xenorat | hxxps://github[.]com/moom825/xeno-rat

Analysis

max time kernel
270s
max time network
245s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/xeno-rat

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

localhost

127.0.0.1

Mutex

testing 123123

Attributes

delay
1000
install_path
nothingset
port
1234
startup_name
nothingset

Signatures

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

127.0.0.1 port 4444 pass 1234.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	127.0.0.1 port 4444 pass 1234.exe

Executes dropped EXE 4 IoCs

Processes:

xeno rat server.exexeno rat client.exe127.0.0.1 port 4444 pass 1234.exe127.0.0.1 port 4444 pass 1234.exe

pid process

6604 xeno rat server.exe
6672 xeno rat client.exe
3484 127.0.0.1 port 4444 pass 1234.exe
2880 127.0.0.1 port 4444 pass 1234.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

33 raw.githubusercontent.com
34 raw.githubusercontent.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exe

pid process

956 schtasks.exe
6988 schtasks.exe

pid	process
6604	xeno rat server.exe
6672	xeno rat client.exe
3484	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe

flow	ioc
33	raw.githubusercontent.com
34	raw.githubusercontent.com

pid	process
956	schtasks.exe
6988	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 42 IoCs

Processes:

xeno rat server.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 = 7e00310000000000a858e76611004465736b746f7000680009000400efbea8582d61b158158a2e00000078e101000000010000000000000000003e0000000000b8ae03014400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\NodeSlot = "4"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	xeno rat server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\MRUListEx = ffffffff	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = 00000000ffffffff	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5000310000000000a8580b68100041646d696e003c0009000400efbea8582d61b158128a2e0000006ee1010000000100000000000000000000000000000006624e00410064006d0069006e00000014000000	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 7800310000000000a8582d611100557365727300640009000400efbe874f7748b158128a2e000000c70500000000010000000000000000003a00000000001b3d6b0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	xeno rat server.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe127.0.0.1 port 4444 pass 1234.exe

pid	process
980	msedge.exe
980	msedge.exe
4088	msedge.exe
4088	msedge.exe
4628	identity_helper.exe
4628	identity_helper.exe
4480	msedge.exe
4480	msedge.exe
5364	msedge.exe
5364	msedge.exe
5364	msedge.exe
5364	msedge.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe
2880	127.0.0.1 port 4444 pass 1234.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

xeno rat server.exe

pid process

6604 xeno rat server.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4088 msedge.exe
4088 msedge.exe
4088 msedge.exe
4088 msedge.exe
4088 msedge.exe
4088 msedge.exe
4088 msedge.exe

pid	process
6604	xeno rat server.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

7zG.exe127.0.0.1 port 4444 pass 1234.exe

description	pid	process
Token: SeRestorePrivilege	5588	7zG.exe
Token: 35	5588	7zG.exe
Token: SeSecurityPrivilege	5588	7zG.exe
Token: SeSecurityPrivilege	5588	7zG.exe
Token: SeDebugPrivilege	2880	127.0.0.1 port 4444 pass 1234.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

msedge.exe7zG.exexeno rat server.exe

pid	process
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
5588	7zG.exe
6604	xeno rat server.exe
6604	xeno rat server.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

xeno rat server.exe127.0.0.1 port 4444 pass 1234.exe

pid process

6604 xeno rat server.exe
6604 xeno rat server.exe
2880 127.0.0.1 port 4444 pass 1234.exe

pid	process
6604	xeno rat server.exe
6604	xeno rat server.exe
2880	127.0.0.1 port 4444 pass 1234.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4088 wrote to memory of 3820	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3820	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 3148	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 980	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 980	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe
PID 4088 wrote to memory of 4476	4088	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/xeno-rat
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb923946f8,0x7ffb92394708,0x7ffb92394718
2⤵
PID:3820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
2⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
2⤵
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 /prefetch:8
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
2⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
2⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
2⤵
PID:3472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
2⤵
PID:3440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5308 /prefetch:8
2⤵
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
2⤵
PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3045137168414399095,6695308806585732261,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2820

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5340

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release\" -ad -an -ai#7zMap24726:76:7zEvent22304
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5588

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:6604

C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe
"C:\Users\Admin\Downloads\Release\stub\xeno rat client.exe"
1⤵
- Executes dropped EXE
PID:6672

C:\Users\Admin\Desktop\127.0.0.1 port 4444 pass 1234.exe
"C:\Users\Admin\Desktop\127.0.0.1 port 4444 pass 1234.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:3484

C:\Users\Admin\AppData\Roaming\XenoManager\127.0.0.1 port 4444 pass 1234.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\127.0.0.1 port 4444 pass 1234.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "dastffdsss" /XML "C:\Users\Admin\AppData\Local\Temp\tmp3CDB.tmp" /F
3⤵
- Creates scheduled task(s)
PID:6988

C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "XenoUpdateManager" /XML "C:\Users\Admin\AppData\Local\Temp\tmp416B.tmp" /F
3⤵
- Creates scheduled task(s)
PID:956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
4941b822664aa8d09ece332d77a5f189

