45a01764353fb6457e689b984d58e355
SHA512 61ca4123f6f3f9a73bfc41c844efa73633dfc06b844d8637f006835cd0613d4b524da65175d3ad22582930a0e6fd1cbf52afa1996447aab535a7f83ee09956d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a9fd0326b990fc3e9346bc435adf531
SHA1 c8c1c7e4ebd254e374c8ebef48f04b071c45d806
SHA256 ab078e63ba4f8e90ada9dab5b66716c38aa9a3fc4310bc9291a36d1c69d74ac1
SHA512 c89b2f6856cdc1cdc3e7c7fd3963e0848b6cbf9f5f0cda60d3cf0f555c3b854fe95aa0b65a252ec8cdad0864e3112be21d007c37be9c7c6e5154cb227dbff39e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fa1c966e0fe0d4e5184cd6d05e4ece74
SHA1 9735b36700d7f6a16673127400c1b3039d58f694
SHA256 82d3df0f71f8e913f248afe57f5eba867d6fabb434a2440ad75170a5395ef1c8
SHA512 755f54a9215b14a3ea0e424477df6aafaa669c2842b964068030c984543c147368aea033d276463dbd17556592d994c5faeb3a2c5445a4ad3460c653695bd5bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1e93cf467e4730dbfaa99ee5d035f890
SHA1 d9aad45a7b76ecdf8babf195382406740a3e962f
SHA256 a9a486d074a344c10edd4e7be0fd670bc4ec437b79c94d563886498f80c50e44
SHA512 d843c61f225456c7c5316ec93221c373f03f8553c1fbdb4034338123901615c92163539edb43f1eebda15954ab683df9527cee5731832cfda95e29aaa8ab4824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c8a94.TMP

MD5 a261d185bb9d0a8d7b975b0805b422b1
SHA1 4d46b66b3002e87e18432831b180049092c7c989
SHA256 ea14cf4ca9fd61b2db2f9b38cdabb6bd9fefaab55ef46b35ac4b85ab580b9a17
SHA512 ea901e7b7805216c262a5955d196806b75fed3dad6bd75285d1689dde0e24ccc84446ccb79cf6f5f9744c257a6e5a2a78dbf181a70dadb3d2464cbfe0ff8609a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1712_1405460930\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 206fd9669027c437a36fbf7d73657db7
SHA1 8dee68de4deac72e86bbb28b8e5a915df3b5f3a5
SHA256 0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18
SHA512 2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1712_1405460930\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 529a0ad2f85dff6370e98e206ecb6ef9
SHA1 7a4ff97f02962afeca94f1815168f41ba54b0691
SHA256 31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6
SHA512 d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\79d5c483-c638-4c09-a983-99760f50495e\index-dir\the-real-index

MD5 f07f62ad37ed73bc87f19d98ce43f2a5
SHA1 3925d4627c661186cec791e63332fb34897bb862
SHA256 fa59bf6432c30b129de3ad13c296bb17d9864b714c2b36ee69ff4d93d4d3ed93
SHA512 73ef7744dbdb7c1c7ca66f3d0d6bf744699756c5f35385abebdcf43a7bc4ad319c79c577a1a6332201fc337b2b7a47110e18039959346dc5ba092d0393b260f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\79d5c483-c638-4c09-a983-99760f50495e\index-dir\the-real-index~RFe5c9d8f.TMP

MD5 17e4b412297b29ba186d19a56e222edf
SHA1 eba7f4ebf5030381b94a9e09902298ef600ba667
SHA256 4c0e10d268f5b97bae5ea58e22b2094495354967b4d406d5486875dd2314b4be
SHA512 1412d9c582a5ecf5cd2e509a473c808edcd7cc86acbfe66c5c061ef854757d034c0a25543b82add7961006a749887f8da24a8eacf48bb6f086c3163216f95915

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7f84d16401f74079ead5c770d5cb7b6f
SHA1 de2998ddb76fe469057f69f1e52c360a844c2828
SHA256 2b0d3d70bd1b574211e8d27d3898269bbb750c5247904d9ceb25cf1060fb32ab
SHA512 65c943817497e91b17fd5f8ee244e4a250231967cf5e9d9807f3104cd773ed9ed8f032d9979e11ab3107cee0edc4de3ba865462742b0c3e0533dea8a26436a8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4d2c5a5280560e7ae9275692328cd068
SHA1 c9dc06a886b7d41531b6808fab10685fc4ac5c53
SHA256 cabbabcf8062e7c199c9f2d7bcf74fb31847657795bd8b6c1b149ac3f8d89ace
SHA512 9e8068305aab73eab3c21c874819d95802bf892f6f7e40af62132f2c3ac5e902051dac01534cd478b30e8aaf87d8dd29e4f83dfb30e150895ae97a44d8dfe871

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ed5c8b8b12ef5c6e376060a6ff64b30e
SHA1 30e448b5c3f2bd46bd1d1835b4d493f7801d811e
SHA256 0452fbc511943f32f70b1f2a7335186134af70cc181f0d63e00aa9897f0b7068
SHA512 26e966f5f9077fd1e988b9f300cff1454b93c74e166049d1f6d8eeecc74fa61a4b67f1d74e1986d9fa2e90d5f8d9a50e632bbc7e655d0796a321fec8d8f9f452

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f4d0a9cdeda23e2edb5e7d27b590cb50
SHA1 8a22a0bf4173b8de629bff098f05344263669ecc
SHA256 e886fb776441417bdd8ca222fd8a9ca0089af519787cb53c67ea42bc6baef22a
SHA512 d6423ec0bcaad302af0e7b4eda63d83075a880aa8e92f0ecc27bc06180efc66fd337392a24ef14e7f7bbf86d3d9f3d6ed038eb9b2d77a4aec2ea06028c2f312a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 eb460ecd805de04e1861616bf6898acc
SHA1 c08fd85c6126d252bd2e4d59837ae7a661eebe12
SHA256 08c39b215f9bf3daaad4e8094424bc793d0f4d189ab1a11769966d4453a28065
SHA512 29a1b4d3b95fd4ad3549e90f266c56b56a0e226dc04cc881b91066f67479be7bdad002d8d068eba610a0f32913962e092d1d10e0783b4fe4b51ad2368c556b22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a8d15e92-6316-41ba-9bcd-3a74de75fbd5\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aa4a775268935ba500fdf5f1fbb30a80
SHA1 244abb2281210dc0e35d3d7468720f1dcdd77160
SHA256 0f0e56a6e143847224bb9704c32751828bfa6022d12e18e80720c775a7cc0a84
SHA512 0ca62cf9a78c3ae35b6f0f258e652c4bbc59e5f6aa39a9949fff39e4d4e22efe7135132897a5d115a1ff4c2110fd1bd92001bea902ff55d7932d1143a27893a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 680b515ec2e5d78e2146c69d50a53391
SHA1 bb1b43e2d47c2d6eed5afc11c547ce9495d489cb
SHA256 1443d43f83206a37667187b44a85b3c2655f90b6fbee7458a9c87c89f2fca240
SHA512 2344e827d4d7ea4a1c675d64851cb6aa7d3c777128a48fddd7c784b8bdab82bde2385a0e6e037b147f604f2e698eedbf933e521bc973d7c7b44ffc2af950b9a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 09ecc018ab6d59bc387f5742896a3762
SHA1 dcc450362fbc24a0ab777c4e31968eedecd31b92
SHA256 d238be83d0f6835e0a438691818cd8c8264c51c0e960992178f1d5764997a2d4
SHA512 93d7ad5f2ee0b56e2e7788e5f0e2d9f337fbcd384ea1ddfbdd4cfbb79a1e52fd1824ef3381814e078bb7c26aa3d99aa852abd8ee5636f30cd90cc36c7f24ef9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000151

MD5 d442ef17ce73023306fe98ad72c80aa2
SHA1 fc7baff30eb21d17a999105bb5ed99a570e7a944
SHA256 73be2999ffac3d8740d483276f4527fc3a55fdaabeaa298465d715a27c896aa7
SHA512 2ea168bf3c620f9a4eed102fbe516d9c163789ce4baf24fadaf1a9c57c2bc4dc9983922bce36e581c654d60d664c9f8e2c04ba1b6cb0e3803a6e1fd467ff6f40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000157

MD5 466220195d9c7c71105dbbce6224a141
SHA1 0c405614e479174403b3afd4afce93e3de622f09
SHA256 b4d8ebf801d2b079c0abfe07b8bcfd2987a0091a86e62ced9dbca7c883f34610
SHA512 ec5493829b7004aa19a13e8acf7ba5ed51788ed24dc731732066cc7f9b664d2c4514368028fc4ea4571eb6ea3c80479f512e1eae0834cd27161a822316829372

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000156

MD5 5dbebec0f701639844a7bfbc08f93457
SHA1 e1f6bc191e9635a99f902477cbb46d7b45a667f2
SHA256 73c12f9823742899d7c27bd24bd4dc2ea8db4f7d2e96e9a161983f5d09b6c6a4
SHA512 d3f15f7db61adbb3c63b576389bb7650cef7380d3b03f712c3b363076cce8bf3791ed8907161c5f5097f84beb4e19f15d761340355be4514bd94fbdff6eadc7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000155

MD5 c4b3d2cbb5080623d47cbb6fbbc3dd9a
SHA1 732afdd5262a1a34165224c7cc0335aeaa6a856e
SHA256 aff7c8d2c603f5035e272b04e70c6d436ff84a06a7276506484514b85f0e1d8c
SHA512 a71900125e8dfdaa25282c29f2683b0bef4b0fca8b692b42329d0f7f0adac45366c64dd99f69c495b0e8d7fffb214f2727379a02c69c9178a487d843ffaa411b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fc19f7428fc0d819e9647fca479a351a
SHA1 bd0f7874c58a4ac0482f98b4c27024fef26ddb8b
SHA256 bae8fa7ae57b231900c674dd5355cef4ac00232c5658f09909a8f085541b0bbe
SHA512 f9712694b928abd8a40fb2b8881045f942af94477c906e4a78f3afdee61081f0ade04dd5a8f1a3313f2182b0851ba26654a7bf78ca3c1749a03a54c726a62a0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0e4738c6434bbdfa260ae64461eaa55a
SHA1 176bc0926d48d50786bf87f7184579ea357614e5
SHA256 518c85883fa4c6af7b79c2096f6551cb59984a224709f71a597e99db3e9f6a0b
SHA512 3b908d36cb977f3ee0324fc18399447b1c186c9f7d7bde363d98986e11c3b1dd96f2b681ea24d456a24bed7a9cf481924e9c887885791c646617c6b2311fba7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 4b3e40af35cec962e2c0ad40f12c224b
SHA1 800ddce8e80c4001962e218dd04b7ea94942bee9
SHA256 8149bea39b086b28f6f416155877a8bea4e01d3dc70c06ab8dbacf781c92b0a3
SHA512 23a26996943c977a28a8a877d770a737642f689f7ad0e94c9e84a234aa1cbc746c36b5a7a3ad365882ef76c4f1b981d116beff2053341b1d50ac7860ce51ee52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b44d5d555c353f131896f4054a2fb14f
SHA1 2fcb25d087aeb227462ad40b8fbab6f8689d303f
SHA256 27e8fb9c3c7ddf1bec57f00eb19aa3588da44c1d9620d67515ec234535828287
SHA512 2de4099634718a4f6180c9a02d0c1193c1cd7c914d7aaaf478e116e1d5a0c2518e68cc7895f6b506c48cdc8aea08635e6f2bb00da3e61426004a3310072333eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f19f89f6-b118-47d7-9dda-5f01fb632d7c\index-dir\the-real-index

