Malware Analysis Report

2025-04-13 23:00

Sample ID 250316-ktzpdsznz4
Target https://github.com/moom825/xeno-rat
Tags
xenorat discovery rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/moom825/xeno-rat was found to be: Known bad.

Malicious Activity Summary

xenorat discovery rat trojan

Xenorat family

Detect XenoRat Payload

XenorRat

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

NTFS ADS

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-16 08:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-16 08:54

Reported

2025-03-16 08:56

Platform

win11-20250314-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/moom825/xeno-rat

Signatures

Detect XenoRat Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XenorRat

trojan rat xenorat

Xenorat family

xenorat

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-tokenized-card\id\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\wallet\wallet-notification-config.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Tokenized-Card\tokenized-card.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_1056180051\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\hub-signature.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-ec\ru\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-mobile-hub\pt-PT\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-shared-components\fr\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-shared-components\ru\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-shared-components\th\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Notification\notification_fast.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_1056180051\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-hub\ar\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-hub\pt-BR\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-notification-shared\pt-PT\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-shared-components\da\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\wallet\wallet-checkout\checkoutdata.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\wallet\wallet-checkout-eligible-sites.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-mobile-hub\en-GB\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-notification\de\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-notification-shared\el\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Wallet-BuyNow\wallet-buynow.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\wallet.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-hub\da\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-hub\es\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-hub\ko\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-mobile-hub\sv\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-notification-shared\pt-BR\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-tokenized-card\sv\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\wallet-crypto.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\wallet-webui-992.268aa821c3090dce03cb.chunk.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\buynow_driver.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-ec\fr-CA\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-ec\pt-BR\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-tokenized-card\fr-CA\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Notification\notification.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\vendor.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Wallet-Checkout\wallet-drawer.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\wallet_donation_driver.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\bnpl\bnpl.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\edge_driver.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-tokenized-card\ru\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Wallet-Checkout\app-setup.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-ec\fr\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-ec\ja\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-hub\fi\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-notification\ko\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Notification\notification_fast.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\webui-setup.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-hub\ja\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-notification\pt-PT\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-shared-components\pt-BR\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Mini-Wallet\miniwallet.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_403242955\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\driver-signature.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-notification-shared\de\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-notification-shared\ru\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-tokenized-card\it\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\app-setup.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-ec\ar\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-ec\fi\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\sigma.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865888664410904" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 78003100000000006e5a89711100557365727300640009000400efbec5522d60705acb462e0000006c0500000000010000000000000000003a00000000007f18ca0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920535620-1286624088-2946613906-1000\{A2ED8966-298A-4ECD-9172-0B0DD7B9862F} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 50003100000000006e5a3878100041646d696e003c0009000400efbe6e5a8971705acb462e000000385702000000010000000000000000000000000000000d52f400410064006d0069006e00000014000000 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\NodeSlot = "6" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 7e003100000000006e5a1a7711004465736b746f7000680009000400efbe6e5a8971705ad3462e000000425702000000010000000000000000003e0000000000196ae1004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = ffffffff C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Release.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A
N/A N/A C:\Users\Admin\Downloads\sigma.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\sigma.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A
N/A N/A C:\Users\Admin\Downloads\Release\xeno rat server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2376 wrote to memory of 5832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 5832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 4672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 4672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/moom825/xeno-rat

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2b8,0x7fffd946f208,0x7fffd946f214,0x7fffd946f220

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1860,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:11

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2380,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=2808 /prefetch:13

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2420,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=2392 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3404,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3412,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4100,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4612,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5392,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5784,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe

cookie_exporter.exe --cookie-json=1128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6328,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6352,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6260,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=6724 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4676,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4660,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=5948 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5528,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=6740 /prefetch:14

C:\Users\Admin\Downloads\Release\xeno rat server.exe

"C:\Users\Admin\Downloads\Release\xeno rat server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2232,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5228,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=764,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=6404 /prefetch:14

C:\Users\Admin\Downloads\sigma.exe

"C:\Users\Admin\Downloads\sigma.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5712,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:10

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5372,i,9308685594545484067,7443763002262956275,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:14