SHA1
004384ebaf10025267dca80877d818a6ade5122c

SHA256
cb19d91e66deff5001930279cd8b91d628dd099ee88d875549c18e2832cf8796

SHA512
00c4c630c718a409c119b114a28a2bb70c2496361cc0c73d383dae5ec13dc67d8eb2e09c5c8c00d1a1897b420f35a9dde7c1d4e3415d67c6dca3900cfcd29dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
579B

MD5
5039ed8ffe582146bfc930077834a3c9

SHA1
b2cdb2e9b086f7f17661e5981822049c3c5620ae

SHA256
91bb039a714c5b3f304503fadf7d34996fff203333b3aafbad89db97c9d62cc8

SHA512
a3ed6b0c843d3d5b8538f12ec8f0b3e0c8fd0d6d2799e0d2f8d742378ce1e6428ae908a10b68409e5087c0fda61547951a6f264606796b61ea79e26bb6d129e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d9e5320280f6e3563ac3b08e6e74a8bb

SHA1
66a261178bd0b512d00f173fe3b7a60b4ecc41d7

SHA256
f02e3778d58f13517d8f2876ad7bf4b642a49ff881b3e592a9840cc1c27f484e

SHA512
06436acc6eb5747226cb874be70f0d7822774c6cc831d32007e3f7532576dbdfefdaaeca21967dff29ba57540547fa82526790775b96900502c9a94cdd2bf440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c454a5c247c605e543f4e695db163734

SHA1
b334bd32ad1e74aa11fe52e76977d7c3edcb9438

SHA256
f07af6577ab18da6683cace3fe72ee42c0a5f0c2cefae456caa70c94f1046922

SHA512
01641da14a1b25d47dc90dbf4a75795c32924b5853883c7773f92de5b9cce4ec97869efcf338439ac894b1a04ac1998d066664f8e46123e3668582c5d186ee1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
0eb3a8b578ae9ea8ad0564553969b503

SHA1
abf66aa3cde1a104dacc35fa56f27eabc22ee1b0

SHA256
c1db950530c85aa442f75f2ae86719c931a51775b27f88d7323d07887f423fac

SHA512
d1c86b60c1c3e95e2a70d436d94a08a2c8f9f2683c2caa17927b416a9d3a843127c8c6b6e3004b46918131c7df5cae8d9317ecc3f2eabd7d79624990cf473c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c5122448de3ee5668ef5116f7d7d7dd7

SHA1
58a58828a15eec218de34e73ba42cfa38ad3aab4

SHA256
368fe1a24ace044a89a7dedeb603608e248de8250ef6bc728bd84cb1c1aa1f0b

SHA512
d8e45f5ffcf698cda8e260902061dcb6924dda63ceef11c008ac0dbeddcc14514b3a60a5dc03ffd29900260fb1393a19ab950431c5e26d4dfb6f04b3afb29949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a393.TMP
Filesize
1KB

MD5
2fbc50e610d1fde88d740b40c9468284

SHA1
0e56795d108f9f3326507c1be34d7c9e2523eed9

SHA256
a60d9b63a7cf0fd1a565358f3c81e4f6d2fd8a1a10ccb60ea55f91ae5bf97500

SHA512
0df779497ae5341b82d830ceb0afbdbb7eec21114767b2ca986492d553d848906152cff3a180b7955fedbfcae92d55f30cf3e76896b8cf8a92a80ab5c38a4dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c321a6c3-4b21-47b5-b4d0-58e578faa1f1.tmp
Filesize
6KB

MD5
88b63bb311b2264905976d306f65d7b0

SHA1
fd925ebe24025f601a44b69494bd96f0e2287dcd

SHA256
a1f26151d3ae7581e705b134d455d99e9149a60fa8b0bade502a858c9b31cb9b

SHA512
7a97da63dc03c15be8822e1e58c840a36809a2241f8253f603b1162ed5134dc6d8b4d42a9e5a34d40608fabc3f1c6c1ce78917982c794b1cfb2ffe858acf03bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b055613848ce045fcb0e91a269dceb4c

SHA1
a09a85fc02aad77141f8fdff5bfe1f84e3eb8c46

SHA256
f2428fcf4d56af6b1b2bae84b9d1436825a18580af4264d943ef09e2272bcf78

SHA512
1bc3cedb12c4f37e27e43e2c40312a3144073d04f827d1b57677bc584aeeef16296fd3ab0b806262e86c72c0734ccf4b432fa6cfe35449b259ab81d741a2cb87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f15e662da80a7ed1b3398c4a79112485

SHA1
322babc9a0a9112e9eed9017ead62989b15e91a0

SHA256
558757028d2c3ccf8e726a3f4bcf612af7d0da1c437749244acbc65a55a5c011

SHA512
ff43dab7b224d85f0dd33b5d8bf818277184fdbdcbf608ab28143a41c2b5911cd8919b5759ef6e0e245e3fcbf80d5b2c71973ca4d3ea341c0e8ea29f626c970d