MD5 55bf1ae2e692261e968a21b1cfa1e88a
SHA1 65b3dca92e584f48fc6cdc9461830bc44d1e2d65
SHA256 0902445403463b6dfcb54fd3edb61c7708559a642877c6b813ae4315d7c9e91f
SHA512 638e0b3911184f34397194d0c8cf8cdba6fb613cfe0f3fb4de26eacd2473f9faa08be8691b7d0ebc55400e1d3dcb03976e6da5147d07f8b705fac3116b3b84f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f19f89f6-b118-47d7-9dda-5f01fb632d7c\index-dir\the-real-index~RFe5cfc3a.TMP

MD5 5031d4dbf43ba90d3bc9c51c7e7ee1c4
SHA1 0b93e2ca8f60c06d5d546e6786dc53c408c2f688
SHA256 f098c465ca85cee88cfda821e1e1038ba30e58d82796e18d85cb42c986464c8b
SHA512 c13aed20c4f382b4e7b641152131e4412539d785aebe6ca560273c8731eae91d2acea1398260dcbff2c5aa666c8a7a187604a332320026d728c8dd39bd9fc8ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b4a35e77-90e3-4865-b1da-f03d857c557b\index-dir\the-real-index

MD5 4f96e69b0800b05000e435471776fe8a
SHA1 e508ab85f2693e23c5292ce1c7d02c2a3eb928da
SHA256 f00c1f7fa5524414ba3186360bb77f6572b63b71bde8b4b36fe4a77ba22ca053
SHA512 46a34a8e343ff71f668a4ad62c38c9b4a8282d2e446c018aa6c8fef93e77f2df0dbe368354ac79efd89bf18b7796283959524e61c3f04628b0e9c112e35e770a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b4a35e77-90e3-4865-b1da-f03d857c557b\index-dir\the-real-index~RFe5d01e7.TMP

MD5 0a4fc29872c2b800a7a139ed127b3c3b
SHA1 f2ff517f8cd8209a4eeee036b3111e0391671191
SHA256 29fd8648ddbb3f1ced52d5e01e71a8ac5a88b1e99e7faad96568fe079f98bea3
SHA512 9c0ffb921d43f68986084872c54cc3e8eb72e5018a25b4e51537ce17c1201d9ff591af42df538511525cc5b6ca8565e4eb4880ce9ff380f1fe62b04a6c8e972c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7ef33581bdff2ce1b8b5b5795f42bc80
SHA1 3353d284e502a3079a5ea0b90f07b17aede951bd
SHA256 34b6b02c31354bd80dda024024e65c581bfafbc14c71f1c2c4262c2da7ae179c
SHA512 9a8fb142e6909b879648b5b8fdef2f581fde561619e6329951e6b3b4730b8e6f6238eeb0e47c611ec5e00a0129af15adafc86c70723af519c702e6c3b49b41e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8783b6b42eb0d460deb4872eba443ba5
SHA1 37f3d6143e4b50bf5bc33bf9aca658bf36a0d0ec
SHA256 3fc26d863f64a85e8575fbad06658bb9cfadb0baa33df8b483cc989dba4530cf
SHA512 dcb0e3a011a9d5724ec7f13e5a3d110677aa58c43cd5df21123abaf7359150e7ecf53d8668e4f8b22589f30950c7c57543d0283013e95cdf78ad2c503e821e38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b67454fea1dc9512c623bddbc205e5ce
SHA1 a481c2f058d549798dc3d7dd05850030dd951515
SHA256 25fce238b85fad8393070986aad639ec01fd399abec8d87f35eefbe845bc5c62
SHA512 1cfc4739a9801a35d9d04b6fb94d9e215db3056bd77d78cff71f603f8f074a5594425261490ccaaac04e08ff1998e578dc246099e55223495281c7248a3dc78c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 30d654bdd45eb193506dd427e6219c20
SHA1 1cff7d07b5fba743264c05db2c14a85469b9d654
SHA256 fb7810850f9f5dba38fa777cbee570bcee01f0a4a545534562dbeea4dc938101
SHA512 03ee52954ef31fee810b0c0ab839f99bf6e8d35beae3073fe241a9383498f07882978ca2584671a69a6be28dd80735e5717722edc98077542757893e04abf1c3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 2fcd4a6ebeb715e5db49126955346fef
SHA1 2a93f5cf36c0a5f1f43cda0bae9da85e3f4e574e
SHA256 86817ca30619d7a8a87a81301aa06ee303ba0142c38ede7a51660a5e03574c6e
SHA512 f02c2c6f079ad0dd16f1ee4d94a13d901c9d8332ae1bec6ae735266d2967a63968c3800385901b1f2ad78f6e2731cd5c857e5837c75b878290a8b050fea0b32f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb91583b4b40c959d28a987544ee6212
SHA1 a6a7cbafa2f5a5426ce8f4ddb5f2c4b0ccaf47c3
SHA256 9151c0aa6b72b0925969bc314209e07f26f2e908229e81e1779dc0892f59f45f
SHA512 e131c20a62d03f3ed2af0b4ca856c5c95f32c7d76cb59bc2e5c54fc15384f93fc2b0c5facdc7647283186d9bda2ea9ad4f25ec655afc301deebd20f5c130a13d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1dfdf5ee4cd704544e0a38c7668519c7
SHA1 a2a6a8204cfc9e4985dddb236526a4c02cf0fd9f
SHA256 0071b6581758e1d58e481edca1ce571bdc0f89c433e4b5b5d72bf22101a3db75
SHA512 6e112466dffbdf281e4addf9c356ded3aacc781564412035b039148b0fcfa4159a02b5f8145d3cab7c311703e7ddb32a03086114ab2fcb02fbb7648139dcb9f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f064fc1434db88f567f6f755a04e0eac
SHA1 10a633446124296f9bfd9ce56649177520413381
SHA256 1433d8f5a98628a933f78f5f1bd791e3f6fc52d38f196541b7adb9d43e8cd73a
SHA512 b201f5cea8d0fbe0996422fb5d0a2efd96bc8acad7070e06cf6366e319287f348da27915806abefbbbdf0b8c7f2912b9d9a616041d594999e9268057f651a185

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 de8b37589a700a62ee01696d266cc646
SHA1 c66b94da42f107e5d58fcbd2028526fe4c135654
SHA256 fcfa328a8ec221117924fe1cc1292531daed230c881a524a9346dff176796d30
SHA512 ac08147faf8b022b84a43c8b8a51dfeb75cf6316919666459a111923bb47034a1b3a816e8b7d3e166fd8ad4538fb9fa71fe5f40604a34e6a4406d5067adc41c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 01003b713a1e41a63425a72042693b0d
SHA1 c362f5c722573ae273e83b401df524b7867f3055
SHA256 db9ee5af769674e8d673a394cf68076e8dfabb8eebfdab3991046ce243d5ab8c
SHA512 1d198bc7a9f7a6f65a04e9808755468d9859e8320483934aeab227e115fdeedce5b4218e5ebbccec2d1ef0fb590ef939a38931a7cf859244235453d28d4fa0fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2b661fa9d362803a8206c2f1a70b9657
SHA1 a07eab8130d9b2580598acadce7f9d93cd3aa907
SHA256 8cddfa0d4c1d5f4387d6c87fed9a3d31637ccf07c1e2dfa411531c5b89440245
SHA512 b9b1756e515bfd12f4882e59f9e7aef0085022fadae7de01617bd3665dad6f4e8bdf93ae30b5ad3d6c1ed9bc7f7e16fcfeaa0e21f890f8840c89fbb81fd432bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 be3119ac9dfab8cd59f9d3cd2b0eea1b
SHA1 a95731615d881f3391fde7c18e2af9e26d81022f
SHA256 821ceb1c945ba47338fef36f35208530d891ff2caed4e6fd78386731aed853a9
SHA512 91e7c314ae15382238a90651e11e3bc05561da94fe73ea123b4e3b3f4d1ce30c457afafb1ac6ccbc865599bdf097c9c5288cc23d45441f70d624363500b9f135

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 776a7070744b67de63e58e195ee4439a
SHA1 01eb4f61f0c579b872c209e7224913e486bfecb5
SHA256 a504daf1c3a6c1170589660ccdb6c37a95e329b56cf9d466f37c14f54969b223
SHA512 0f4ac3d10e5d8ee7ffe83a80e29d4231b98549b3858d2fe0f48fc858adf0bad1c54315b1863a1f519af0169f871df6445072871fbfca29834018759e75fa9e42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a773759705b65536e1fc5dd5b3df8ad
SHA1 d987b952f206d15c55244b569cb45e4c4199d712
SHA256 c80dfb9c1f70e3c080dc7c16fe3ca99ea1ef703bc4ae545f8b3b73ca7ff2f980
SHA512 14cb1199a8d644eb3debfa6274e258d3161451e877688fd4fb3eb9a8d1c4e3562bb38b5e88084004843e06def928f154489a55a20d2d3b9fed5b395825c0a3fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 301d34d6db69c91aab8ac31c0d8e22ee
SHA1 1dc1ee7b39c1247c031b82f4b4f6da81b534207b
SHA256 852951e33d6533c86d6dc032e45abed1d185aad3bc37b8b5ea3f6c79a3ac8364
SHA512 971fcf11fe49d9a7951d7b4d35886563c455df1dc482fce1f47564cadf8d446f2308671be25527d838f34b28c9960ca5331397d2c1c1993c4ff008418ffd1e1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5e3efb.TMP

MD5 a99ba5b30c3e605b0d92706446828003
SHA1 eb3b49d5843eb3ae60693acc9cf6bc6900b60979
SHA256 fcbeedc66d12a01a43021c65374ada3e9eb494ff24162b6cf30cb24a95f0084f
SHA512 d22998a391a2cbbf5e5e88a4b0f46bfe2fad0e2e23defd9a374335ba6c6a2d87a0256eba4bc7f4ccfae70422dc2bc6c124a0fff62134a74139ac332e66dd2115

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000177

MD5 efe5292e8d04d99caa4dcaa169330b6d
SHA1 11a8e64ea2570dde50e65eba825a2b3cf38e3961
SHA256 d1ad71461deb535b2147a9d5bed382b8c64c119218d8a17ef7f183632995513c
SHA512 f826c5d791d9fadcb7ce3e1d914cdcb5b0102882e1b8a4cc8667290c60944ba3c0941f05a25ac51b42185a0129e336c4ac17129cc54d0ca6def4648131685e36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00017a