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:80 edge.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
GB 95.100.153.141:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
N/A 224.0.0.251:5353 udp
GB 95.100.153.141:443 www.bing.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 95.100.153.158:443 www.bing.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
N/A 127.0.0.1:4444 tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6196981486afe014275cd59807c94804
SHA1 ed4b56bc206206487956b77a3f9845d0c99a20df
SHA256 6adb640c0d2e83864caece84f99d8e16600d1171829be11103eb05e9caea3d6e
SHA512 07fc0cce34780a67ab53b52a5d922c3f5d0e33dfe5425f0cae6ffc4e6e0df0b879f7b7b4465ab22b00b2e1295abfdacf42814181c3195c91925df642b084a5b2

\??\pipe\crashpad_2376_EIHXIKLDIMAIDCJO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 509e630f2aea0919b6158790ecedff06
SHA1 ba9a6adff6f624a938f6ac99ece90fdeadcb47e7
SHA256 067308f8a68703d3069336cb4231478addc400f1b5cbb95a5948e87d9dc4f78b
SHA512 1cb2680d3b8ddef287547c26f32be407feae3346a8664288de38fe6157fb4aeceb72f780fd21522417298e1639b721b96846d381da34a5eb1f3695e8e6ef7264

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 40e2018187b61af5be8caf035fb72882
SHA1 72a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256 b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512 a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 8a15c46e07952ab4d43549c6ac74fe4d
SHA1 f19b44c1f44fe6530f410ee0de651a320c7ae1c2
SHA256 8692f9c0e71af3ce116fe55ede4427ba5991c751b7abdf76194e02608a2c11c0
SHA512 8b8c40b3a143991e75042e5927c2f84a023b56fffc4c8a93fa513f1590e8cf404099c94ad44d0790d85db4b9255aed91de7e544dda8ff28b0636dbc85fff2e15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 85d270343f43d2d15f2f647bbd0477d3
SHA1 3c8f3b502821316208be73b6e5dd7d7bd8ec7d10
SHA256 7a557394f99575136feddb381c67ed114ae189e25d753e4c68790537d543db37
SHA512 81fc9f937096f6ba2ee737be0eb1908f34ba98511e869b96babd49d6b702cd1084ecdc5d991569437b1b06e9e22606c0c952f84eb74135bb27f807b486631d85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f1de14e4765e65c8d26704889155b3b0
SHA1 edf96a47413e10e6ffde1ecc335bd9df648e5c99
SHA256 3519a20f33e9fbe93a6a584d5981372cb95952969e2fae338aeda2add7fbb4da
SHA512 6a05f028c56a666e476c131360207d147fc96940f9c5d25155166f1222b39c7d6f2d2ff60143c1978ce121fdedbf125b054c1c89bd5ae74d6b052079b32a107f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 6aec1cd8e98d80c1280e7ea3ccb11321
SHA1 2e9acc5723819bcec9255bd9646d77c252567154
SHA256 67cbe7940719a608fa84a0bfc9c69404579b48501824b39a05c7b636efdcce42
SHA512 451d8c51dc83aad4b6a52bbabb8c58b4bb48d514f5ee0b2aa967915959ee99f5dabcd9349b619f2bafbf085d885afb801e8c5c6fd427508d3a1126e54233041b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\Downloads\Release.zip.crdownload

MD5 89661a9ff6de529497fec56a112bf75e
SHA1 2dd31a19489f4d7c562b647f69117e31b894b5c3
SHA256 e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd
SHA512 33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

C:\Users\Admin\Downloads\Release.zip:Zone.Identifier

MD5 cced52b34bfd2387c302c3d496259fb2
SHA1 a79d213261354f108441ff54499b139e3bf08f58
SHA256 0c5027dc525ff889968304a5303a2b4ff978be996cf7df2b02df1a01cecf47bf
SHA512 04080f3321d80560d749238073dce291ca35f2a8e61176dbd76ac4fa368f3436b848568ea746be85cd4c9acda145d8cb9b423ba44b7e624944b4de4024a5024b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e0ab.TMP