Download Submit
C:\Users\Admin\Desktop\127.0.0.1 port 4444 pass 1234.exe
Filesize
45KB

MD5
72b3da87e5bb2097aec7ae9335181b24

SHA1
d39fb52266137407a65ce22c175a87cf893d2d55

SHA256
a7a0fb3042732fb45c02c1692010d1cab3459e148b25864bc4862c1360903b62

SHA512
796efbf96310e53bb4483c09e1a136df1a397f4535ecb3dd64d10e09cefa7ca44eff62dfb7c31fc5e2506a0addd8562d688515e40abe4394a82f8a450e426f36

Download Submit
C:\Users\Admin\Downloads\Release.zip
Filesize
6.4MB

MD5
89661a9ff6de529497fec56a112bf75e

SHA1
2dd31a19489f4d7c562b647f69117e31b894b5c3

SHA256
e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

SHA512
33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ad.png
Filesize
1KB

MD5
68474a4935598753955993ccbd7062b3

SHA1
79f32a99fa7a3761d7e7b592bbac279c7a1d5559

SHA256
6e45d3cec2a17a9b9353b68288934e7c4931a36ec271b595750bf8441afae019

SHA512
631cb2594d55d14f3321cb1975cf7e35ee0e79d63c9eec23a39851849ef17cfb81edf74a6f906d92ef4dc9ed48c230ec7e3966e71a91c603beb6708f81aa90fe

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ae.png
Filesize
687B

MD5
0aad6b193a525af068832a5f3312dc3e

SHA1
75d2268655d2e9c2cfd39f4512c1ba46d701e91d

SHA256
6af9e1cb4e4c86a1d1b9f2fdb5c9a4eb554f4cfb674d8357f2e7e1086de4b4be

SHA512
0cbbdba73d929ff425b55abc437b82c8b56f29ec9a7b59573d134e3df5ceaf8bf928f0c4049f7a9b09638337cde8cc9cdcb0a823101d121ce99e57f5f5726cc2

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\af.png
Filesize
1KB

MD5
b438e2fcc22b7b7138a2270b0c46c11c

SHA1
a725f3930551e5d9ff2c719d1a159942c33ee659

SHA256
2e738e232ba262bd7b40d39f0a8ef1b68204381b0f5d97367c8b827aea9e83be

SHA512
01df36890f1cf4fff686ae1c16f2e18edb5fd2b88ba659e3cce651b3ffebe371e4dec1fb16b27c2714a6d4dbace1c7da9e7c59aff58579b111b444622eceff13

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ag.png
Filesize
983B

MD5
f16d86d6cd9efed9d56c4e27222225cc

SHA1
2e1a7b01df725adcbdde98b683a2788c68eeeff2

SHA256
8cf632b5d10c24e29c68082bdba8737269f5160360985f9c306e8b20940552ac

SHA512
5b970073ad7b7561311d83ab5bd8d6de5486be90fd6e4ddf0581eadbdfaf007926ae8747141cd2bcd243bc254bfe0eb2db0ea3db01759361601350759d426a8c

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ai.png
Filesize
1KB

MD5
2e5628753b22d149925f2edca861cce8

SHA1
eb12eec16eceaf289cb33cb4cd777b369d85e793

SHA256
d95df82e43d2e94018a777083e68bb5a00260912037fc02243ddfe3a0a377f45

SHA512
7db7b846c7710e8733928113acb9f70893ff16d06775c9862d03d075ad0fbe429a382df1f26ebd4836eefeabc1b8cf7734a7ef1b4b478c45cc2bf5ed2a1e8be8

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\al.png
Filesize
757B

MD5
8109adb0c3baf5d82c44385afb369943

SHA1
4bc749135d32c08bd0557bb67ddc98a858354835

SHA256
2e005216be2a847983ebe9a5a4b4ff2936c9008cc7c925ed7059350d4fcf370d

SHA512
56f8f92eef8b8ae2e79f0a3a3b08df2ca22da658cd417fc3928d0895058776536f33ae93b61be7032295c9dafbc9b369016a16be0e0a4aa3243ad60f3ac3ff1d

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\am.png
Filesize
887B

MD5
d833529f7fa3d6229f5d2022dfefd1e6

SHA1
6f46a741c8f13f4811fff2be726617cc679f5514

SHA256
484fb381d03d5e519fab2c4dde2b78f13e67594713dcf4083a55d713a1eddae7

SHA512
126c39597b26569f52757cd16796886f180b04d78182070a586852df87413205e01d4e6fe9e041da207011804fba3db6c5f0adc27ab378ce7a6ddb2300b1ac75

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ao.png
Filesize
734B

MD5
1b6993d439cd730838399aec3b0fb44b

SHA1
18b30a13eda5a7b00e1ab12f9b7534ffbcd3eedd

SHA256
27e99589098bf031636fa0eae8ad7881e54181978135375c7f599f6e49fa8fa6

SHA512
4ab06e0d6eec0cd1480baf66d5c4bb9d5a88ca0cd16d95b52bc2f26da23c18a7b63a75f4cddc27d4b7563375d1f49d3deae8b108adff29c3c0a0dc520307ffd6