MD5 a4ba4de058ee567b2f5328f90e4d79a5
SHA1 3875d9ab9a3bd87a229b4480750dc143fe3c0bba
SHA256 97dd4a875e1aabe81a329a1e1057dd8dd3a7906a85cff642a0ba6eb43c787318
SHA512 13adf3ee3d4afbd163947af42f5e2692f8218c1adea614ce1c71c3b11663ca17eb6e9669688aacf1556780ea119b23f6418a3f777d4cbcc277556a0b795f37b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\5\CacheStorage\index.txt

MD5 18f7172da27ffda8680876046bd6976c
SHA1 e68622f057938dc0db145eb084858c60f9abe45c
SHA256 c0c19ce5375bbf60b7ef8976bc0a9ca6dc62e23da2e9cbd7f00a43e46b4b3e5b
SHA512 b3aba20915831b3212a4004e3b3ad1559f2317df661691941e2e1be079e8b4dabf2a95fbd4ac9c451d3cb7fb87962a781ec6ed5f8842222fb310b8309f7c4370

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\5\CacheStorage\index.txt~RFe5e47a6.TMP

MD5 7f76bf7fde22b15d4fdf9fbfee6e18ae
SHA1 6ac6f6b46daaf5d16f3887e4eee6f14e9fd1e66c
SHA256 5afff7a5f8d92e98b6baf49f3873e588d74d885264c14699bb9f8c5ce4c1ba99
SHA512 199d7498798fa338afb8b8b48304cfca41936e5883f3bc3bd31ee986483cf72ade9f4302bfffcc66d9ff125fa44b86fb6c5c3840de84cb2cc80dcbd240206f8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00017d

MD5 b96aa6c4f86b475b0bb63c8461dc9a59
SHA1 874b70dcc07a936a8f2a16052f14cb49e6497af1
SHA256 c0b43631ea58a15f59e91517a936dd170e966b0e7f0eb12d682f4b8613d90f3d
SHA512 7aeef6732fd7850e987ea0fc763a70038c804d3bafc42c84c0864444a088887db5d06b89b58e863335c62c23bf742b2c9e76ad55659dbdd6d8f02c2e4723e6dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 18098abe67c07da8ba82a28c4f645264
SHA1 2a97539499c4cd3ad0225d9a42c711f2c26fbc7f
SHA256 dfdeb41bef53aae56766192b58232c13612ffeeb7fd0261956acca21d239f402
SHA512 8eb5efea4dc08b3bcba0cf06a6c183520d047570edb6984e0821bda40d90e61dd3ec1a5d54e906a33f4e7ec32d05ba1b8366330ea4e0da9f63ec8b7efb88e8e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7057cf92344d5b84f8148d53aedda719
SHA1 96bb0ab893ac6c62939e5f6d0a7bac917a6e756d
SHA256 3e5932a5d9f0a978447f506f6f4d2f6627f667959a1e6693290eb025fbcd1626
SHA512 994a4a0c3b0b5c0583e22aa48ebb344f8dadee60dd52f1a408e69963276373bb8488c54b1217a005c3c699e1afec834d65952ed34304ea0b9465791789244f69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0599ba4cd5124fb4419470d62938e975
SHA1 8d34eb5328238faaee7f8ba3a9f4ec9da2111e76
SHA256 f3bf1e8709cc91d64426bd76ef05cce856d13ba84ff4be6f9e333a4eef1fb4cb
SHA512 f3764ae07f8286230c4280a3acba731ad75e80c9dd015d683bcf9bed679609b7a9fc68c56a6e784048c88e864484c9e589f5c353634797db26c021d548acf97c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d71e3fdf0cb7dae2387dcf82d916f32
SHA1 550f48525f4e081b6e490595ddb2838d14937224
SHA256 50999fda81689b37446af90eb4158f59d9146fbd977eae80ce1fa695060acf6a
SHA512 94b80c36572cb147298eb298e5b4c6f5ce2e3515e88a88c440716d6f612c69e24d8b493a5ae35fb69ead074d3a44420707936193522e4d350884e3c6720d20f0

C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 603f36907563096fa71e8372824146b9
SHA1 e34d0ba7180e09251d0f0bd1aeb54792dab4b357
SHA256 f29b011c7d777e95933a76d9d416799126f95d1ece49931ef21e87356f0232ea
SHA512 4df28a7ac50223746128c6983f362febaa7672fd44d92968c44e23f037e970534191cbc1e35e2b24b9e0168ef8991df2115e40c2ae1bf26e327c97960b3d7a73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07217a84aed85ca16a59623aae44ab36
SHA1 9e518c1312a2c1ae110ddeecdd2d81fe28c26be2
SHA256 6b4930dd1a0b5d4eacb7d685a1755f151ef2f15af8b78ecd6dafbe35f2fd752f
SHA512 7f1b0e052de29e724c02b60a0493e2b2ff3b87267750b1ac0809c60ed01dc39f63b9127af23d1f39b7d7c9148111fa902ea10793b15a87c1eefb27d41cffde92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 429f004528cb5a70f4f02f643224ab83
SHA1 3927eb08908febf25306e3ff5bf347429ffb252c
SHA256 c79f2f9e3a84431f34f6f87ba8e4a3cdb119b33d9d756372d9dec6b6a9dca2d9
SHA512 f6d16da2dbccf509108b3962073a621482ea1f236b2262ed6a53e6abd4fa04a60b7d7d53da2e645c056de3bf3c57f72678fa3c9b4f3650f078ed6d48aa52d017

C:\Users\Admin\Downloads\RobloxPlayerInstaller-XYWQHGYD97.exe

MD5 6a43b83f9199b2b49c4379f7789bce65
SHA1 243b669c116d03e310f2d046dc607151ee17a39b
SHA256 a469adeb606f747e7834f807277b55992955c27659943a38fb97814dee0872e0
SHA512 b120b5bae21e02fd3945975bdb7c920ea45d45015991555f09abdb9311376f0617ef440620b5557a5c52f168ccbec418ca644771f1d91cd476e8dcdea26d969d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b0b52497285909bca7e462d7064a7d8c
SHA1 1844603d036c0ac669d27a3164a5d97f2aa733ba
SHA256 a207ea72eabdf1b5a92e8a596e7f2aade0be32c185e6a2512808b461cd0b8383
SHA512 31085e97b0d87fa8778855a774712aa9ba75e339768f1d97a16117825fbb969d8a9c119951fc8674a9149388f89bee272afce3604da97f9d1e9a670d197a23e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eacf555a5f2a5dabc7a79c83584bea80
SHA1 949c85f6b35c114ea6b503d29e489588416f5030
SHA256 dd77a89395b3a79aae55def6cf008f1dd615cc812fb32d989019c8f7ea19f195
SHA512 4b464767471d81e6c79ee3113b50bc9b94bc781f87bf20a7bce2032924063ebcf7a1a420f211b7064f903623941c6083f242a176359e60f73528bbd044afc6f4

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 25073f4cb774505914c4401aee524361
SHA1 2ae76353491a8cc30f89cd3e94497b15f59623d8
SHA256 be11eb7b05c6380fcc8391cbc02a35d4a32690ca77e900a2f3b1a34aeb2cb8ca
SHA512 aa1ea84f29419b3e5c326771c22ce532706ffe812bff2fc4513ffd4566ffca04ebee4b03bb6313c254dbde6c28488e0cf75073cf5cceec84372ed6cf283ccbba

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\0c9e1cc5627137aa94a65e25346a7083

MD5 0c9e1cc5627137aa94a65e25346a7083
SHA1 c7a31de26742178018ff0333166712d34d4d88d3
SHA256 8aaba55f3a2ac281b7a40691a540c3074ba88f2a628386dd383c32fc0abcb40e
SHA512 cf3747611d1e64fa5ff1dbffae40c542f3e58a8ef395f08417d6baabb9c179f0843ae797e50df35df14562d60498bf72f69922be2106f1c1faf0604ba6f1bbad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c2ff220aa8480e943c9171018ece54df
SHA1 62c2f92ca1cb0fad90d886ccb1701bf7b9674b47
SHA256 6bfad055f63ddd7806055c454d598a4c402d1ed5aca2ca3c7d3895e542b73a47
SHA512 a1b04475fff2145b8d441c907b9a92fdcac18d3eacf6d5a29da971cad3d6e6359205c5acce3e18f386d6a5d173ccd2a1228a4d74f0ed15c6dfcdbc53bb90d4b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 948606c38db2c81235abd14118704f96
SHA1 a80f81e67c2bf143dc6b4b00451096ee8dcdc0ee
SHA256 cf12395532c0db250b4d742e4df953ce176cdb1f9edf0a39cf6c0c22e7e9788c
SHA512 22486ecbb6caf0adc790502f2e6ef4bc47a7b5d3990e4f2627d47f61791d9e0517c3908bb25dea37b56fb6c29af279e3a16d5af18130def8b6c3fa08fdfccd1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 996bccaaa5cd2986cedddbdaf58e2467
SHA1 29e676e8d3faa57e5b4052221c59e132ce9d97fc
SHA256 b4688bd70addca577c4c2c0bd81fd7858f2b16945181c9541d05453c8efb5770
SHA512 335efc50cdaecd25841c9bfb351f428c1ed7c187769cae86554330a1dca96135b161755cde9ee848d03f59ea64a512699ab1d69f2087606d01f873f6bd326335

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4dcfadb323fab4b10e61c542aee3fff7
SHA1 9551ff9829bcf6e2989556901f8eacb65d156b67
SHA256 056cd0bbab8318e6855389a2874e667a15c8ef56fb3295572dce99d28a26ba55
SHA512 a0f5be77ece9e697cd867f9d058fc5e5e8b0d87d32f3c5afbe10d5e2720a7d304f11a24ed1aa87292ae761c1bff6a908ef1dbcb0e721577dbd9cab03e23c7f67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 c8a14a9de994b06e39dbc1b5f131037e
SHA1 49fbb6b59b478a03cd283df2cc6a44185f462de2
SHA256 c98e2a86dda7d425171a8a92e30b3407211ecc0ab49d63d1fee801a54fc1eb3a
SHA512 f7a1984882de8da2e4f5c7f9c44be48ce4c5667655af3e677d5359151c908ecf407f42280db5b3072350bdc01c33026fb177b87dbe1b6c0dd0f72ddc784675ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 0dc52d5156e0e3423a20671f85112a3a
SHA1 de63219e966279d23d5d9ebfb2e3c0f612a814a0
SHA256 55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f
SHA512 de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\RobloxPlayerBeta.dll

