7a5cd7d9d0ac982f09c8a93051fc48ab072fcc4b52237d1b91494363b9dad27e

Analysis

max time kernel
40s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25/08/2024, 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vcxsrv-64.1.20.14.0.installer.exe
Size

40.9MB
MD5

897a71804f5263cde2376c518e4f7b13
SHA1

3e97865b2af3d4a855ac932ecdb691d2128c936f
SHA256

7a5cd7d9d0ac982f09c8a93051fc48ab072fcc4b52237d1b91494363b9dad27e
SHA512

53ddac4b3bb0636fca204c57d1fcebddf857722cbf1fa761776fd15351629b1f26fbfc05b038609077f7c81bfe2ee8c44ee0b10f6a545df9214115dcec2f47bc
SSDEEP

786432:IePGMqxc63IN5qQQ8Yb0mKT5t7EYW7KvCfVPtRitxbM75EnHvweLQbZ:IePGMqx5I1Q8C/KT3wR7DHOfPDYZ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
4956	xlaunch.exe
4864	vcxsrv.exe
2776	xkbcomp.exe
1176	xkbcomp.exe

Loads dropped DLL 27 IoCs

pid	Process
3976	vcxsrv-64.1.20.14.0.installer.exe
4956	xlaunch.exe
4956	xlaunch.exe
4956	xlaunch.exe
4956	xlaunch.exe
4956	xlaunch.exe
4956	xlaunch.exe
4956	xlaunch.exe
4956	xlaunch.exe
4956	xlaunch.exe
4864	vcxsrv.exe
4864	vcxsrv.exe
4864	vcxsrv.exe
4864	vcxsrv.exe
4864	vcxsrv.exe
4864	vcxsrv.exe
4864	vcxsrv.exe
4864	vcxsrv.exe
4864	vcxsrv.exe
2776	xkbcomp.exe
2776	xkbcomp.exe
2776	xkbcomp.exe
2776	xkbcomp.exe
1176	xkbcomp.exe
1176	xkbcomp.exe
1176	xkbcomp.exe
1176	xkbcomp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VcXsrv\locale\th_TH.UTF-8\XLC_LOCALE	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\bitmaps\grid16	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\ncenB24-ISO8859-13.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\UTB___12-ISO8859-13.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\luBIS24-ISO8859-15.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\ncenB18-ISO8859-3.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\timR08-ISO8859-3.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\terminus-font\ter-920b.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\helvO24-ISO8859-3.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\UTBI__14-ISO8859-9.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\ncenR18-ISO8859-4.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\bitmaps\icon	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\luIS18-ISO8859-9.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\lubI24-ISO8859-9.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\misc\fonts.alias	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\locale\tatar-cyr\XI18N_OBJS	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\luBIS19.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\timB24-ISO8859-1.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\misc\clB8x16.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\lubB18-ISO8859-1.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\timR10-ISO8859-9.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\UTRG__14-ISO8859-4.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\timB14-ISO8859-10.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\Type1\c0583bt_.afm	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\terminus-font\ter-p24b.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\lubI19-ISO8859-14.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\encodings\adobe-symbol.enc.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\terminus-font\ter-k22n.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\courO18-ISO8859-15.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\helvBO12-ISO8859-13.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\terminus-font\ter-c24n.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\xkbdata\symbols\cm	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\lubB14.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\lubI10-ISO8859-15.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\lubB12-ISO8859-9.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\lubBI24-ISO8859-15.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\helvO10-ISO8859-10.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\ncenBI08-ISO8859-14.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\Type1\l047033t.pfa	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\misc\8x13-ISO8859-2.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\bitmaps\gray	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\courBO18-ISO8859-4.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\luBIS12-ISO8859-13.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\luRS08-ISO8859-10.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\luRS18-ISO8859-2.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\lubR08-ISO8859-15.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\misc\4x6-ISO8859-3.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\locale\microsoft-cp1256\XI18N_OBJS	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\UTBI__24-ISO8859-13.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\helvB12-ISO8859-14.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\lutBS24-ISO8859-3.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\lutRS18-ISO8859-13.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\lubR18-ISO8859-9.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\ncenB12-ISO8859-1.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\timB10.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\luIS08-ISO8859-1.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\lutBS12-ISO8859-9.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\ncenI12.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\lubR19-ISO8859-4.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\lutBS24-ISO8859-2.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\75dpi\ncenB12-ISO8859-2.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\locale\en_US.UTF-8\XI18N_OBJS	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\locale\isiri-3342\Compose	vcxsrv-64.1.20.14.0.installer.exe
File created	C:\Program Files\VcXsrv\fonts\100dpi\luBIS10-ISO8859-14.pcf.gz	vcxsrv-64.1.20.14.0.installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcxsrv-64.1.20.14.0.installer.exe