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\aq.png
Filesize
793B

MD5
bf7280a322bac987ee3e421dbc5f6330

SHA1
6c4a9108c1a5125975f235df5956e7bc16794d20

SHA256
956390e90c1a201ed454b741eead49964393c3026d5882c47b02f564c7c94564

SHA512
d037387964cbc1c6fcb1efc780996886e2e92fa580f374fc7ae5026854635209f69efb6f57e0a65f06a1e3fd60a8ebaa31482f2f278e9af1c4efd90a345fe2f0

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ar.png
Filesize
830B

MD5
69cf780d75e1619d4ef97a1cfb485f37

SHA1
8d65ef01654415778dbfe664a4c3167ccd5cbbbe

SHA256
8438d5e69e23edc2054c6ca8f5b5eae4bbda37adec341a2f63e44ec7af2ee3ae

SHA512
df83d8938e5d7508b385a209bafa0ed11afdfb0dd8d4e16782e397f0addd2c54d1a55dac7bc14a704b50010ba1fa013041d8fc19aa3b98126614e0282821658e

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\as.png
Filesize
1KB

MD5
d3fa2caf8084ea005f29dace6a1c1a2b

SHA1
8922a843a5a7b6ecb0a47dfef6525346b762b64f

SHA256
4c4d9b46ee8b8648976fbf45f3baa20f1d2bd81d955f4ad12e5f185f0184bec0

SHA512
fdc0ed2421d1c9a1dd8199cb047a35c6b25cbb231dc0c2beae22c9dad997273d73ebd1e3a4f52f980909c1dbcc3157832eb73072d23c77fc76652dccf7c4b341

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\at.png
Filesize
651B

MD5
47386d35c3bc3d7ba01d5a1adcb240ee

SHA1
77993763b9809110d121436e2eba607a401b9a7f

SHA256
f9167d1381d27d03c461b8d467406b08b1ec1ca128ef455224a79a54ef1c4cba

SHA512
2cc35e482f8788bb112f60ce1dd18dc3ca2d791ae80994a7a0e3a1c4bc0b95f29edc5bed6df012197089f04712edb263ffd494b5e73c8a369af1bcffea3cd27c

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\au.png
Filesize
1KB

MD5
15bbd2633ed2f55b2022585c40300988

SHA1
16faecc7bc0e49d9703427823201da8a9dee0f3e

SHA256
515102fb7dab425bb3492eaa94e7ac51306d93d01dc8fa83aaf7ad9d3df00b62

SHA512
0456431b748414c018c8fd7080bcf7dd65c68d97475111cb2aecdfb8b8b5d17bb6ef1786a91e26c480bdef5c018b5e4043cba82d88b3c789e55a1a46d28bdfcf

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\aw.png
Filesize
1KB

MD5
15b939b6f1e18d1c00c7365cbefe135f

SHA1
8cacf901d1207cecb8b925678701b75e2c19c403

SHA256
88dfe3018ff9550227b65d71eb80ca826e77cd760b12790fcd84bb6c2a6ea79a

SHA512
1a933aae54a5d6ac4c52c2de249de5dd7180e4fdc630b4c993bcd1d018712edfad69d6c0ffd033fbc050a95c7fba90937ff2c349c5c7c3ccd73644aabfe6da2d

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ax.png
Filesize
1KB

MD5
27e057f1aa91f3a3fdbf354c701e9ab8

SHA1
176861508ebf7c814ba29409a7e5b5bbc04aa5f3

SHA256
f81df1b62a4476dbbc0237f024f18bb509c62037c319fb252b86d8de8d59d122

SHA512
756307faac7289f6d4250d2ef1d1086b5076cb6275be7b5d867d3451cb65a8fb70584e4286ad7aa483ab5342f6dff9bfd27562b583dc5e921530236e4c89d3b3

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\az.png
Filesize
1KB

MD5
8e6c46e33d4ab8ce843fd82bf0cd164b

SHA1
41ccf6b437adf53667e86cd55398aba51093919a

SHA256
95df1829f101a8f4adc6e3e7f4e1f8d6224cc0b8127729032d645b26cca7b0fd

SHA512
05812b0a89f709de4130c6b9c0835153a77b496118c9beef962abbac7a8b960ffa5e8f19c750fbe24d94707a3ee5e8af4744a5e48ff59f92eb9dd17a82f6b1b8

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ba.png
Filesize
1KB

MD5
4eb708fb9510b271281d25752d504718

SHA1
077fbcc85234448e47052d161f8af2effe5b587b

SHA256
7b523c68fefe0a7df99e8703980206e728d3c339e1326b70824292ce654097ff

SHA512
bdb346006ce4006866570a914d890a3cefdc509770faeb8535ace87d93101f85add3f58872dac15b928d230dd2942aeebdec1ed90303db2ed122b1c8d343b405

