Malware Analysis Report

2025-04-13 23:03

Sample ID 250324-d61nwsyrv9
Target Bruter.exe
SHA256 1e1544521f5edd419e91a79e6ba9f210cb0ac4eb1eab24c1bd76e48f72835312
Tags
xenorat discovery rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1e1544521f5edd419e91a79e6ba9f210cb0ac4eb1eab24c1bd76e48f72835312

Threat Level: Known bad

The file Bruter.exe was found to be: Known bad.

Malicious Activity Summary

xenorat discovery rat trojan

XenorRat

Xenorat family

Detect XenoRat Payload

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Scheduled Task/Job: Scheduled Task

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-24 03:37

Signatures

Detect XenoRat Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xenorat family

xenorat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-24 03:37

Reported

2025-03-24 03:42

Platform

win11-20250314-en

Max time kernel

215s

Max time network

216s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Bruter.exe"

Signatures

Detect XenoRat Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XenorRat

trojan rat xenorat

Xenorat family

xenorat

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Bruter.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133872611637785174" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5764 wrote to memory of 5996 N/A C:\Users\Admin\AppData\Local\Temp\Bruter.exe C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe
PID 5764 wrote to memory of 5996 N/A C:\Users\Admin\AppData\Local\Temp\Bruter.exe C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe
PID 5764 wrote to memory of 5996 N/A C:\Users\Admin\AppData\Local\Temp\Bruter.exe C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe
PID 5996 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe C:\Windows\SysWOW64\schtasks.exe
PID 5996 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe C:\Windows\SysWOW64\schtasks.exe
PID 5996 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe C:\Windows\SysWOW64\schtasks.exe
PID 676 wrote to memory of 5368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 3440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 3440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 676 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Bruter.exe

"C:\Users\Admin\AppData\Local\Temp\Bruter.exe"

C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "Windows_Host_Proccess" /XML "C:\Users\Admin\AppData\Local\Temp\tmp7177.tmp" /F

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb0e6dcf8,0x7ffdb0e6dd04,0x7ffdb0e6dd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1904,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1440,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2220 /prefetch:11

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2372 /prefetch:13

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2364,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3288,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4336 /prefetch:9

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4660,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4808,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4696 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4948,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4956 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5332,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5344 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5520,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5560 /prefetch:14

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5688,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5584 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5824,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5804 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5640,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5652 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5528,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5648 /prefetch:10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5648,i,5381579744664391697,15114954668442113887,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4384 /prefetch:14

Network

Country Destination Domain Proto
US 147.185.221.25:36426 tcp
US 147.185.221.25:36426 tcp
US 147.185.221.25:36426 tcp
US 147.185.221.25:36426 tcp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
GB 142.250.179.238:443 apis.google.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
GB 216.58.212.206:443 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com udp
GB 142.250.200.46:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 147.185.221.25:36426 tcp
US 147.185.221.25:36426 tcp
US 147.185.221.25:36426 tcp
GB 142.250.200.35:443 beacons.gcp.gvt2.com tcp

Files

memory/5764-0-0x0000000074D9E000-0x0000000074D9F000-memory.dmp

memory/5764-1-0x00000000008C0000-0x00000000008D2000-memory.dmp

C:\Users\Admin\AppData\Roaming\XenoManager\Bruter.exe

MD5 b5b33c70e1d697300ecdf91890578b81
SHA1 0114e3e5c45e627aa81041a5b0209caaeb52b300
SHA256 1e1544521f5edd419e91a79e6ba9f210cb0ac4eb1eab24c1bd76e48f72835312
SHA512 b67552c461bfe3219986fbc559e0ef7d9453406fff5a9abe4240a12d10152973ba19a575a6b0c632456213a24ce2c8dcadd8ba29578cf0d91406c3a023a6b4c2

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Bruter.exe.log

MD5 1294de804ea5400409324a82fdc7ec59
SHA1 9a39506bc6cadf99c1f2129265b610c69d1518f7
SHA256 494398ec6108c68573c366c96aae23d35e7f9bdbb440a4aab96e86fcad5871d0
SHA512 033905cc5b4d0c0ffab2138da47e3223765146fa751c9f84b199284b653a04874c32a23aae577d2e06ce6c6b34fec62331b5fc928e3baf68dc53263ecdfa10c1

memory/5996-16-0x0000000074D90000-0x0000000075541000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp7177.tmp