MD5 1dc3b743677793b5df85cd8ef62bc07e
SHA1 11ffd78d4ee488e921b178a42540340439764ebf
SHA256 05ecd9ac5ac30ffe3259a02d7e0f7fc9d40703fb1f5ad104c9db80dc6df9ffb0
SHA512 ac24561da6af0b4077dedb24d0802cb696740a3abc8b04963c32cc6161922dcc66b5b832487b12cfab10c237b3f57735a38d277b3f2b35ad2c62c9ebc7509ac0

memory/5816-3468-0x00007FF9647D0000-0x00007FF964800000-memory.dmp

memory/5816-3472-0x00007FF964860000-0x00007FF964869000-memory.dmp

memory/5816-3471-0x00007FF9647D0000-0x00007FF964800000-memory.dmp

memory/5816-3470-0x00007FF9647D0000-0x00007FF964800000-memory.dmp

memory/5816-3482-0x00007FF963000000-0x00007FF96300C000-memory.dmp

memory/5816-3481-0x00007FF962F10000-0x00007FF962F30000-memory.dmp

memory/5816-3498-0x00007FF962CD0000-0x00007FF962CDD000-memory.dmp

memory/5816-3509-0x00007FF9626A0000-0x00007FF9626A9000-memory.dmp

memory/5816-3523-0x00007FF961BD0000-0x00007FF961BF6000-memory.dmp

memory/5816-3522-0x00007FF961BD0000-0x00007FF961BF6000-memory.dmp

memory/5816-3521-0x00007FF961BD0000-0x00007FF961BF6000-memory.dmp

memory/5816-3520-0x00007FF961BD0000-0x00007FF961BF6000-memory.dmp

memory/5816-3519-0x00007FF961BD0000-0x00007FF961BF6000-memory.dmp

memory/5816-3518-0x00007FF961E00000-0x00007FF961E20000-memory.dmp

memory/5816-3517-0x00007FF961E00000-0x00007FF961E20000-memory.dmp

memory/5816-3516-0x00007FF961E00000-0x00007FF961E20000-memory.dmp

memory/5816-3515-0x00007FF961E00000-0x00007FF961E20000-memory.dmp

memory/5816-3514-0x00007FF961E00000-0x00007FF961E20000-memory.dmp

memory/5816-3513-0x00007FF961DD0000-0x00007FF961DE0000-memory.dmp

memory/5816-3512-0x00007FF961DD0000-0x00007FF961DE0000-memory.dmp

memory/5816-3511-0x00007FF961CC0000-0x00007FF961CD0000-memory.dmp

memory/5816-3525-0x00007FF9647D0000-0x00007FF964800000-memory.dmp

memory/5816-3526-0x00007FF9647D0000-0x00007FF964800000-memory.dmp

memory/5816-3524-0x00007FF964650000-0x00007FF964651000-memory.dmp

memory/5816-3510-0x00007FF961CC0000-0x00007FF961CD0000-memory.dmp

memory/5816-3508-0x00007FF9626A0000-0x00007FF9626A9000-memory.dmp

memory/5816-3507-0x00007FF9626A0000-0x00007FF9626A9000-memory.dmp

memory/5816-3506-0x00007FF9626A0000-0x00007FF9626A9000-memory.dmp

memory/5816-3505-0x00007FF9626A0000-0x00007FF9626A9000-memory.dmp

memory/5816-3504-0x00007FF962680000-0x00007FF962690000-memory.dmp

memory/5816-3503-0x00007FF962680000-0x00007FF962690000-memory.dmp

memory/5816-3502-0x00007FF962680000-0x00007FF962690000-memory.dmp

memory/5816-3501-0x00007FF962CD0000-0x00007FF962CDD000-memory.dmp

memory/5816-3500-0x00007FF962CD0000-0x00007FF962CDD000-memory.dmp

memory/5816-3499-0x00007FF962CD0000-0x00007FF962CDD000-memory.dmp

memory/5816-3497-0x00007FF962CD0000-0x00007FF962CDD000-memory.dmp

memory/5816-3496-0x00007FF962C90000-0x00007FF962CA0000-memory.dmp

memory/5816-3495-0x00007FF962C90000-0x00007FF962CA0000-memory.dmp

memory/5816-3494-0x00007FF962C20000-0x00007FF962C30000-memory.dmp

memory/5816-3492-0x00007FF962210000-0x00007FF962220000-memory.dmp

memory/5816-3491-0x00007FF962210000-0x00007FF962220000-memory.dmp

memory/5816-3490-0x00007FF962210000-0x00007FF962220000-memory.dmp

memory/5816-3488-0x00007FF9621F0000-0x00007FF962200000-memory.dmp

memory/5816-3487-0x00007FF9621F0000-0x00007FF962200000-memory.dmp

memory/5816-3486-0x00007FF962040000-0x00007FF962050000-memory.dmp

memory/5816-3485-0x00007FF962040000-0x00007FF962050000-memory.dmp

memory/5816-3484-0x00007FF961ED0000-0x00007FF961EE0000-memory.dmp

memory/5816-3483-0x00007FF961ED0000-0x00007FF961EE0000-memory.dmp

memory/5816-3493-0x00007FF962C20000-0x00007FF962C30000-memory.dmp

memory/5816-3489-0x00007FF9621F0000-0x00007FF962200000-memory.dmp

memory/5816-3480-0x00007FF962F10000-0x00007FF962F30000-memory.dmp

memory/5816-3479-0x00007FF962F10000-0x00007FF962F30000-memory.dmp

memory/5816-3478-0x00007FF962F10000-0x00007FF962F30000-memory.dmp

memory/5816-3477-0x00007FF962F10000-0x00007FF962F30000-memory.dmp

memory/5816-3476-0x00007FF962EF0000-0x00007FF962F00000-memory.dmp

memory/5816-3475-0x00007FF962EF0000-0x00007FF962F00000-memory.dmp

memory/5816-3474-0x00007FF962E60000-0x00007FF962E70000-memory.dmp

memory/5816-3473-0x00007FF962E60000-0x00007FF962E70000-memory.dmp

memory/5816-3469-0x00007FF9647D0000-0x00007FF964800000-memory.dmp

memory/5816-3466-0x00007FF964780000-0x00007FF964790000-memory.dmp

memory/5816-3465-0x00007FF964780000-0x00007FF964790000-memory.dmp

memory/5816-3464-0x00007FF964660000-0x00007FF964670000-memory.dmp

memory/5816-3463-0x00007FF964660000-0x00007FF964670000-memory.dmp

memory/5816-3467-0x00007FF9647D0000-0x00007FF964800000-memory.dmp

C:\Program Files (x86)\Roblox\Versions\version-2b67309334b54dab\WebView2Loader.dll

MD5 577f05cd683ed0577f6c970ea57129e0
SHA1 aedf54a8976f0f8ff5588447c344595e3c468925
SHA256 7127f20daa0a0a74e120ab7423dd1b30c45908f8ee929f0c6cd2312b41c5bddf
SHA512 2d1aea243938a6a1289cf4efcd541f28ab370a85ef05ed27b7b6d81ce43cea671e06a0959994807923b1dfec3b382ee95bd6f9489b74bba59239601756082047

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7f838621b4e7a754f176d6ce8d3fba5
SHA1 89f101cf558855a2b18e63431647ea178d78d7ee
SHA256 05b68e5873c6f6ba27065056aeb7611dddaba52e27e0824a9b0b1c77a1e688a9
SHA512 84a09f84efb26444d92e56f4c4464b25e0da8bda51191446c61759553bc3e25613cb880420fbb21cfc57b02e3248ccd9a473c4965dac5227e821424520fdbbb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 caa6b28df20d13b4999f185ec44f27ec
SHA1 8c7ccef84f81f4aa85700abfe70cb9f713fce76f
SHA256 c916d3848b87897f3384a7aff4ba656dcf25343e8aad255260e3518eb3fc4414
SHA512 3b4797f1075152a2f38a3d57b764e903eea94ab69999caaa6a0e4f59508577572b9e1a3d74d342fcfbcb5f6235e7f388f58163e0eb75d65a88512504a5d8701a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4c32ba0989aa03d7ae61437a92cc8c59
SHA1 fe0e7054a19b741e66a312a54f48143ef1df5337
SHA256 e28c56d8caf9dcba94ae704430d5bf30e86058186f6c0c5eae9ed7dea5d67680
SHA512 0e8df7b12ac036ef25c9beddd7f8fdc1f4bb2e6d5aaff4f2f0796dff47f701f42abd82e5d112c3d87287921811b1d1e85b3ba5a226116b395c5fc541cdba7bb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a216cc034f78a760c9b637369ba061e
SHA1 5a1c9c92f95ec5bf30a12e1212af248289f18761
SHA256 21f4c88ba92500c8b4e26f83666d6fc7466fa20565bec13da8b908f865fed572
SHA512 f3da2349c32f9f4b05eba2330bf0b09f720d126614afe78d92efef1eaf1091afeee7e6a41a84e22f0aaa275e27273e2f3eb08cf9be78aa439d3621ecf8d0d7d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7cc28b3b03c4a5262dd2337f9b7da7ee
SHA1 b5afc378e82026f3119740e13aabe1d71bca5413
SHA256 1b53c15f5ab11bd47a0a02789abfb6a5a059e49f4767592ab4e670e3aebf058a
SHA512 9ce56f141512b142c42d4d98db97f5b4ac338742678b1dd3b494fdccae54ccda4b94cc7c2c594e58b8d80c7afcb66934c88f1ed6b5fc320d901c251365bc3bdc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf66b46186420a240bd5651fe1210525
SHA1 6cb19e047663c15269a17e7d83f99c46e034e256
SHA256 6863639d92ad548817304ffb9dce0a73200f067254c720abed818fd2c5514add
SHA512 1dd3c6385657419b0b32247906e6dbb7a5c5d96b53b8b275d07ad56b2759cc4a91732c66f48e961ff1b45daa949eca1fae37f6f7d427dc8f565021a391e5f624

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4e56fb4799d770faf5abf43ec6da118f
SHA1 d5883d18f832c1fa4f40c5b621acd9d4aebc2d90
SHA256 c01c35d4da11d8f09040d0c262c989002fc5134a887103f7805a98a7a3670a6b
SHA512 4d7739588c3ababea647a7b60719ff0c6fb85349830c398ef5cd4e292abe783ac4b5e61b97a483946332a85d9076e9de45521aab0da0ea3e946766934c3f742d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6433d1da706c5d2c9e6292f410f7be81
SHA1 8175636224cf15a955e1ea0ccc8fc31b6fca85cf
SHA256 db6a809af0232218843b7e1ba8a8ddcae5be401e4523ea9d91d082aed0afc87b
SHA512 65ace7cc433a88e22614da1a28c4f85dc48bdbef58b338960b76d76a18190101b613362906db566429fca20ed56642fbcf938462095c271ed2a75cb77902e41e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4f348bb287d235adefa5630e90cf70bd
SHA1 88daf1ca7abdabf513d53c8f39492e5b8543c95f
SHA256 bb2eeff53d64d512564085c6bff33ff68256dc086b84c08324f50dc8689b1ccd
SHA512 4b6482dfc8263f7daffa9649c059b2ac00a5c4e30f85c52ee9e14ea7244bbb8b0f559e381a70d3725399a4d037748b508d8c888b6ebca75df20e81358fbc3012

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f685437ae0b1d67084f780ce43d6da89
SHA1 c12bac08257db2c51b8208af7cbf13c01fef4004
SHA256 ad442fe731aebde6e88144199d0e1e8c403eb28f4e9bf86fee2147fd699174fb
SHA512 ae726d16733f9ef985da65f849dbb1e921c18a4ede1cf8a6819360c9b23c917d14d3113070799d347d3cbd1b5a73f9f572c0eab92d6c2bf4158ee110f380ffa7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00019d