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bb.png
Filesize
963B

MD5
e1e028da72b38c64d76c1043ebf917cc

SHA1
b09a3bbbd52ebf6cb0a246267e5636db1f879853

SHA256
a944e7cce43b21f0780eb94a8a1571ab233b2b73222cba01cfccaef9734a064f

SHA512
740bf0a81f5da2f9320339271d8511af00f84dd869bfdc9678662afa6d5d7df751c2536037e10d448d77c2667c9f61c2d8545123ac03b983e83bd0289de08fe8

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bd.png
Filesize
764B

MD5
4ff4808e4ed9fd060050379d38ed7bac

SHA1
3115ffe9a401d0f1f5c7cbbcd9ada9f365acc5af

SHA256
02f8bff79a1eb5201547755ec8fc8611b605fa8a85c225c38de7578040976cca

SHA512
ab86bc614a1ec6a8656559cb6ad5c0adb3b059f1080db8d53a63f14e115612ff51ae783f35f64490ee8626f3df4d8760e796cd66128ee53c5abaa84384d9b568

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\be.png
Filesize
654B

MD5
56ae68a6e0b4aadf02609736ee65dd0a

SHA1
54f6b698277409722b16427e5e7a1db2e2783e2a

SHA256
968ad30023dbefef58409fb7e86d7ff43f9207ad136444a4cddcf2a29a7602e9

SHA512
d8ea14b827b60fc4cefcc0e36db862300533473742f33d7e70bf359f02874f47a0a54289341537384e5d680319542eafa46d80d506f28ca22b19e3e138507095

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bf.png
Filesize
766B

MD5
09096c9b04a4dcab8c716b2d6f3fe878

SHA1
5dcdbec1eb0adb7c5b478ae9626c76c092100b8d

SHA256
053a5ac85416b8c8355ba613b79325ff8734f3ac16305616ac2bcfcde95a8fe6

SHA512
d10b823bd048360075f7a915f7d4a3ca96d7c647d72616e4fafd09d5095c7660a9ccf5207faa8af9c5c88a01ffb9cc85f25025c6b00542e89f88c265892505b8

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bg.png
Filesize
765B

MD5
15d9a2d4d4eb0a045c7f082ff2987ee9

SHA1
d780bcec786ff9a78f0d0acd47a86fd096c79117

SHA256
963e10d9f42d27225a514bc1fb89aeb77ab258cb278e4850b2207d80d572ae74

SHA512
2c816e9d6948d60716618bed3f7d87f8a28c5369dca80fe9ebb30fbf0f35d6e576fa55a879b53a3843246e118fc39cbb5a266fc83ef1a4306d0fc088d3229b9d

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bh.png
Filesize
747B

MD5
34f84d7c72119f0b672641450bbe6c40

SHA1
6aef283ad7f3b8bd4d45c955731d715290925d50

SHA256
ab9af1e42b20793174222b3755837cf06b574dba14b9c939db7ef01dc4ccb277

SHA512
b182ada47015996f3052311a2f1e3db556e8bc2b597e73b78f2f7f4366727a69287ad998fc83f8b782a0d1f2f606240bea433fa6251e605d891d92a2bf2a263c

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bi.png
Filesize
1KB

MD5
18b763caf78d097de5d2ec4c70836263

SHA1
fdc6fd9635f09f1c4531258d0ac1fb271a4e9fb0

SHA256
0bf069eadc836e452702cb7217a85bcf4df656702155c96414b272bab0321a8b

SHA512
3011f6763f2787e7110813bc7c93386fd9b658fb7197094ab138bd67367d5ab67780df9f46de8b9eab625dc04caab862f6eb3b15530e38f5e257cad2bb9780d1

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bj.png
Filesize
853B

MD5
03cdcda8b815a5309282300402e338a5

SHA1
76892ab949477e558fe4760d17a5a357242a7b6f

SHA256
5bcaef0b2129ee077c6a45fad9614b1c20fa7087e20a9a85e4146dbe47cab7b0

SHA512
a4f523eb92e7a82114625761cc4aa493242e3a27da54cdbbb9945793b753931e966840c30608a56237658e83579f73ab402b3f9ff10748bccec3934ff989fd1a

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bl.png
Filesize
1KB

MD5
ffa7d1b59636928e39881f1d0a0edaa3

SHA1
400ad9971d41b7f31a109f0cc7e90d2020600356

SHA256
750e0d9fb423608a1de413c843cbec1ac8d2e3e82d6a2531afcf2a472f899515

SHA512
fece6377840a8cb3a395b433a144fe244b9b4a0f24e3e821fb9d8d5c1c78ab9d4e4a2275b17d142d16ad9f8f590fa19c9a0e716fc929bb8fe13a0553693193fc

