4e671c40d9d780b85f8a44aa50a5c175a9f2c2a0a530e450a981905713ec5378

Resubmissions

28/03/2025, 18:34

250328-w742ta1pz2 6

28/03/2025, 16:55

250328-ve97paywgx 8

28/03/2025, 16:52

250328-vdj9waywfs 8

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.65/Xeno.exe
Size

140KB
MD5

70797e0760472325728ba786ca208976
SHA1

8912f23afbe8b78a9582f2a458b89a7fd697e638
SHA256

20744d38bc27d656a095e57bef62a44f5f6317de3672020e8a4a1e1057545764
SHA512

787f172cbc18eeb4f8e88420377459f37918edc9aec0105566f9e79555a962d6e89d7d0d6b791475282b2c5fb093c9e85544794639ad2771d9ca4a0e5b456477
SSDEEP

3072:h+f4nYTC3LwjBzaQhlG4a7qWdCXdXxuZjwxfBoy:h+f4nKvaQhcF7qI+xuZjwxB

Score

8^/10

defense_evasion discovery trojan

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
292	1696	chrome.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Xeno.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
291	raw.githubusercontent.com
292	raw.githubusercontent.com
29	raw.githubusercontent.com
30	raw.githubusercontent.com
31	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876543606276453"	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2720	Xeno.exe
2720	Xeno.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
1044	chrome.exe
1044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4676	msedgewebview2.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2720	Xeno.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2720	Xeno.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 4676	2720	Xeno.exe	89
PID 2720 wrote to memory of 4676	2720	Xeno.exe	89
PID 4676 wrote to memory of 4796	4676	msedgewebview2.exe	90
PID 4676 wrote to memory of 4796	4676	msedgewebview2.exe	90
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5072	4676	msedgewebview2.exe	93
PID 4676 wrote to memory of 5560	4676	msedgewebview2.exe	94
PID 4676 wrote to memory of 5560	4676	msedgewebview2.exe	94
PID 4676 wrote to memory of 4640	4676	msedgewebview2.exe	95
PID 4676 wrote to memory of 4640	4676	msedgewebview2.exe	95
PID 4676 wrote to memory of 4640	4676	msedgewebview2.exe	95
PID 4676 wrote to memory of 4640	4676	msedgewebview2.exe	95
PID 4676 wrote to memory of 4640	4676	msedgewebview2.exe	95
PID 4676 wrote to memory of 4640	4676	msedgewebview2.exe	95
PID 4676 wrote to memory of 4640	4676	msedgewebview2.exe	95

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=2720.5932.1590232222187067982
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:4676
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff894f6b078,0x7ff894f6b084,0x7ff894f6b090
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1708,i,9899160770907554171,16620347137399141994,262144 --variations-seed-version --mojo-platform-channel-handle=1704 /prefetch:2
    3⤵
    PID:5072
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2028,i,9899160770907554171,16620347137399141994,262144 --variations-seed-version --mojo-platform-channel-handle=2036 /prefetch:3
    3⤵
    PID:5560
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=1712,i,9899160770907554171,16620347137399141994,262144 --variations-seed-version --mojo-platform-channel-handle=2368 /prefetch:8
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3564,i,9899160770907554171,16620347137399141994,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1
    3⤵
    PID:3872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8aa45dcf8,0x7ff8aa45dd04,0x7ff8aa45dd10
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1996,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --subproc-heap-profiling --field-trial-handle=1652,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --subproc-heap-profiling --field-trial-handle=2404,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4496 /prefetch:2
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4804,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=5104,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=5528,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=5184,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=5140,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=5264,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=5912,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5252,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3396,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=3492,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=3480,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=240 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=3472,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3280 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4552,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4508 /prefetch:2
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3380,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5572,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6680,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=7092,i,12938988957403724737,2364595340104931109,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
58c2dcdd1589efa8b5b85b9df4ecd453

SHA1
93e9d5e2b07601758b2e57d4e529a843d5d1f1e0

SHA256
e04a678659a15e5bde9d0e34a5d4b8df3e7664e13a7b8cbebc2dc9858e5c66f4

SHA512
629346407769d0fe287dac2755dfa6d5667e9e01b60015a8e37bedd134267260cff873e4dfe9b3d1a3fbffd2959ba394ece98e314c9d6bac6ed7e624ce22d83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
18KB