MD5 83a2c06e836a4032099f8bc945979a1c
SHA1 4c3a55d96bbc03d9874526a7e4d810fdb82bf333
SHA256 f3533bf4beade6d85266d8fb41fd88cbe019a0e57bbe1842b7f55f36a96ab1f0
SHA512 672f1c8c21d3c7806f548231557a6af5fc867fe9b8b3929a8f77e7ae90a01891bc589e44f311611b7c7655ee2493c9e465fc5188796dc66594ca303939687c95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1932dcd766171eb05b7c6bf64e596853
SHA1 b3ea8e6ed4385c19d3259b852202969e2cd3abff
SHA256 0f3141575606f463579206db0686a16430766ad7fc84b6d68e42e2e3182946d6
SHA512 7ed0e2143c0813e5f1fbf9523c5691710613f35340592561f754a2b47728294a4fa2690b68d45a1dd7451cc191ac51fbc17d817db1b61d64cd30c62dc5001144

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 297abd45537a2fd9e992e06cf6c28545
SHA1 a324adf05a62c98935337ccd8ec22a14a801b254
SHA256 e64148d689daa717a30352a14b4f04b68eecb5f4badf5924da58cc20ad198980
SHA512 19870be50e540cde86c353e45ad189da3b21c194b9ba58464dc0aebdd51959c39d09a5d3ee08678c45a88e06b24355871ecd635610a8dcc288e2c11cb0650907

memory/5788-466-0x0000000000F00000-0x0000000001102000-memory.dmp

memory/5788-467-0x00000000063B0000-0x0000000006956000-memory.dmp

memory/5788-468-0x0000000005BB0000-0x0000000005C42000-memory.dmp

memory/5788-469-0x0000000005D70000-0x0000000005D7A000-memory.dmp

memory/5788-491-0x0000000008510000-0x0000000008524000-memory.dmp

memory/5788-492-0x00000000085E0000-0x00000000085FA000-memory.dmp

memory/5788-493-0x0000000008600000-0x0000000008612000-memory.dmp

memory/5788-494-0x000000000A500000-0x000000000A522000-memory.dmp

memory/5788-496-0x0000000006F00000-0x0000000006FB2000-memory.dmp

memory/5788-497-0x0000000008650000-0x00000000089A7000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 64065c14da349859d9fcb92439ba1593
SHA1 8e7246c5c49b4750037681a1ad171873dc73f862
SHA256 694b2b6eaaf8b8b0bc37a3a3b762a2ce4f626586f49685fad11c2185ffbbdeb1
SHA512 4d1ba2c7987d0e7f3e469f812adc2812ae6276329b0e0c8bcb425057ae55f1de558c5a586e8aeb952579ea9302962184b2b8e6aa4221db1ea29259f89985ac9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 66cc7c631193dcfad2d6c27c69aba63d
SHA1 d91d714a5432aa3d449191c6e2ba26a9755c91ce
SHA256 7caf0c3b05a67527cfc6e60d464bb0d10c823ca6e264a91c22638bba3ce0b361
SHA512 e0eff8c02b9d87111c49d2efc5ee065dc27674b12fd2d66e769b69c39f5ba642c82cb2eb63918ee1ee3fa70349c4223f6e4779af200bca60484aacffed84c6b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 6b75532dc5c9446c34c23af2d93961c1
SHA1 e76ec3fbba8e737f1f8eb952a1a3cbb6bff6f4f4
SHA256 ac00a90f4eea6deb9a1db8a7246f6a6907922336942505ba496636ef7ae72e3f
SHA512 a6fc544f0aef133daeeb9160d8c6da2bd4f04079521deac133ee128a269631f448190a69944211483990b6261e0de739435f73b07dea6420f4c5814df674ea94

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_403242955\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_403242955\manifest.json

MD5 c3419069a1c30140b77045aba38f12cf
SHA1 11920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256 db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512 c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

memory/5788-547-0x0000000009300000-0x0000000009424000-memory.dmp

memory/5788-548-0x0000000007080000-0x000000000709A000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_707676389\manifest.json

MD5 ffa5fcfeb00002903f6cf667e9fe6a3c
SHA1 ad765ea344c8cfd95a591da8259fe412e52d13b0
SHA256 dd0679c622258bad2e2ddaec3470297259dc68b55b8c4f4d7f2f28a378826217
SHA512 8da9b780e9bc6785efbd56b51a4decc8703c9f1d41b33469153cc0aea8190c1b6a9001128c6022756a66ee539086ad6f787da84b6b7082dc51939077365e7beb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.16.1\typosquatting_list.pb