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bm.png
Filesize
1KB

MD5
37d93c75e0c74aff9ab7d8d37c3b8e7f

SHA1
ae5a8e8178c60cecba78c529c94c23e079e94414

SHA256
42bd53dba164f119c44148e6c9bc28c0b92220800a007d499f253d1ae438c72d

SHA512
bd00f76432d816a3e81f34fd19e3002d134da223cbe6d811c4487fadceec42f6cfda17eb7577ebf514dfc1ab9a3b3cbc0c556654331c5fb76578a49a197b7043

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bn.png
Filesize
1KB

MD5
f96f107fc7dc89b9113214c81d883576

SHA1
f10f384b6a5f6a3979b59b1e33f7e4f4b3d6cc18

SHA256
5e9484dbc8a347b857258606d4705394f7ba8aa6f10b53b5dc58e55524ad39a7

SHA512
9e94355db2dba83c097976dcc1f74d39f01449e376418d4a5907d7a6a15aafa6c30d78445550d16d5ef1ecc5f0a1d1255e4954d8496e4bc89cf974e5f6519f46

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bo.png
Filesize
1015B

MD5
a00567a7f443d14523d414e1d1c37c01

SHA1
c143926a9127570a0a4e8ccc5af374c6f155b029

SHA256
ce52a198a07350d5d0fcdd55e914aea5ad81d2ec10e39e76b32255631017f838

SHA512
cab600088b03f2ade41a88f0a1b0cca9e86a1edd832a5f270d81f3e4009a9d4833e17b5fdecf80ee3106d1da2d3b11d809320dc9fd26c2db60542f28dd2c040d

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bq.png
Filesize
1002B

MD5
98b2ab646a5e61eff3dcc3456fa5ef5c

SHA1
c2ecf619bef994cfbdeb7761fe81ef0b05044c9f

SHA256
a9d2823ef28a3f87d60526f7d71ca2df41dab1ab0adaab11409e05e8e5207971

SHA512
c88b888b62e8844ab175fd7d5106fd14c34479003a57524d2e362d5db14b097d7b07676f59484f2f4b1a0a77c4913e56be1971c73163ad59d3f969532c7f5605

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\br.png
Filesize
1KB

MD5
e650e4a38ab3cc1dd03e835db4fabf46

SHA1
d517da25d527101ae9fbcf4d7567759252cf4b3c

SHA256
ba2c9ed05d5e1d7c6b8a460f1f21d6630938d179eb38a2e59a5841ec5afea543

SHA512
c216e68cc9ae43ba24c3d4cc86549e2efb0de86980197b6ea2cb6653f6d79aca66f948c2eb598746d0750bed4f0cef0551d6a4b1c651671e424de3b06fd8f55a

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bs.png
Filesize
877B

MD5
567968761d29569f8f4ae2008922d64a

SHA1
5651bf8b16071adc0bc86d0de6412ab580601a6b

SHA256
8c6827bd280ef162aff6b42c25416a61daf36c0982862dc5cac9d31480f79ab0

SHA512
1d88648063003e5b4fd1109337fad4cbb769cba30be811676634abe6d082dfa86543153e01944e3368d72dc1802ba9bcda19de8ae321920dd0fb0fc0e817299f

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bt.png
Filesize
1KB

MD5
871708b85a41dbf488c83c0f6d38847e

SHA1
af8858c51803ab9925e1168eea4374eab453b10f

SHA256
5cb7a5818b14e0d879a9b91aeecd9c64c6dab2f468a8147b86b117f6cd43d311

SHA512
14cce6c1b446e54517dde1241a984374808ca8e20683e49a941fa19342d4958853e000ce99d8308fde9b0d6f092f16734ce8ffc6a7b0b3e7635ba04926808b47

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bw.png
Filesize
851B

MD5
3243d26cca90de9992b6067af59fe61b

SHA1
c9494ff65c1acf60cf748772069598a0446962d8

SHA256
ba18f482f566315edc8db6e8874fdec95731f9e46cda105092080ca02f0c2540

SHA512
fdd3053487ddd46913503392b1c1047c7ff031dd96f7e26b659ebfb49ac991dc082bea686527cb3d78e7deeafef2cf8318bd798fb57b600cb5148879af10a114

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\by.png
Filesize
1002B

MD5
39e046973fc2969bf7e54c8b61770d3d

SHA1
a39723071a4426f8627802f952c11b41696ae5e2

SHA256
25a1fb58dec67ada5090771415da58ea598ae629f28e52420ba53f5f59d0504d

SHA512
2691b0eb7c69aca4f00be377bfa477ce9c38d0c901dfd2ffd56348f1960b3931e8183487b8208159b17785ce7e7ca206e999c80042d83824b4631d2c410dd73f

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\bz.png
Filesize
1KB

MD5
04df3acbfaba16034f2bfd9370d36209

SHA1
2dd58919c12245b59b782e930353b2dc781cf58b

SHA256
91327f9a8a46a2a660f70fd22ad589b9ae07b8617ee21d24dc0360d6b00ff0b2

SHA512
59cd1cd196cc35e9775229ad1cbe72beb56fa2e54a9b6cc3ae0073024cfc6b0e2002003b667976025b5dc649571d1c0ead89264a5dc341d1aaec210b95f48444