MD5
89ee4d8818e8a732f16be7086b4bf894

SHA1
2cc00669ddc0f4e33c95a926089cea5c1f7b9371

SHA256
f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82

SHA512
89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
184890c4dc382f77a21f3d73b2a25d64

SHA1
af5de4754a512503d64d9993ffcfc127b10c43ea

SHA256
e22a80ea20ab196a7efb2728f0f79b8052118404f396b98f681e9759ac7350b8

SHA512
9155ef35af2f7e9b48ca4a0902a2579e9bf25296224d16f319b4b4429ba631032de92d7120bc11d25d105500049162dc418c74a37715997d8d9723c1253697ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
67d810ef4bb58d8d27fac2aaf4f933b9

SHA1
88e8bb289caed3e3abc56df315e6321454fdd89e

SHA256
4e5b04a875905e9a9a9d551251047b58eb98b0a4510af1ee54253b791d668df7

SHA512
139916a06c0b9a441ac23e735e90bfb1236d84aab86ea9b5f54790e0c8386d418a91a0cfc1ea6d548d82386d47eebdc9e0659fe400c2e6846904e804caf3a01e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7cab0f9d09484d8f49d9c6ce74bb5143

SHA1
8ddb5eaadc711cf4f452c93de953a525528ee615

SHA256
cce19e6fa4fd4f6fb2a00356079fa947bff501e768269b3cfaf8438cbd3e34f2

SHA512
0dad56994838262e801ef7c72dd489d1f3e9698d55fa85063c3a35643d81f8a532b93140f61e36baaa4b7c2668c05f25799c3f22703e8c0e619871506c14e2b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0cc462cfd2ed0a97704c2e757699c59d

SHA1
37a266897b72d2cbb13b47d016d5259f4cad762e

SHA256
bc864af155a0c29f13a0eba9cc65cf73993aee1c8c39992b52d042e140097366

SHA512
2ddd656305bfff7ea9fecece08fd8fee94e02fec72579d2dcd0fd64203559a68a743c4c04d5e16ffef2f8d3bba28b0f5af9d95b4bd1c5c8d2ecfa9b107f1d367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ea14cb07f1b1cb16d3615e3456202950

SHA1
0ac91e3b536c536cde31ff05add68c7b1a1cac57

SHA256
d168ceb2a33bcaae08ab6dd0e64b4c05e03cc41ab660d31a7eea335f5a010ecb

SHA512
08e60c21a0b6bb36b98eb2fac2027f984669b914dbd78680f9f5595c277ca4eccd025c6a4f2e4b7e1cb9d42241cf33090ff444b37782d7f99be12494f2b42723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0dfa20fdce4bb2c1532bc4b13a5a3ca1

SHA1
dc56b8e070ac4d7644b52ca5a4a47adb77f87e0f

SHA256
6874d6a0afbd0f010b4b6dbd0e7e096c055d7274b81a211208d5e067007574c7

SHA512
29bd31b841985c514a994f79941b2d26179d38c39c43297928d7e8b7fd41982a807aa6d1fbdca3e9a745f01fdac9d7af91c50ffd6a102713074ec7329c037785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6500051b4fe47107971c700b1377d1f5

SHA1
beaf790565e4a0226705c8ef62d193df041a3ae0

SHA256
63ec44a99805aa28eec4378c77b89337743f6fb43d4dac91bbd49168c99e6fc1

SHA512
c2f7339dc246188745ad52008726d52e57e3c3cbc51e8ecdf1539e12423df78ca75970cb2527adfddfe23ccaca20a8ed6c3b302f723f1e882b9cdea923a8d6dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1912c7a4f77920e16df76272d227a927

SHA1
51599d4337f9f7063424cd9e5481fc0193d357a6

SHA256
3a1012c4bbaee1b1e2d53a93aeedb5d45db5a21f37bcf12ec5dcff65d1395665

SHA512
a4a12d2676b00ac794a44905d1b61be0fab30e4fef64b51ce63386533f75445e623f4bb2ad242121a3ca56cdaa7d338381e5858960de20cec26808e51b45da55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
400c823fef8b636092c4b49dd43c65a6