MD5 c3ec8bf0a625c2583833a3340825f1cb
SHA1 582054710a312897117128ed59ddadc983525eb6
SHA256 7d10e035e0b2e152a1fe32a92b0b34295a979f7db2269cfba69d4aaf3401b77f
SHA512 175125259eb39225d0584fa4e3c5cbfc66bd22646cf32677f0eb7514a0abeb2c08118375210a69207be85e6e7ebdd9b6fa9a967d3c4ecd40ecd514e306873c6e

C:\Users\Admin\Downloads\sigma.exe

MD5 42faf67435979c1245010683d8e916b5
SHA1 b93b780736398c6e4001c150276ccb24982ed67f
SHA256 eef18c81faeee1877aa9cd8d8aef18b643a434fd3da221cc724070ec863e5fcd
SHA512 ff0fd19b423da9c89a6729790f5f39bac4e2dd03d62ad8c8fcf9628afb7e57a58b0a4700ee8811ba6c6191390c7cf3816342852fb90fc583ba261fd4637fcd86

memory/1136-594-0x0000000000640000-0x0000000000652000-memory.dmp

memory/1136-595-0x00000000059A0000-0x0000000005A06000-memory.dmp

memory/5788-596-0x000000000A9A0000-0x000000000A9B2000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_1056180051\manifest.json

MD5 0df2306638bd60162686e9c4bafbd505
SHA1 ef9e16bf867f7950d5a30172e1d34d38686b0e72
SHA256 fd7b554588c5e72506a0bfed89bc298911a5649b9f5168ad7c1804d1c75de42e
SHA512 73fca229097631104cf352061d62455b6c5520bf59777520165719d2368b0e77f3ce66f52873fec53ac60e35274bf397ba321bc62610f0b7b172a7c5c4975174

memory/1136-666-0x0000000005940000-0x0000000005952000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cab3bc8b1e7928b52dacc5c230d2e84a
SHA1 973a5369873b12d9464137507459c6ad131f5a52
SHA256 96436bec568cc56f7b24620a1cef05701d811ef8e45d75bca75656771c609b98
SHA512 19ca93b7febb59457988d7b73515aac2efa93edbb2ee6913ebd197df272048f6d999c46bbd0cbc3870e86683c4763efb29286201321f62c0ed68be6e38402dca

memory/1136-686-0x0000000006180000-0x000000000627A000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\manifest.json

MD5 fde1edabd926edaf85bd8dcfd6d26f0d
SHA1 380c447a4df3871885c99d926edd1e689f247b99
SHA256 3bab6a96aa24d25d5f838199dff00837be00480f92a559d30a24f67334e02a2a
SHA512 acc5b7ee98a6652a74477d2a9b295ecdacfd0182b75931653d373fdb15c52d1d869bbe3a41e4a79db36ed91ed55c39c47526268b56b123e9b7f19479bbe8dc13

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

MD5 8595bdd96ab7d24cc60eb749ce1b8b82
SHA1 3b612cc3d05e372c5ac91124f3756bbf099b378d
SHA256 363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831
SHA512 555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\Notification\notification_fast.bundle.js.LICENSE.txt

MD5 7bf61e84e614585030a26b0b148f4d79
SHA1 c4ffbc5c6aa599e578d3f5524a59a99228eea400
SHA256 38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179
SHA512 ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2376_227479428\json\i18n-tokenized-card\fr-CA\strings.json

MD5 cd247582beb274ca64f720aa588ffbc0
SHA1 4aaeef0905e67b490d4a9508ed5d4a406263ed9c
SHA256 c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5
SHA512 bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-checkout-eligible-sites.json

MD5 16d41ebc643fd34addf3704a3be1acdd
SHA1 b7fadc8afa56fbf4026b8c176112632c63be58a0
SHA256 b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c
SHA512 8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-tokenization-config.json

MD5 ae3bd0f89f8a8cdeb1ea6eea1636cbdd
SHA1 1801bc211e260ba8f8099727ea820ecf636c684a
SHA256 0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d
SHA512 69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-notification-config.json

MD5 4cdefd9eb040c2755db20aa8ea5ee8f7
SHA1 f649fcd1c12c26fb90906c4c2ec0a9127af275f4
SHA256 bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd
SHA512 7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-stable.json

MD5 2e7d07dadfdac9adcabe5600fe21e3be
SHA1 d4601f65c6aa995132f4fce7b3854add5e7996a7
SHA256 56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a
SHA512 5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593