MD5 edb5137735da78c90b04efddf721c4b8
SHA1 89b7d4ca0022bb90b165c91f08a5eea1a4f4b042
SHA256 398eddf3391537cb7b5bb8783c84bf14e0f049ee8b110470b7601d13b83d6811
SHA512 e5b263be5b13cdfb94b738584ab37093b37a2b4fe919d65be74ee101d6a628493a9ba3bc046760b905907f572169f2359d0fdd35da1473165f1a5685a93ff6d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001a1

MD5 8cc2c8d59bf761924271fa07117acfa1
SHA1 e37810a744996519da4818db51476cb943f5c2e1
SHA256 3a3f279e508caa7b84af6a9bd16d76401a3aa6cecd1674bfb3ebdb4929386456
SHA512 941041a2d0a478d574726bbae2e80ea1387915ef78b018c6190170295e8349325ec77dc9efbb2e72a48ad82b7d243ad259fa8c4aceb2ce0cd314090dc8cf0bfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 656841f3d6128548e56023e6132ab4aa
SHA1 39fc64614c0cd0ae41441ea9e675f19ffb8eebde
SHA256 50c56e24a21130c7f5bea17bce9454a0b961c15f735199a2057e7b876131acdf
SHA512 04fa185ce6d19788482cdd7be6bcfa8a40ee50d50c083e5f59abc34869eac7e1122012b319c652083063aa8005c98f81513177afd5a347b07b609f39c2b95025

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 066a70cee84450bfd1925b5e9a207e0a
SHA1 078158e4658e9c9c627c06d2736e88e6f5334674
SHA256 c406fa82d757193134caa102f8c43b0575519d31349398c259dc67421a19011f
SHA512 bbeea21fc4c7571cd5100871fc3d13e5f2c10216d94cd131ae39b9909e88f890d26311966116cd8ede6178ad3b1ba8f23a12849b4691303bb88757a1b55370dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6ed4d466e5cb792bb5fb26c216fe00c
SHA1 67d2a849d47e1a54a3a342bd438aa4f0c15785b1
SHA256 0b129c95df382e38d28c88f2820396bce0293ebcbca61f480d888faa3a2e8331
SHA512 a7cdd06bea3e96834602d364d62db1f05e7462c450f5f4bd81483d7197946b6b76e4c293d5137c20a01b64a38d6111e38ba359e746c23f17b1d8d1fd52e73701

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb7175aff731b4e9364f8a2208b04cb2
SHA1 8080d39235b9c32577416dd5217ed5c5b9b89ce6
SHA256 b858559858bbd6d3f17e6bb745d5c2ef30a03c4e6a5bb625b62f40ce5ce3f666
SHA512 dc843fd1f7654061f7dc866cbb45e6503085db0b349124a5de642d7ada702ef9e6713c2019be1c3e26024f04b6f6648096b3a7867a9d4db65a60ce0c97a1b309

C:\Users\Admin\Downloads\Release.zip.crdownload

MD5 89661a9ff6de529497fec56a112bf75e
SHA1 2dd31a19489f4d7c562b647f69117e31b894b5c3
SHA256 e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd
SHA512 33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 9516d23dded41215af0db7bbc79ab4c4
SHA1 60f0fd6c7c5555c286a62ee4f4735b11b8e72de3
SHA256 2268218c9ae5d3c93341bea85091ea392c87be83a950c72a7e450214ae681054
SHA512 ed2a8d9b696f82d563e1fafdacae12d56d5935811b0d9219ca7fbbdd0e0f58c07d9f9a439a2cb910617effa125719d97473aa8417b3526e753d8a2f0e8cce25f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 230e76c3c1620788c94592f953c01547
SHA1 2f9d487add33198a95aa6afd514b3ef023291e5a
SHA256 3a4682171d16a4918b023f7b44755137bd31154e434286e5a87bec0c11b2308c
SHA512 19b31bbfd44cd05dbb21e14cfacf7a60757febeb12fdfb65dd08d569df2c519f261fc248df332c96573e42d570f39abdac8c88ef298a186f72f623aed16ebae7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e361245ef47e5c079333b68bdcf9567
SHA1 0538cb4080aaa8bcc713372bdeb4078aefcb2da2
SHA256 15ccd32b860154fa95e3b2f3bfdde197580b09295d215cf72a857b34fd922498
SHA512 032e9261b29ec9f2dca4a2684325f37ff61c40e855b9233d2b282f9d7649db8fbbe987e1dde4ad4987462a4f601cc9f2811bdf3f3784b4ff3da914e61ab99571

memory/4080-4249-0x0000000000010000-0x0000000000212000-memory.dmp

memory/4080-4250-0x0000000005480000-0x0000000005A26000-memory.dmp

memory/4080-4251-0x0000000004D20000-0x0000000004DB2000-memory.dmp

memory/4080-4252-0x0000000002780000-0x000000000278A000-memory.dmp

memory/4080-4253-0x0000000005050000-0x0000000005064000-memory.dmp

memory/4080-4254-0x0000000005FD0000-0x0000000005FEA000-memory.dmp

memory/4080-4255-0x0000000005FC0000-0x0000000005FD2000-memory.dmp

memory/4080-4256-0x0000000009610000-0x0000000009632000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 54582b66c06f1b8bbdd5f92ca0ae72d5
SHA1 2994d22baf4597631af78c37896db4084eaed04c
SHA256 09a0c9cb06b3f236126008107b4c34779456e7b18cd8ba54f73e92dc1e4221d6
SHA512 b8ff741ffb69a0420311d664d283d8524fb5c60ae909c2f0ff2e38bb58e2ffe88bf73be1a4010e49f59af22b31b54a457c9060d13e1212caee9152155dbcec52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0eb7ac69f3717e2133141efcbedbd97c
SHA1 9d88d12ec8654be2ac711784c976323b86df2fb8
SHA256 594765b7cef68522d2d057e418efd7afe0cd440bc39774357056e26da181664e
SHA512 d1110ef2f2c7e2594abc50f308030ae3d777c265af471cd0b58c2662eeda3abd2fd80ab283cd52c5c67ed121a49d228a7b94d7714754ac313222db60396f6296

memory/4080-4275-0x0000000007810000-0x00000000078C2000-memory.dmp

memory/4080-4276-0x0000000007D00000-0x0000000008057000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 567509c4ec14c4876aad79905102d9cf
SHA1 4a7c4cb869f29b055dad8f8857f619c1fa98dae0
SHA256 fd7045a70fc35d387e4a51835c73668dd783e39b55054e7faaa547afa6e7ed90
SHA512 5f858ded6d8882174e7b277deff6fefa2e3a5c28141da059651e6e3743a1019a9bb08df503f1d5f0158380d596bbcd269a6181e19dbb0605767d165e701218c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6b4c29cf0934888cc3c7b1993215473e
SHA1 a96b05262a0f1f80637ff2234507a3499afc8be3
SHA256 97b8ce5ad06d302394b6bf7ebb3bd75f57c2d61901cb270d98e54ad4e6cf1487
SHA512 bfdf606920c34a63748c750f742e7764f88c2a02885e554294b0ccd3259e44ad43405b11b0bc31a7e8d33a7aa6601bc24cf79677600df51f9e5f64191a716622

memory/4080-4306-0x00000000078C0000-0x00000000079E4000-memory.dmp

memory/4080-4307-0x00000000079F0000-0x0000000007A0A000-memory.dmp

C:\Users\Admin\Desktop\Roblox Player.lnk

MD5 1951cd22480fc3c8f7c27d5cfeb78b70
SHA1 9221c16aa59066a96a215e514c2112df961a0231
SHA256 7c4543f4f18e887be42e6a9dc1a838dbd2d6d94089cf0986e1a28c0a0f675423
SHA512 9e88f27ca2edacc28602b67d711cbc3fee46afdd4d0c4dfa6be91a8675559435130dee8d1fe116406c90ff327106b7dcdd1ec50023caaa4d8bce2205c959f462

C:\Users\Admin\Desktop\Roblox Studio.lnk

MD5 dfac2109f95d2c6d89a1dde61e9f964d
SHA1 be42f90fbda4c89eafa30bbe2b899489a3910dc0
SHA256 b9b861d75e53fe4da2dfea5fd8417b25c25c0a474ad806efde24fd220fab25ae
SHA512 2f43103f2ca5702d7e23ea4c52037057b85c3f595e13c70de3ea3b5e8f01ba6ebaaaffcc185126cbad700bdeecaab98cbdc04592e338c35f690a3b887cc45511

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 16e3f50591365534963c1262145dcd73
SHA1 95056eb345e5a7ca6672d9ed36697aa71fb98a17
SHA256 7a015eec8fbaf6d6aa631b8d03bb06ec1d42d86bb1d0f9e0b8ca594d676ea4a9
SHA512 243338039fe88f9aecf82d7667c2256b1e841be7a74a48d9122dca6144ef98deaaef07ac871eb10d6381c3ab810f08ec123fc8770a95f52e1173139a1fc02fc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6de9fe3eedc7cf0a515d841690bcc341
SHA1 1c1a67da7d8c9d6577bdec524fe0eeb928cd580c
SHA256 34f946a2c27dab362a2d58ac33e2e4313cd85d46a9ad18a191b145ac4710bc4f
SHA512 210e713c5d92f0034f3209305961bf19a944142042416e146014a6f6bc03de502649e13dde0b7a404b9f0eee0dcf73adf2f315db81ecf4ed5c869782005ceac5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60bef6d7f1ea21949a5037aa38717860
SHA1 6e80462e3972bb8980c84cd5a3bae6efdf9e9f73
SHA256 d398217a2cbcfe74ecacf5eb51179d72e97e09b709e6c60846b5fc0eec62cb5c
SHA512 4add1de06498532879349ee2c344d924f674cd8551af409138b268f63bdce709cb29e5da69aa87498f409119f926505ad17283a817c05bcc8123e7cfb816d0cf

C:\Users\Admin\Downloads\Xeno.exe

MD5 0655903e652998c0bccd98e11d8b883e
SHA1 3b7354e2ddf0450e4ee5c47e67fbb7dccdc9ad68
SHA256 b160f009d6db85505674803dc1b290dcfd1c174fe4c8ea5ac95baad4c5b1c8c1
SHA512 199835b47f3852c86e747c2d6ea21a79320bc044ef83531c67c501cdf141c58861538515030f2a9817fbb882b97278f661793d226d420059edf83cd70f4a781f

memory/1376-4347-0x0000000000F70000-0x0000000000F82000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 36d97525282bf9062d8f0c6f8a2c0528
SHA1 129579b34d1a86c81fc3f1a1f5c7a12d6aee2425
SHA256 3f6668c2fd7d6e41982b94ae486b7fb09f385a383b4d360607603e0cb4662daa
SHA512 fc256c34612db45d8388179ef7e3d07a097f77b4c9e9ef0c94d100c7b1567926befe82aee95ac4b841491821d368c9221a8787ed7f68c08151eedd93d2fb78de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a4090834-8607-43b6-89ba-09a83c5c5411.tmp