MD5 cd54f5aa043f13b23cb5ec297bf62ed0
SHA1 cf958f023483135332850a73ed1c1e8c3007a018
SHA256 d951072ac739f6b8025d956b79e165e5fe5daf785643b6f3c6f888d3c3013fe4
SHA512 8a74beadd7b30de89f0658fb3b6f4360fecfb76f92e860936732b0b16d576df9f7dea4287d6943e87c3895769f12148b73a5b5ede74701b80d7982789c3550d1

memory/5996-18-0x0000000074D90000-0x0000000075541000-memory.dmp

memory/5996-19-0x0000000005960000-0x00000000059C6000-memory.dmp

memory/5996-20-0x0000000074D90000-0x0000000075541000-memory.dmp

memory/5996-21-0x0000000074D90000-0x0000000075541000-memory.dmp

\??\pipe\crashpad_676_WTRHUPZPVGPIVHPD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6dd29b84038534a446a8480415d8dc52
SHA1 42d33ad0560a2cde06dc2eb103f4947f01cce75c
SHA256 683d0465ae0917f3d524f2500b3e4290e55de8dda7a04506631ebc18e60b459e
SHA512 a37732d50f0b8bdef887ae5ebf7dbceed04b351fd9019b07c1a339c574106f6ba1e5e35bee2a5f91d8eeb93eb84e4a1e4c2529de202b0d07d5905dc1b5122a4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 83a39ea144e4a45a12352d34eccaf4d6
SHA1 4e5a8f3c6e670e5cbf6149f2f2601d10762a9368
SHA256 88caf3e94d23b5d7dab8c793f857d0e4a1ae0fd5c0e54cc72882dfbe7a860fec
SHA512 671b4b30fe77f96793c89b2622124e12696a77bf2690159a5601637d10c4b019bb06e66f46ad0c4231643759124f814c19d74109ee4b3c90561e6c7b898f041d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 34adbe5c3791a48e9bead97f5819ffd9
SHA1 be7828fe1b67452c209a55028b3a8e6bf8d64643
SHA256 bf165140706befdd19b12fdd53ad2365eb8625050ca18a9da61346d66e237532
SHA512 91b65757e69b0b60d9877f8a87a236ba065733b5f5fe5a47fd426ca62c3b474674b105683f035e5da01332ae3104865c0986b7c5a5e598389f0ebab3afc37dc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52d7086ca300dbbc3322e916b21ee282
SHA1 5ebc6f042ba53d3dee70c70413a765f68a9f1018
SHA256 d28a94d64ffb0cf5f866609cf239343756c0d03401dd76f74106141e12a497d9
SHA512 3a48a42b6fbada11c081727812215c656ff65a970e97fd3a87d160bfb2c85c1d285b1dca9afad0b7747872d9e417bdeb6fad8fa7fdecaec24d40e4c6508b914b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 8bb95c038ebb98b20b6450c9cdf31bd1
SHA1 66835fc27e2353330109e3df70d4330033670169
SHA256 68e999c9b27dd67ec5c19cc95fc17adb60e444550b7bc9ee0143df1a53079045
SHA512 d3d5c2a963e2c94a7e66fb3af8ab51eb98fafb5aadd1e8e1d9c1a317d6ecd5726df47b81697153964ad64c10ba4b04a3ba4777b6965d64bea219dd7a44578c74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582ad4.TMP

MD5 cebde69eb7fddb7834ebc0efc09e0c2c
SHA1 dd5bdf1204c35c9d6d17ff2f5f815ba58b6811b4
SHA256 2d6fa49d815edf095b1b7e7c8950875329f0350948a4ef79a04b9c9d58a5bde4
SHA512 c60e52b140e2e0492e5098ecd362d82435b54ec3a6aa238437fb311f845b65facf4a847e61df9ee14261b9f0f206bcc22204c3c14df547181ddf274d33a98164

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 147bcec7869230b0500ba32e45a3b26b
SHA1 a4e36349debf530797aad051d197ab5b3c44fe63
SHA256 9935ceb4f6c30de99c5d6876d5c244e0a67556bb97c2db3c32e2c808fbfa3d79
SHA512 090b38599f3008f5b00c7a748746917c867391ec45dfaffbf013346e32075535247527b80b0c2863f9e00be09492d2b5f334a7c6aeb11400c727c473cac159da

memory/5996-114-0x0000000005940000-0x0000000005952000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76755221cca0526ac622426c6443f546
SHA1 ffe014688b8da7bfa15e29d1085c2e792c6f77f9
SHA256 5154edd670ee964c944ecad226a81dd49a9b389c97498dbd0b0c96ee5eb716c4
SHA512 d0a0b723551011480b657038312e9b88d03d288ed7461aaadc3dfe3481cdea98429d00446b62ec3b3575912bdebdcc0e64ad5d41c0d411d9040e816b02c70925

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 783f82985af3f940acaf9bc7ee37e78c
SHA1 385b99d8bd249a0cf754ef5ec220fe715395b4f4
SHA256 42a32f06f4a9e6086ba9f26409e05db0eaf7a8cc4a319909da3033821df20d91
SHA512 40afa0435deb35c5fb02f06c33ecff6d847cd135e6db1ca852d2689d544064caf81d0590b539488ec2343d108c4e226d9ec09263b067009987d8e28cf8e064ca