SHA1
95e5e6346bf27a2ecc9f8d375c35c2a68f919d1a

SHA256
3ddff33af9e1dd69059ecc738cb6a537b336484c2bea6416fea51082c94ff933

SHA512
e3d376c9168e9eb73cd5b6e83a71dccabc9efd189533689cc7d5be4a4728fad8801bc3cf066a7587c3f41ad5527855dcfd42972bddd24d459812a34594d34170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
97d5120cc3f76311f33af28b3255a995

SHA1
b2f54e2e28540afdbba77a7c913dae1a55aeec72

SHA256
3a3d0bcf6a791af4483871ba88f3e857fb389f8d59ecfe4ac5d1556246187756

SHA512
ed8f25d4747e3a1fd5fe07065ee34eedd0496611edcb4c38b2a506585d491a646184726df55cab9bb1ea3c2b1b2cced965f3cfe321b8a6574fa2c54176ca8034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
12e28e22d72b610b9303b0f3ce7a7a10

SHA1
71efe9872f4d8e34f44bf009de7484e1c1583e15

SHA256
a6707b15fdbb1b5831d201bbf50367c6c0ec56c85dd23df3c7a7577572c23a3e

SHA512
1905e417e45e97e771fb7bc8b8da5f8f64724559e2ee4f9d63a93818cb5e07c1ebc760dde0387e249150b7425a3c55250ff357a89e04be835f4175d88ac2a024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f73e784643526c536c2407d8c175e0d4

SHA1
0fa17988083bafcb7e3ae636e853dbb5873ecc5a

SHA256
b23f8a840314620190b425ab432c8beec33019fdb7cb49cbb1eb84b3943c056b

SHA512
2305255b9312809dc910cd20582f1021306124fc40d0e8c69a2a22f723b8c08664006fd2f60be7ce2d6298c31911097f6d3bbf9e2589c6383404d141ad6c649d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4b78d488c4561270bc484c24411b046f

SHA1
e77586a21f1937dfbf9677859340819731a4e052

SHA256
74b16708ad09d0e78a2813b32be9d532e0ea882cea1627a5bf826248a0643639

SHA512
4539bdef1cbdb7ebf7de6a8eba000984d86367e678b1c5935de88cd3d30d1342a9f8ba92e6e2d2caadbc4981bc290514ef51b873cf9c1f0860b22688e2e78056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8d0170125b9e76aebf69f825e2718003

SHA1
7e10fae42778c043fe570bc5b5cbe22e5d20ba8a

SHA256
f60dcc62694f57648bee413fbf832bacf716de1559a779789d08f8b46c2d3d8e

SHA512
79c059cc2b2c0047172e53a0a34656b6f82ad1fb26acd5776ed04b0935e0eff63f4bdc4a09d3c212777ecfc057f0dc230d45c3da8fa287fef3af2d83d15126ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582f87.TMP

Filesize
48B

MD5
69c3c19356d76b2e2bf1b81ae389a55a

SHA1
2641c1935fc4c1ab64b96b63392623ad8b97d133

SHA256
751705e16fa57271ae18347bbe1941f20d1b5a8da63d59b3f9277918e1dd52da

SHA512
9274734856de0bcc4ef728dfdd62da9514896e1634d69abf8cd066c796456c2fc900ae3003b8098d66d09ecc043ce843e64132bee995c52558bf19a81b5a1b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe58310e.TMP

Filesize
140B

MD5
a727934377eca1822a349e9b82f923ae

SHA1
01ccddeb20d305cedd5fdc10f49eb9684c9b4558

SHA256
414126f21558aa3f224af57c77c53430822f91b83d2bbbc8d04aeedbdc97a383

SHA512
8283e6d0af4c702c00e6d65d009ce7a45ae44bfce15b3d3e710e19f5c1f0196c5ee0c1372c597cfaf687a5fea6e287c86b846bf2037cf55a1d37772c5974c9f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
b21647d06e503034e0e60e0661549103