MD5 8ca2124bee86ab6b11e0d344dce2df0e
SHA1 c63dd19077eef2859e2af1c7e4bd730f1f9032cc
SHA256 dffcf2941e0f47cf28e2b2807ebf615b003133da0a08c93c33fe4b15d6ddd83d
SHA512 c57100d27803dab4bbde134dc60876e06caa1035c94f427a31e5efb49bc2f6bf247fd0d88b5f354be650f9023ae53983b9d4d67b97dc9f923002950d30c3da47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dfaf66ff3963ae4e25b8785cc1747d71
SHA1 a4de30e03e476ac0228c7028243fa2732c145f19
SHA256 fb92449c6dc2cb39b42382d88d5532a05374bb80f0f0c6a208474ea380ee63a8
SHA512 658537da0d3c6ee5d6656b120eecaa73bbfd92fa4b921fec7f19f5a3ea2183c57d4a00966de3836bdc11d39da6e48802ac4b08632f3ea495c5258d2c668c0396

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 afb70c9422324682a12fca53e33e3e84
SHA1 3a49cdef82b8574f78e3094c8a1bf7f232d53125
SHA256 265662bb7790b5d826620c6ed1c5bf442a6bf87e48944ae8f18adf0f3f8a0e1a
SHA512 d81c5222a1f5ed169b9d4683e61811815f3b9fb39c0307d6640dd7a729e5a8af713b630c2930b9c8ab83d637811f529b9d3a723c43e151121773dafae3fabf01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f9f7b2e0061039dc03b79055f35b0576
SHA1 94dd0696db149c635b072e5ea087aa3add7c4e7c
SHA256 7e2c64b0ec81722c291958746a57fdabe835e2189c8a35cf63bcf290ffaefc28
SHA512 61f923f0b12e443cc5e124b5cc1c6dd95b1fb6eeaa6b23a959c92ba51e5efb73149005cdf2b8fac865d5874ee235bb9571eeb916d97864352eafc54413845982

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 266c1b7237498540a03661d77ebc2065
SHA1 33ca838352d59f92e089901ff38a8f7f3b31c7f8
SHA256 c58dbea8d4541379e229a5fed0c79d330e09d34e3ce9f68f202ed9cc3bc332ed
SHA512 78a536593ca632b0a2fb15897e9b550859c934175a90f6ad0b3868988113f1bdfeb1721282c859ca7c3f539c8652a421c18a687a8b3e0e0e636ffaccd3a5523f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c6fdb09689525a7b61140f62775c6200
SHA1 af701498fdf3a6f73b31015d5cfccda56cc2fc4d
SHA256 9ee99f3155b14a32967b59bb4d6202b6f16b041e50c4ab7b1eb6bfbd14457d0c
SHA512 f6e4a13a5d797afa59f6ff112e99b89aff09bb79341b95cb7c3bf798c13688c436ce155e30cf697bcde276dc060d25bff8a2cedbf0d2d8c7264d69ac3c97b631

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001c0

MD5 786c4894e2393c2a6df8fe0fd6aeee3f
SHA1 2242cd681f699ef3d642ed9ed1f202dbf6b0c1b0
SHA256 258ce3bda497a9ddf8e00e70ab2b08608c3f3211aecc90348179eea95be084a4
SHA512 73751c1624a8a7e8141c387159a700f637e4fed6f5974d7402fc4faf4dd72c0779eae74049746098ad2c05765fa97329c51e9cc5f422c02abaaa92035aa991db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6107990f85d19a2b4febc66f5992085
SHA1 d66205ec19720e6a51d482ec36fd75649440bf47
SHA256 67e46bc75d6e593a28881a686fed1c200c461fe1636be9854bed521442b74122
SHA512 96bdd306ff033c8174702c96cf8fb0bd59c9f0a2c66ffefd0536c06e453470f9b6a894c0410efca0a90ad1b249a9ae528a9c92bbea4f5aa45093863b5c6d59ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1594d8583c59d7f1db9d9b1d14125328
SHA1 ad755c4d1c51e779f105adb53fb66cc5de8c57de
SHA256 06411dea6d013bfc4e9e859bf5392b0d57d94a08640af618d6b75e7cdf0c4cee
SHA512 136d9febb0ca62942aa93b62aac9a181a2e3bc29818db38a152da765b640f598bb00a2deb7027cd7761d9e50a23af1f8d4f907c62a32d739dd54770ff138a200

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f731df165902e10db9d7bca3782d9a2e
SHA1 0cac49c5606fabb0a3744016cf0fdc0713c6d2ce
SHA256 d78413698c593e837f6407576d88cc76b3b100b2486f6a287eba899d1f490ae2
SHA512 53f08dc8769e1cb103b03f0aacabf5d3eabc4b495bd96adfeb8a9fb5b85a5a5ea4b2b7bdd7b71a6c66d8708f84e5df3b387c99ea07f7b621a41776d41e62663f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a6e1f9ac3b475fadf759d6ce6b6ac4fc
SHA1 5914cfba8cfb37f75db20dbf21642d2ce260d481
SHA256 47345575326f1a902ea867aa45902069446a7a3635e391253929d7a2150d9da6
SHA512 850246f4abe70325593252938929069f978bbae80dda2e112848ab00328164c6e27a6a8a027ce5cd636f73cd94df26068676da58eef930731d2f5410e1842b34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1678401189d2df1ba3f37d6f551a5cfb
SHA1 5d389b87d81e2c1ffba4391600d917b6e9887415
SHA256 458c3838373599a34241181f9bcac8c5a76a61f5f582c93e5d23e5f9a5ac983b
SHA512 f39100f94a70d628e4553b4e824af56447f19ee3c76ccf6897db3226a5203de33718f272e694c979dede11a5cf2f4947309da08c9f7b0881800c686b28023984

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20449cb4afdba5d5206a294c275d618b
SHA1 6f248f6f7c62787115d99518955a3f6d1d669395
SHA256 37f45a1c54e3826eb15427e81d7588e794b6a3fa826b2e4ce724067ff2fcc7de
SHA512 e3dfb2bc704d911af7e6cba8ee6c9a7364c6cb29e7c2f78487bacd41cda5c413289dfb174cb0a66fa54a03191bf0c57ce8e052b5e50eac81471f38dda237be6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8252d35e1501cd5a90cf2e103cd68145
SHA1 cd27dac690b3949ae44f0eb254bd9047304f8fff
SHA256 701fcb55191bd6a1bfd70c7c2c283d0380864f67c076227266afdfe4addbd180
SHA512 ad90f8ffa3d42c9ed7e27a5648e750754ea368f2f02f940abb328cc96344e6b5084a409124acb5c93ab22d27165845ca20551be639a5b97af530c71e4091ecd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55cd536d6d2a04ade35b3872582f3b4a
SHA1 a67567a98b27e0bcc3b9c54295f1a166fa578f38
SHA256 53c0028a1a9e44dc3cecab734175093c5a7c7cb13bc1558480b75e4833e36b58
SHA512 12938caa5f47762bb0d414c7097075c4c72ea3251b49c2024f805a741e91f35b75446720776712d41502b2f110f107ff55be3859672520b73e3ecbb50878d8dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\83492203-d42d-4e99-bce1-c856bc35fc7f.tmp

MD5 1122156bb1ed6e722f449a4171ee79a5
SHA1 796736929e3b9a0a1a8a0c82f5b1dcf15efd702d
SHA256 e600437f8b8b225f26d9e3608803315b879c0e1febe24b050ab0b592eee83409
SHA512 b1d24af9873f3a7ed91b456b868b42284803559d81f2ead066f09690cc22c97f40b15a838179e57e1b5bc62c454eefae32e352dcaf476af9f0ad6f27131647db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 174a3871301576c1485f704df20bd23f
SHA1 d8947b65f7a199043f00cf6878c1855dcefe64b9
SHA256 d0be132eb94998d0669e514b9f88f6406bc6c625b6d0528d4eaf881b3a0eb131
SHA512 9f0f534269936ff1f60a03e18889d7e6e709310e2f02d102428b26a4d9352552873e730580204bdcbf7070cbd4e2368a33b044e48dceae2060fbe2994df829c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee4ebff53c89890bdd2f16487091ba39
SHA1 731c339acadb9c410c085bb95e5b10af777f8d73
SHA256 7ecf06a6eb017027288cc2a6852c9dc52fc95135a6021ca18a6392aae290ac73
SHA512 6780bc064df12c05fbe7d41b9b4bd70d45ffc27b1c2f996be8031765a34a121cd972f0505c3c65a8c33f82c42b34958a7f2781fcff3e7361b0a3fd55b3b7a963

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7f288abb39bc8f5aedff6c192d6f2f85
SHA1 642a13cdac5531f66ef330aeb806fafc6d3327a7
SHA256 3c009b71a224cdcf81481c8d82167d2c6756fed5f21479fb0efdb4b5a9dee311
SHA512 e42ddac61b374a85406a41a521d43d56a7a1e44dd270ebd7e150b58eb6cfd542dcc38c7545ee99461f0025c7bf5c69a3e9550e3c5d3e9b8a61913f47daca668a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5cedcb090f09a1bad4dbe4423bba7a8
SHA1 97ce32e7c059e31463a764913bbc43c4e0938622
SHA256 d27813d36c59e6ac536f5c44735b8a0fbf8381ba161cb80b2679299d215a321e
SHA512 e14336488e010cd5bce6e4c08652a540efddea40d479aa66b40cb74405847ccc507c90ce48680d703da43944d1ac8813db6fa338cc8fc7058075b9c1e18eed18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 655f350188432b71153dfe5d385509a4
SHA1 b369f2213986bcc3b48f32caa42b5efc4fad1faa
SHA256 255a68eb784e78ee1deba3938a246eb923def9d333a2de323b338c3d41c9d297
SHA512 a6810ccc165c89cf4b801cb0d1249288656af4842e70290b095743090e8a054437cc16d730e8ac5a2d83604eb9c11134d6e7b71ee0b541925e2d66badab681c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000181

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000182

MD5 20a5a164ba2dae0410b9b313e866cd90
SHA1 f54a317d3ec70e84cff1adc5539efe4e5d73bcf6
SHA256 9af9b0e7af47ffd8ad17c4eb49c00186b3d8f17991864c9d7d96b776693d6815
SHA512 5694424746d343340350cba7789f42a4ef1d0457a7815aa78fd9f20c541123ee5b525de86390f173963d70a2269cf8efe347f9cb56a80271456288617f62af39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000199

MD5 bb601bc4b9348719207f839577fe20c8
SHA1 420fa7de4fe6a29d0be231d81fc07b2cd3d9668c
SHA256 04dca4ed9547f2a001db21099d2dd855939e0f050a6ddfbe9f16b4b90e91f105
SHA512 13a259ce39f643ac20d7af42e4d71600d8825207ad20a9ec9ba34e9d9f0b077f897cf4ffb79d3508126fda39ce0ff2e94a5558a8a29d7609df0e00b7292aafc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\9\CacheStorage\index.txt

MD5 9f4f940dd750d88c1c3af9d3e0e66173
SHA1 114599a33260a37f54940960ffc9fc83e009b14c
SHA256 48c2c01c8da7da78e4176a9d0f5e0a7f1b5f61bf07d5c610e25508d0f2c5b9c6
SHA512 00e3d5bd7bed7e69b892e67447e129674fb49c9979e648d19f6f017287616b5a119e10bb9d1b814e151a41de8894948ff24965f8443d07bfb1c41e0985007f5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\9\CacheStorage\index.txt~RFe6363e0.TMP