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ca.png
Filesize
747B

MD5
5941934b5f8ff897111959984b554b5f

SHA1
f3789b6d8f923c3dec484a50c1a898ff4f8ee9a3

SHA256
7b4509c54260961e637aa3e44c3c911631137ce300ebcea5cac297286023ec93

SHA512
0cec0e8f4210ca3ea4df7ce795ce463c7de3f2c0d18cb41d431aef6041893f1fdcd56cdec6955858c1e759b615264567d9cd4a4ac5d0b640ca3688c7c890a30e

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\cc.png
Filesize
961B

MD5
4e5f94be5a63a2fb0f7f09b13c709ca3

SHA1
919700a8ff35c79293af2293e1211f1a513e5504

SHA256
0156d11191c6c7cf9164cfadb164b07d15ccc2b4e07182714d0c44a7f29a8451

SHA512
66e018c28ba5231b4aa3564b8aff87addae970ee48cecb042254d7d7c20ef763cfce8b24153878a7179bfe4e038941a1dca506989e21134785673cef4f5c408f

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\cd.png
Filesize
1KB

MD5
f39d846c77218c4be0cabb86c5de400f

SHA1
1ece3bf46c237048ab866fc9396e0a5ff7b10416

SHA256
0890c7a0ca097f03cb9c09f24ab2e55a1ab234635eaf0b6c2e98e0afaf60e43c

SHA512
8970dfd053d6911c07c62ba353e817a2732fbb318b122eb1865f760b209d47bfee9e63dbe0af978fb831cf8a322aeebfd370b2b1d9a9b839bc752a93836e825c

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\cf.png
Filesize
1KB

MD5
06baaa819f4877ca461c78366f7281de

SHA1
1296d1334691690c95cf7ee27faa5b0e15c4a837

SHA256
5ad829236ef89cc8d9d8ff4bae28cc4066186d3520194bc91ae3d2e050308e33

SHA512
2869fe105dbd89098cfc198c9a8beecd9fdb270295911c6cc6b6d8a1c8306869b67ec4f04fcee5090b023036615f05d2ed80aeac9760f810b9725777b54b381d

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\cg.png
Filesize
918B

MD5
1434cb15bc1666c296b2e23bacda5aa0

SHA1
8b6416de2b072a4be3ada2ecfe22bddf3fe35931

SHA256
1003afdd38cdfa5c45aa8977b8f0906260ebb4d4063cf5bbf2bdeba4b797f694

SHA512
0a94ab8b617f752190c09d3a24aa1c7b12d984238987c657bd6f1298997a86fb644a4c0f50724acc188cb51b4f8e948369e8ada1b0c39daadd1ba31a3bce7952

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ch.png
Filesize
554B

MD5
acf0658dfd8c84f1f306f3fea2c92d67

SHA1
9b12a8ccb9ca119a73b0a84a995670ca63d8e168

SHA256
4c1725303c045742c8521d0d534bd4246f909f9c289e861c0edacbe0b97ca118

SHA512
54c5fbab65b10e575f8aea3a49ee7a950d01c000fc01a916e03eea120adc26ee632bd805ee6771e3dbdf95f0ddf0df035b4683cb479bd8a5bb6587e59cd31c4e

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ci.png
Filesize
862B

MD5
349c70fd34895e1fd7da09cec3e3a213

SHA1
48b68dc1e9dff0b78efa3749151600d598b1845a

SHA256
fcca98be86a64a9ec6263fbcc5d5e2597a29e97217a1828080c868d8a470d548

SHA512
ee6083b6876662053f2109f00cc46efe6794949887f47b2047dcb3f2b0c7fe354ef12f77cf3644c588a560144786f71cb610dc5044dc862eac2be9e3e2a8997e

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\ck.png
Filesize
1KB

MD5
d613e7401a410a218ed40a0a2da07f20

SHA1
b658b2d0ee868c0693ddeff3780f14846a9e148e

SHA256
b6d57adbb3af27167f9f3ec627e62241ee43ad2d9a7e8e2d67351d2e7cbc2ad0

SHA512
cae4fb83bc9786b491851e58fdca33f1569e57b0be4f449d4a3d67f15b47ff2c97fb2edeaac1b86fab07e9062f31fcfb2861ed581c755a67ca145e4188c30672

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\cl.png
Filesize
795B

MD5
4eb4919d32968b0df973d95491d61e89

SHA1
cecfa3ef8929ba2b8420beb9a18a66cbd239efb0

SHA256
f3fea7c8853556f3400d6b92e1aada01c8798db5a53f46aa4ac7fd83562d0df4

SHA512
6f89cc393e550e13f9aad61213e30c14ceb799b9bfd0306fff8b13fbebe0783fe72a631ca5b9adeb568d8170d62c7fc36b274eb905ce0136beb206395073b547