SHA1
a0aa5d4828115f05b2d8d9d35a1018b94ffc4dcc

SHA256
e98008d45cf2acf5f2d6ba12ac38263aa70e4b7761c2f29fe59c46eec91a2bd7

SHA512
afc35b747349b048d34131529e43ca7ef21d83be7b006d92c675a66684dc2cd023ab51af739886a93248c6213ccc77ef907191648b2e2e10a6b763974e50729c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
c345ea4f55e91627bed68369b43fbbef

SHA1
5e243980e9509f2d72522c99c041fd0fe6ca457d

SHA256
0e9d13d36681a414cc339aeca679693aaa535bc9345d88eaddff06b29b304a04

SHA512
6f7d3fe1f5d3e3e19e879c79b48de15a5723f94fc575106dc03ae06c0e52b03ea9a2da7093f54196d30676fa2f9d2beb510bbd5f294cab6bd3c6af6f99702ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
0a3e298b52aff360e867f6a131f4e712

SHA1
706970146dead62ce4f1383b46c25d5dd320124b

SHA256
491bd172d8899fb5b64b8cb873863bfc73840fe357f81a73e30184622b342574

SHA512
bf79174819896a5d4601f3358d2bb310fe65b6dfa88caa51a46ddeee9b7d3f816f3e43a1435de96c2a8628b43a408127330c68d09c22f45d9d5a190966493a2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\XENO_CACHE.bin

Filesize
28B

MD5
78d58a032761f1b9767ce9a961560a55

SHA1
16e75b82eb992b85361cfa782e2eac73f627717e

SHA256
895c607361d12436b3c82f8e233278f594d1de2ac032fd9534670a26f9bd5ce5

SHA512
4395ec8d0e057016daa654d94aeac4aea172814193ee9c3d5717093636db0972fea522a5e0596427b7c89cc2ab7f10c9be7c103b12b0c4151fc7b221d13e0f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
5cd5f2c6df6befc9682e5cbf8fa9a5f8

SHA1
1838764b1fdaa398b8f79e53755e5bf663fc5865

SHA256
7c8571468d572ee33312334a74a37efc9cc5e036b9e85f1e6711dc6011cf9754

SHA512
35a7c9ae9a3df02b1c087532b9e123c742d3dc5f8dde8265f81026d0582b17b685397b9c07c4637eecb4ece2b3168816754c500eea9b6247fabdf2176d685f71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
e745ec6e04bb0b87ab3878e6bb9f48b7

SHA1
8c0ea592f01029765bd18b4c910da35fa4798f37

SHA256
a7e7b326059ecc9ace4e1b71a4801a32ace2170142692832f774a0760e32c172

SHA512
7f5c0b39d0b35217813e19922cd5a63e5011b960b9914506d2eee23dd4b9a015042272b932926e9744732abde271b48541b18e596e3aa8dbb7b83fb7745303eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnGraphiteCache\index

Filesize
256KB

MD5
66b8f6ee1e1735f5fb8a7276e740924b

SHA1
5f2f4c158d7959d2a99f5e102cfbfff7543c24c4

SHA256
632cf5d373a6521f33100c4160517fe8da141d525c37c4c824e464660df84c09

SHA512
815f27a694cedab637240be3a7cbc3d2bf5d77752bc9b4d6eb27784b3a47dc6fd83e9203dcfe0eb6e413505e82bb44b32644ba47189920e68b7a5e7339760f8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
229B

MD5
5c9f79435fd36dd2a8914a542651f839

SHA1
81f4f5faf2f14d448626b3f49618d11fd4295cad

SHA256
153938ecc186cd98a2f1ebd1f53ae88cfe9d9884bd470e9166a53348a071fb2b

SHA512
0e7cf3372f919b11b0c6341bc4df2bb8ba5106463b06c74f0736b14755fa23a78db7e9b3111938570225435169bd01f7198b6124007defa77e90bbe21fd14588

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe57d570.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
d0abad67082b8cba986d8395ed28cfd7