MD5 8d73daac56dbe6142e3f2204ee32ac20
SHA1 52331a89508ccc5da3027943018905e399db88df
SHA256 77e505b70d74a8e0d67cc18a9e8aae0793f95498c6c7856052fe5d2e2e7680c8
SHA512 5cfa6d9343b149e308ef0a46e7c16ab85126b7406cb6f0b5e80c66e0c0533bf59e7ac58502a15793e1243f4b3f8c1f13097aeb7e1bfdc68a328b02ef3d1724ad

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\01c9b894-fcbf-484a-9b59-1570d238b036.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d52674d43a62118c6a13f996bbc756a6
SHA1 d70dbc29efdbfbd55a4a113876e9932269497542
SHA256 f293e44a627da8552ceaa755c27d4d18aedf8fc86f759da505667e47df62797c
SHA512 ecd89139ef1ab28ceddab69f6b8d3ea6f43b3571e2a753953d3d8e8c8aeb1677eafc9ae3af94035df2dc743ad751e4d3cfab04c5431320448dd617c937bef5e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5cf8a9551713e7ba80f876773860aad6
SHA1 39213717459992718670c9c176df28b04dfb0b1a
SHA256 f83650fa9de8b52c39afebefd644a4479dc0fe74b6ed36d0409c52f00592d4ef
SHA512 7594a9c4708502439e6546eab8dab4829d47f268c6bd0a12cdfb04c660a193cd1be742afc806a5447ca5729ab4d9f69ff7295a1acfbc33874e1b0721899d5798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 31c02abaca2afba54d5ae93c9b00b350
SHA1 c6740c8f72ca1c53fb0b042648aa8372b764b56c
SHA256 4aa650d3e0d4e184de6f137ef6c0a3a0baa5af4c541672a4c6c64f83be4c41fc
SHA512 1c01392776bfaf39440be3d31827ae6ce401c27c7658cdaafd04a500c0012ff6b458a43181ef7387ebf4d3778a9d872a4a6fd766e4ddc064ddd790df9820ebd4

Analysis: behavioral13

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250218-en

Max time kernel

876s

Max time network

880s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-heap-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-heap-l1-1-0.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3816,i,11614662984397188522,10052431758593679358,262144 --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4244,i,11614662984397188522,10052431758593679358,262144 --variations-seed-version --mojo-platform-channel-handle=3860 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3840,i,11614662984397188522,10052431758593679358,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:14

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.192.18.101:80 www.microsoft.com tcp
GB 2.20.12.95:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
IT 91.81.129.182:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
IT 91.81.129.182:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
IT 91.80.49.20:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
IT 91.81.129.182:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
IT 91.80.49.22:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
IT 91.81.129.182:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
IT 91.80.49.21:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
IT 91.81.129.182:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
IT 91.81.129.182:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
IT 91.81.129.180:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
IT 91.80.49.20:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:07

Platform

win11-20250217-en

Max time kernel

436s

Max time network

438s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Dex.lua

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Dex.lua

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:13

Platform

win11-20250217-en

Max time kernel

431s

Max time network

433s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Sine Wave.lua"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Sine Wave.lua"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

425s

Max time network

490s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-locale-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-locale-l1-1-0.dll,#1

Network

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:19

Platform

win11-20250217-en

Max time kernel

433s

Max time network

459s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Spinning Donut.lua"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\scripts\Spinning Donut.lua"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250218-en

Max time kernel

818s

Max time network

867s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Microsoft.Web.WebView2.Core.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Microsoft.Web.WebView2.Core.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4244,i,15195321112227810029,13870653243844057049,262144 --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4064,i,15195321112227810029,13870653243844057049,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3116,i,15195321112227810029,13870653243844057049,262144 --variations-seed-version --mojo-platform-channel-handle=3800 /prefetch:14

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.192.18.101:80 www.microsoft.com tcp
GB 2.20.12.74:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
IT 91.80.49.21:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 2.18.190.98:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 2.18.190.98:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:06

Platform

win11-20250217-en

Max time kernel

439s

Max time network

446s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\basic-languages\lua\lua.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\basic-languages\lua\lua.js

Network

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

424s

Max time network

444s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.css

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3444 wrote to memory of 1076 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 3444 wrote to memory of 1076 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.css

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.css

Network

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

430s

Max time network

441s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\base\worker\workerMain.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\base\worker\workerMain.js

Network

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

440s

Max time network

444s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.es.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.es.js

Network

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

440s

Max time network

442s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Xeno.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Xeno.exe

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\Xeno.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

441s

Max time network

443s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.deps.json

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.deps.json

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:05

Platform

win11-20250217-en

Max time kernel

899s

Max time network

903s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.runtimeconfig.json

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133863050543861256" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2148 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2148 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.runtimeconfig.json

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff840bccc40,0x7ff840bccc4c,0x7ff840bccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1800 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3412 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4720 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3424,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4732 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4228,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4948,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4980 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3388,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3360 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4332,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4348 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3260,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3340 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5136,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3316 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4296,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3344,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3356 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3556,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4536 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4912,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5000,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4376 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5460,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5376,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5564,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5620 /prefetch:1

Network

Country Destination Domain Proto
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com tcp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
GB 142.250.200.46:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.187.225:443 clients2.googleusercontent.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 142.250.187.195:443 ssl.gstatic.com tcp
IN 142.250.194.163:443 id.google.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
IN 142.250.194.163:443 id.google.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 172.217.16.230:443 static.doubleclick.net tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
US 67.223.118.72:443 shica.org.uk tcp
US 67.223.118.72:443 shica.org.uk tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ipwhois.app udp
DE 195.201.57.90:443 ipwhois.app tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
NL 149.154.167.220:443 api.telegram.org tcp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 67.223.118.72:443 shica.org.uk tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 99.84.11.131:443 d2jiwo73gmsmk.cloudfront.net tcp
US 142.250.31.94:443 beacons.gcp.gvt2.com tcp
US 142.250.31.94:443 beacons.gcp.gvt2.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 18.165.196.54:443 dvwowtnmyluv4.cloudfront.net tcp
GB 18.165.196.54:443 dvwowtnmyluv4.cloudfront.net tcp
US 104.26.13.205:443 api.ipify.org tcp
GB 108.156.32.137:443 d2lmlpk6xgu7kg.cloudfront.net tcp
GB 18.165.196.54:443 dvwowtnmyluv4.cloudfront.net tcp
GB 216.58.212.234:443 ajax.googleapis.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
GB 52.85.142.204:443 d39fkvblvwpxa1.cloudfront.net tcp
GB 52.85.142.204:443 d39fkvblvwpxa1.cloudfront.net tcp
GB 52.85.142.204:443 d39fkvblvwpxa1.cloudfront.net tcp
GB 52.85.142.204:443 d39fkvblvwpxa1.cloudfront.net tcp
GB 52.85.142.204:443 d39fkvblvwpxa1.cloudfront.net tcp
GB 52.85.142.204:443 d39fkvblvwpxa1.cloudfront.net tcp
GB 52.85.142.204:443 d39fkvblvwpxa1.cloudfront.net tcp
GB 52.85.142.204:443 d39fkvblvwpxa1.cloudfront.net tcp
GB 52.85.142.204:443 d39fkvblvwpxa1.cloudfront.net tcp
NL 34.91.218.141:443 app.fast2cloud.com tcp
NL 34.91.218.141:443 app.fast2cloud.com tcp
US 104.18.38.233:80 crt.sectigo.com tcp
US 34.199.134.4:443 t.afftrackr.com tcp
US 34.199.134.4:443 t.afftrackr.com tcp
US 104.18.21.83:443 nationalconsumerscenter.co.uk tcp
US 104.16.247.135:443 www.cdn925.com tcp
US 104.16.247.135:443 www.cdn925.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 104.16.242.248:443 www.clicken.us tcp
US 35.190.72.161:443 fqtag.com tcp
US 35.190.36.172:443 cdn.fqtag.com tcp
US 35.190.72.161:443 fqtag.com udp
US 8.8.8.8:53 stun.counterpath.com udp
US 8.8.8.8:53 stun.veoh.com udp
US 8.8.8.8:53 stun.counterpath.com udp
US 8.8.8.8:53 stun.wwdl.net udp
US 8.8.8.8:53 stun.voxox.com udp
US 8.8.8.8:53 stun.voipzoom.com udp
US 8.8.8.8:53 stun.voip.aebc.com udp
US 8.8.8.8:53 stun.veoh.com udp
US 8.8.8.8:53 stun.node4.co.uk udp
US 8.8.8.8:53 stun.nas.net udp
US 8.8.8.8:53 stun.jumblo.com udp
US 8.8.8.8:53 stun.gradwell.com udp
US 8.8.8.8:53 stun.budgetphone.nl udp
US 8.8.8.8:53 stun.botonakis.com udp
US 8.8.8.8:53 stun.2talk.com udp
US 8.8.8.8:53 stun.wwdl.net udp
US 8.8.8.8:53 stun.voxox.com udp
US 8.8.8.8:53 stun.voipzoom.com udp
US 8.8.8.8:53 stun.voip.aebc.com udp
US 8.8.8.8:53 stun.node4.co.uk udp
US 8.8.8.8:53 stun.jumblo.com udp
US 8.8.8.8:53 stun.gradwell.com udp
US 8.8.8.8:53 stun.budgetphone.nl udp
DE 77.72.169.212:3478 stun.jumblo.com udp
CA 216.145.109.98:3478 stun.nas.net udp
CA 66.51.128.11:3478 stun.voip.aebc.com udp
US 216.93.246.18:3478 stun.counterpath.com udp
US 70.85.220.74:3478 stun.wwdl.net udp
US 35.190.13.203:443 aux.fqtag.com tcp
US 35.190.13.203:443 aux.fqtag.com udp
US 142.250.31.94:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_2148_GKQSRRTSJABHQVQL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 786c4894e2393c2a6df8fe0fd6aeee3f
SHA1 2242cd681f699ef3d642ed9ed1f202dbf6b0c1b0
SHA256 258ce3bda497a9ddf8e00e70ab2b08608c3f3211aecc90348179eea95be084a4
SHA512 73751c1624a8a7e8141c387159a700f637e4fed6f5974d7402fc4faf4dd72c0779eae74049746098ad2c05765fa97329c51e9cc5f422c02abaaa92035aa991db

C:\Users\Admin\AppData\Local\Temp\scoped_dir2148_818305957\5f5bae42-5809-482c-b5d1-48d9f7740451.tmp

MD5 eae462c55eba847a1a8b58e58976b253
SHA1 4d7c9d59d6ae64eb852bd60b48c161125c820673
SHA256 ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad
SHA512 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