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\cm.png
Filesize
887B

MD5
cce1ba4ea50e8fd18e1575fd5812f4eb

SHA1
891ef1744c054387b6354840405aa052c61a2eb0

SHA256
e7372b1387febacd6e1612ff16f6fce0d178d7c5e0cc3e766002f147a4aef2d7

SHA512
8679e46a75790ab096f23e90ab5fd29e5115bc256d6841215f5ac4b355e03f1da1b4cb19a89e8f63fc310dbb9192b8f424b3646f36b8ead0cf3c6588762ef809

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\cn.png
Filesize
606B

MD5
8d729fd10d6709776f37228c7e0532d5

SHA1
4131fd3b5b330c26208d1c22a794d5462df5fd91

SHA256
fa710c79afe55745037b1a612d07da1ba8769f873d831c2a23e9bd9551506766

SHA512
7614287440b385af788cfe26d99e0f855b68a06c03b2e5b7cfd2c20a508cb0812a6aa112f28d529192180978143eb83ca7cb6a6b6c7cd756f04d9eed59d926c3

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\co.png
Filesize
755B

MD5
823852d5f3a27ca092302bec41378ee3

SHA1
63232f8c7649bf7a1a65b1b52591fb0d2d455ba2

SHA256
c2f4b317bf02f350ec7bb702aac74773e507b7fd98355fb627a78dc151f49174

SHA512
3fe0eb7a43017c1cfb6e3372fd4466bd735e8dfeecc3ea768daab24fbdc8e2403f129792b6bc590419043c6397f0134a9a2a7d76e0fd8a265298cedc50b512d3

Download Submit
C:\Users\Admin\Downloads\Release\country_flags\sj.png
Filesize
1KB

MD5
a74dab3185ca47f60c3eb2a023cbb723

SHA1
496e6dd69c241ba662c9d91a6274a1477a4d8f23

SHA256
5bd80f95e6698c93044e18885ca1d234cc802b0b1e720d31e1d37b36eb6f4e5f

SHA512
508ee8bd337a54ef243a3539f5c64140bc90a7c223c473849cad27ddfbe7b1c6489b72819591c92c5954d59adb91f91dd7f923220d47c9db23e94f72fe2f3d9d

Download Submit
C:\Users\Admin\Downloads\Release\xeno rat server.exe
Filesize
2.0MB

MD5
3987ee127f2a2cf8a29573d4e111a8e8

SHA1
fc253131e832297967f93190217f0ce403e38cb0

SHA256
3d00a800474ddf382212e003222805bd74665b69cec43b554f91c3cd9edf04c4

SHA512
69d5ac7a691dde1a3ed7f495e9b9180e63152ddaaa3d1b596ad9cbeb4d7b088f3fc4b138ecf87070014cdfa9047be18940b720de60642389921a10053250787b

Download Submit
\??\pipe\LOCAL\crashpad_4088_YCRYGOOXPSNVPZSS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2880-929-0x0000000001720000-0x0000000001728000-memory.dmp

Filesize
32KB

Download
memory/2880-928-0x00000000015C0000-0x00000000015CA000-memory.dmp

Filesize
40KB

Download
memory/2880-927-0x0000000006640000-0x000000000664A000-memory.dmp

Filesize
40KB

Download
memory/2880-925-0x0000000006290000-0x00000000062F6000-memory.dmp

Filesize
408KB

Download
memory/3484-913-0x0000000000F20000-0x0000000000F32000-memory.dmp

Filesize
72KB

Download
memory/6604-775-0x00000000057F0000-0x0000000005882000-memory.dmp

Filesize
584KB

Download
memory/6604-773-0x0000000000BC0000-0x0000000000DC2000-memory.dmp

Filesize
2.0MB

Download
memory/6604-841-0x0000000008310000-0x00000000083C2000-memory.dmp

Filesize
712KB

Download
memory/6604-829-0x000000000A1C0000-0x000000000A1E2000-memory.dmp

Filesize
136KB

Download
memory/6604-887-0x0000000008A50000-0x0000000008B74000-memory.dmp

Filesize
1.1MB

Download
memory/6604-888-0x0000000008D90000-0x0000000008DAA000-memory.dmp

Filesize
104KB

Download
memory/6604-779-0x00000000082C0000-0x00000000082D2000-memory.dmp

Filesize
72KB

Download
memory/6604-842-0x00000000083F0000-0x0000000008744000-memory.dmp

Filesize
3.3MB

Download
memory/6604-774-0x0000000005DA0000-0x0000000006344000-memory.dmp

Filesize
5.6MB

Download
memory/6604-776-0x0000000005980000-0x000000000598A000-memory.dmp

Filesize
40KB

Download
memory/6604-926-0x00000000015B0000-0x00000000015C2000-memory.dmp

Filesize
72KB

Download
memory/6604-777-0x00000000081D0000-0x00000000081E4000-memory.dmp

Filesize
80KB

Download
memory/6604-778-0x0000000008290000-0x00000000082AA000-memory.dmp

Filesize
104KB

Download
memory/6672-909-0x0000000000E40000-0x0000000000E52000-memory.dmp

Filesize
72KB

Download