SHA1
efe0a58ae05c354d25040d23d0db327c31dbbaba

SHA256
34f16d665cbf32d6457f3087cb4c774c5b92ee7461465b1a764a1a9ff673cdde

SHA512
efae775836774b301ac7a799de8796891f15ade63dfc08db2344732c529123eed880175922d9bfa72f54e29aad583acfa6c94c5ef7cd09a2d069724ea22a5114

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Preferences~RFe57d542.TMP

Filesize
6KB

MD5
5f3ca418d3853beae1cb219e583b6ff6

SHA1
f954388facc3b3420d3ea7dfbcda999fc7e42219

SHA256
e5e7601a2dd55a58ec3a7e4359e1443916e635b6aad9024838a1450a5620c7a5

SHA512
6cefe3a5fd722996aa00a4072db6202fef57f6f4ac63610b8aabd0c6d638a9993d238c09003a19a607f809a309eb8a675de2c014fccead301c8dd24b6dde0dc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
4744ac6524210f9facb9190c59e67187

SHA1
723d3674566feff354488bd5f3d03fd9ce8e0b3f

SHA256
431c0b4237625c6f1f6b7f2ffa34e65716357a5f20c4c214eaf73d27508c4bdb

SHA512
5d7f38d964c381445826748565e459f899aff1d3fc6e18b96ebfe8f926891583c224cf1429e7900ab0e7a682b326bd56adc2091e0ac279526c5ca2e7fe548b09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
b8c1e909e9fce1635c39ded087afd45d

SHA1
5f9fa04a916c0665fb6f3adc00ef4ec7257a925f

SHA256
74404a29de88c1dc50553fca609795456743f6eead4cfc7e185418cbe52f7b8f

SHA512
83bb61559ecf6ecbeda108a48976cfcac90d8396453f90113060c318208c483be5e87efdc5ddb78d47d93c42f618e818d799c907ee91e3ac32845ece07a563bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
f278d606760d5ed7a33ee080e828e408

SHA1
aa3d65d8cee8dc0fb641903304825b2fdf65e7d8

SHA256
812bf276c2a8320da05dbdbd24c3a47cc81f8573e98f63c084a92a039caa0ab2

SHA512
b488883764b0ea9a1f20f0b2fc82225ba58a66e10faa872043880d286c9e3ac2443eda8989d728a3cd73e05d1a98e7e36ccbbd746251643d660909acc5890fd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
9e995c60b3922bd048d64dd7c1e97309

SHA1
bc087859dd0a2aeb0e8e2d51bdd0122dc056a7db

SHA256
98bf614d01f4e09eb18e6ebed053cd324a1d06a1cb85a02ca60d613d6f216e9f

SHA512
ef09c010da9107c709e800b0f0b9a819f039f7f045412c74dc3c9ec9a8c15f720e4fa7049388669cf36f92fb01bad1d5fe66f7fc0047921544575ad42e6eacb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State~RFe57739a.TMP

Filesize
1KB

MD5
72aa70595db3345ebae1bc7602ce19a3

SHA1
d9a8bafdb2ec0579fcef59d6fdb7d9608053a63c

SHA256
756ed17e6b3db58749eafbc3f757bb128846f42e99a1c8da6b28417a75a4577f

SHA512
90008260b032991121d4ce827925f386efdd507880bb292e75de27b491f7b988bcd0867650afa65a951c814f3c11d6d5cc38847894e8a8e74a78ed984f48bdde

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5908_208756080\4e35569e-da0b-4a26-83de-bca4d243f8b0.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
memory/3872-159-0x00007FF8B83A0000-0x00007FF8B83A1000-memory.dmp

Filesize
4KB

Download
memory/4640-53-0x00007FF8B7B00000-0x00007FF8B7B01000-memory.dmp

Filesize
4KB

Download
memory/4640-52-0x00007FF8B8EC0000-0x00007FF8B8EC1000-memory.dmp

Filesize
4KB

Download
memory/5072-201-0x0000020D04A50000-0x0000020D04B65000-memory.dmp

Filesize
1.1MB

Download
memory/5072-35-0x00007FF8B83A0000-0x00007FF8B83A1000-memory.dmp

Filesize
4KB

Download
memory/5072-412-0x0000020D04A50000-0x0000020D04B65000-memory.dmp

Filesize
1.1MB

Download