C:\Users\Admin\AppData\Local\Temp\scoped_dir2148_818305957\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 295c5ee8edbebe0f5828f9e3a74fda6a
SHA1 a3aed7e728e48704b928df516b4f26f242495936
SHA256 14680712165cd59a5fcd32513fd7745768a0a48a973e686e1e30e51ca5c5f272
SHA512 d5967ab2557d1a962fad95746e7191bcd938f752492f15e10c9cd685d324c29a65c91baa416ce3ed7c714dcae997ef59e2e7d745753a8c462653235500fcfcb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bf1d98626f1cbf145214263a2f01cf1a
SHA1 9924a96d6af677916259e4c7c2cd6740ef733228
SHA256 4211cb4710f7369cec4e369c9b64f2355149d616cdd269838dadebd147ab4ff3
SHA512 a65cb18ec25e9d926aac9390acabdeece3913d44b1280a3a693079e3150e3b270150f81fb4e0d5afd096606128cb89a8511d6124dc56e406c86c2993d0d8cc2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6c00ed8aa754f20843d5ccb92cea2356
SHA1 64c6b97ea8dc6d54a7c770eeb2baded323193ea3
SHA256 67ad69e578f0a24dec110ac4e430ffa65ea4cd3c154f7839c60928841b35becf
SHA512 3afcb3024b7308063c3522ca86586d0a68a0745ee9e977a2da1fa62461842fba8d7c9f5854890468f894477f64e98cc932642b91f926ffd15c8f302cbc919f8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8362cb070abe9c874e67cbf5526bb9fc
SHA1 d775af9428ee799d15029a65ea0d24e2cf52658f
SHA256 e488c1fd6b60c904ef76abc0358db3c7fb1ddfb2c2a76bf5c5ba7974a29f06ce
SHA512 f0a57eb032b35a41dbf64838247008c37033b6cc259355a606fe90903faa1b3e0526241ef5db2a63a4d10180b7e652c0eacc2a8f556f5677b9d45921919f1518

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 554d0cd517c0dab17385893e2b3744e5
SHA1 b890395e51d40ddc3bd02137210e4ae6f70d9495
SHA256 e4ff058ccc556dc4adc625b724c0efd9ab19967f5297cefa13a73ddcfe3058ce
SHA512 92b1c1e0a6ba01112eeca233da924dd5e43c7c54c48283f8170d077f3625918b413580d2e0f77486316109487e98c5c06d684d912bd07de9f21ab63d6f1d7265

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 37b06f39397218b103c1db75df6efe92
SHA1 fd66e2bce3cd3cc2abfa9329e108dacd7e90ecab
SHA256 3a33281035379ac98fe6d7ca9aba4f4d935c1b877c0e78cdf746cc712764dd2b
SHA512 8c7083157de07b268b59d2486c313adb3855ee924ecee3a4fff073a664e879b3f6f09c5569625ab6a9497505127ea5afbeec33f3ab49423dc6e5eef639546632

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aa17423d5395b6acc1cd3da4d3f12516
SHA1 6dc8bb50fcd737fc476dd9b6bc68ab37e85be04c
SHA256 707940c59648a8f480f7c45533670bdb2b1fd2835ca188704bd6e1ac09116568
SHA512 4e9d62d04f9e7f58bdcec8d25eb1d56a36506f80da60c257ebc0767f85042e4009fb389f605913f8caa77108f3f8b322eb9d4d2419229def82477c22a5ad4b4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 212240be275c237fba8568cdf8de6570
SHA1 6478dee4f64d3d259bf334878d0991a057361f00
SHA256 ef62bc4d2de4e59dfec9e4552cee13a57dad3a0a17a366026dad2770b2867c4a
SHA512 cd1f238dc25cfbe52040672b85daa0aae8fccf61da1c19ec5c9eb2f3550fce5f11f5ede5a0597f9ac3f600c9c250ac1ccd11982b7bc7afe9e4f49a0d2806c81c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19486d2cef870818db4d596ba6724da9
SHA1 4b6feb93ee82c62949de1765db6343ddb13148a4
SHA256 8dd7ca320ae24f06b213541bca770e89318c1ddb13f4dc2857fb4c78c733124c
SHA512 892fbc3e5e542650dab3547214910b3b8e005abf9b4e97188e710de28ed375b710389678e65ab7eaf4a247c8b6342e853186b258c35ce41943c2da12e2c743fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d3cc3507403e3d4c76120331ef05fe88
SHA1 a7b46c53626f294808198ae7d7352e5fe69d5234
SHA256 ba82935780c2d8f79cc959d699875a78915b1473bfe4c4dd9b03516f24c93290
SHA512 3f03e7d2de760fa5ed1d76ab52cef720272310f9ac5eb4be6aaab8395812b67ff1525b69f67f99afa2eab638a3e8b91e1d3bf09c08fda6c2606095d8b7dbd2b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 07078a5a260d0773b89d1709fcc113f5
SHA1 0ba42e458c8d37cf2e3e97dc11ac46cee89fec1f
SHA256 273b4ddb247fac2c390d03947c6a836b4d246aab435d19d601a8a1b623ba436d
SHA512 f8e548a50b76a9b06ee4284bff2d672bdf93f3d3bf4c79efa8dfa35bfd3d9dc33e5cf570e191933aa7c55b0569743d9c6a82508a11c3445ef916741cb55b5b08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

MD5 a7a2f6dbe4e14a9267f786d0d5e06097
SHA1 5513aebb0bda58551acacbfc338d903316851a7b
SHA256 dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc
SHA512 aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe645b8e.TMP

MD5 71101d73066d176c84ac40cd4dbb01fc
SHA1 8033dd290be33ca3ec5ec6f121340e5ef7210b99
SHA256 55f85ecc84e2f15898d09c153461a787c3eb84a5176f73067d59a5d2031f3649
SHA512 eb20e3a45617826ac9698c51f1a97b48019bfe239705af36c127aa4ca6e40123ba8d4149f1a7a0000d01c226eaa35a113db70498eedf6e3381de87874976c8f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8e70063725e34a383f6c29ece0f4a31e
SHA1 95c815b95666f6bf863ded5a9f10f982da055609
SHA256 befb95c355470729072e970753c60f0a68bd060698b6fb7a5f8db825186f7f01
SHA512 8c8c5f11862d26dc82a233a3cc6a01a65274ff4327fbb6e38e4b672d95be875660bcf607bcd16c535d7550d99e42e5b09e7fb6cdb5f751b8386f7e3881078006

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a9f0862fefc64b95467a791f14de32fd
SHA1 84ea5c52ed1ccecea4810a42ef10c401053c7c8e
SHA256 9122c63b8721e5c92058b774fdd771de0472486314a0c60bf327dc275e834a3e
SHA512 9c38b48156f3129cf9c38d17f9b6996d8b02a557548d63a213c7d5b1b339398526074df60ade6c49dac9a5e66fd8af8337a7fc06415a6211d3c8cf1c1cc3d0b0

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad2cba3c9e95ef9c425342be30435d83
SHA1 85496e5d80112fe1bd4f9e3a655a5a7bc1c80f2a
SHA256 b4517c52a7166519fc9a4ec1633e38ef3de673a820bbfa796d01768e7c2a9009
SHA512 c434bb2ac366532623f4ebccdcc2caa08c9f217ae40dfd09313b14f16239901962f4d232a5798e398ab7f85feb32584ab4f72c55bc17d571bcf7656b7ea44093

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b4133f866767c09986da9734fb9e0f22
SHA1 3b522b9ce63db4d70e8d77957de13a2f5fd9e383
SHA256 4d34cf40b06fd9e94c610b5220ca8f6fa4c90e54d9ff3fc9cbf356ac332356e4
SHA512 4c69915af6f9778e5a3133b42fcdd978a997e43ac329b8cc84480b54037264c38133ac4a567a05129454308ec5be8729751e81fb1d31ba0483d4fac2ee9d96f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dd7ef1df2eb06e6d4d84939913c65278
SHA1 1ec38f6c1883b15769d34d2af1af703484eebba4
SHA256 5589b3b3a0c19575d75d5289812d8e8c762385b24eb2ce33bc0f6e375ba453dd
SHA512 ca09d9e5b112669348bc7b4f8a5a1c09fbce208cbbd634f006e94f4e7393ae33723a0cc4863c31efb1758a1d585042485c3d2ac898cea023ed5fa8f3e65fbbae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ed94e9caca1ce0069bd4bbafc9326b68
SHA1 9ec132092bc614ceac76269f3d63557ad3953793
SHA256 a0b50113ca141cbea13bcdcd3e594585e650560bc57ddd11fc8270f293a414fb
SHA512 aaf6a7268c6a12954977153766c8b3aaa478bb6f9a952c27cb9ff4150826ebc5621cbbe2b3842579c56031e0aa1c17811871ebb52ef0e9b9f7df93731be4dd32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\360cd95c-1390-4360-a49e-9e6c3d927f9d.tmp

MD5 3a2d4e157402b37e34ca1df3a553ddc4
SHA1 56c1ee0dca9be2532b46c2145973e17e5b27f156
SHA256 33b5de7bfe0fdfb7dc83297f8e030a5b010465b971bac51bb3f3665424de5171
SHA512 2837f538629da8a6c63e6b8a7f021f887cdb52c3aeca92b1a7e8dcc1b7bcd10ebb10b9c818c1262b88f350cdd6b0b7f6a01ac93266a22fde64926fdcc54b8c5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 066bbbda7059b85adcff7b74f19ba9b3
SHA1 e9927ec4c72aa1205a863c88f5979e7110d4e81a
SHA256 6b4ec160cc52f3b678787f49104bf1608fb3dccbd3565155065f8cb2bc2f07a7
SHA512 33acead07be1fac6473cd8edb3ee439eb5b5e073b28d822336e087d5d0dde6b417e3394eaba0c85039cb3a04b64420784df38fe0c237df4da34c5695df2f66a8

Analysis: behavioral17

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:06

Platform

win11-20250217-en

Max time kernel

667s

Max time network

684s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-stdio-l1-1-0.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-stdio-l1-1-0.dll,#1

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe

"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications

Network

Country Destination Domain Proto
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/3112-0-0x00007FFC8C0D3000-0x00007FFC8C0D5000-memory.dmp

memory/3112-3-0x0000022F45F60000-0x0000022F45F68000-memory.dmp

memory/3112-2-0x0000022F45F30000-0x0000022F45F3A000-memory.dmp

memory/3112-1-0x0000022F2BCC0000-0x0000022F2BCEC000-memory.dmp

memory/3112-5-0x0000022F476B0000-0x0000022F47758000-memory.dmp

memory/3112-6-0x0000022F47340000-0x0000022F47362000-memory.dmp

memory/3112-7-0x0000022F473A0000-0x0000022F473B4000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:06

Platform

win11-20250218-en

Max time kernel

831s

Max time network

881s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-string-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\api-ms-win-crt-string-l1-1-0.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4296,i,15097001321230888692,16543789583043501740,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3344,i,15097001321230888692,16543789583043501740,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4632,i,15097001321230888692,16543789583043501740,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:14

Network

Country Destination Domain Proto
GB 2.20.12.74:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.192.18.101:80 www.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
IT 91.81.129.181:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
IT 91.81.129.181:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
IT 91.81.129.181:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
IT 91.81.129.181:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
IT 91.81.129.181:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
IT 91.81.129.181:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 2.18.190.173:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2025-03-13 01:50

Reported

2025-03-13 02:06

Platform

win11-20250217-en

Max time kernel

435s

Max time network

443s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.ja.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\bin\Monaco\vs\editor\editor.main.nls.ja.js

Network

Files

N/A