Modifies registry class 60 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\Validate\command	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\ = "open"	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\Validate\command\ = "\"C:\\Program Files\\VcXsrv\\XLaunch.exe\" -validate \"%1\""	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\ = "XLaunch Configuration"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\Validate\ddeexec	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\Validate\ddeexec\Topic\ = "System"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\Validate\ddeexec	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\Validate\ddeexec\Application\ = "XLaunch"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\Validate\ddeexec\Topic	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\edit\command\ = "\"C:\\Program Files\\VcXsrv\\XLaunch.exe\" -load \"%1\""	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\Validate\ddeexec\Topic	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\edit\command	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\open\ddeexec	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\open\command\ = "\"C:\\Program Files\\VcXsrv\\XLaunch.exe\" -run \"%1\""	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\edit\command\ = "\"C:\\Program Files\\VcXsrv\\XLaunch.exe\" -load \"%1\""	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\open\command	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\edit\ddeexec	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\open\ddeexec\Topic\ = "System"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\edit\ddeexec	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\Validate	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\Validate\ddeexec\Application	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\open\command	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\open\ddeexec	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xlaunch\ = "XLaunchFile"	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\open\command\ = "\"C:\\Program Files\\VcXsrv\\XLaunch.exe\" -run \"%1\""	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\DefaultIcon\ = "C:\\Program Files\\VcXsrv\\xlaunch.exe,0"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\open\ddeexec\Topic	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\edit\ddeexec\Topic	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\edit\ddeexec\Topic\ = "System"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\edit\command	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\open\ddeexec\Application\ = "XLaunch"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\edit	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\Validate\ddeexec\Topic\ = "System"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\Validate	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\open	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\edit	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\edit\ddeexec\Application\ = "XLaunch"	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\edit\ddeexec\Topic\ = "System"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\open	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xlaunch	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\edit\ddeexec\Application\ = "XLaunch"	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\Validate\command\ = "\"C:\\Program Files\\VcXsrv\\XLaunch.exe\" -validate \"%1\""	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\open\ddeexec\Topic	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\Validate\ddeexec\Application\ = "XLaunch"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\open\ddeexec\Application	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\open\ddeexec\Application\ = "XLaunch"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\edit\ddeexec\Application	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\edit\ddeexec\Topic	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\Validate\command	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\ = "open"	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\Validate\ddeexec\Application	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\DefaultIcon	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\open\ddeexec\Application	vcxsrv-64.1.20.14.0.installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\xlaunch.exe\shell\edit\ddeexec\Application	vcxsrv-64.1.20.14.0.installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XLaunchFile\shell\open\ddeexec\Topic\ = "System"	vcxsrv-64.1.20.14.0.installer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4864	vcxsrv.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4864	vcxsrv.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 4864	4956	xlaunch.exe	88
PID 4956 wrote to memory of 4864	4956	xlaunch.exe	88
PID 4864 wrote to memory of 2776	4864	vcxsrv.exe	89
PID 4864 wrote to memory of 2776	4864	vcxsrv.exe	89
PID 4864 wrote to memory of 1176	4864	vcxsrv.exe	90
PID 4864 wrote to memory of 1176	4864	vcxsrv.exe	90

C:\Users\Admin\AppData\Local\Temp\vcxsrv-64.1.20.14.0.installer.exe
"C:\Users\Admin\AppData\Local\Temp\vcxsrv-64.1.20.14.0.installer.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3976

C:\Program Files\VcXsrv\xlaunch.exe
"C:\Program Files\VcXsrv\xlaunch.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Program Files\VcXsrv\vcxsrv.exe
  vcxsrv -fullscreen -clipboard -wgl -displayfd 592
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4864
- - C:\Program Files\VcXsrv\xkbcomp.exe
    "C:\Program Files\VcXsrv\xkbcomp" -w 1 "-RC:\Program Files\VcXsrv\xkbdata" -xkm "C:\Users\Admin\AppData\Local\Temp\xkb_a03832" -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" "C:\Users\Admin\AppData\Local\Temp\server-0.xkm"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2776
- - C:\Program Files\VcXsrv\xkbcomp.exe
    "C:\Program Files\VcXsrv\xkbcomp" -w 1 "-RC:\Program Files\VcXsrv\xkbdata" -xkm "C:\Users\Admin\AppData\Local\Temp\xkb_a03832" -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" "C:\Users\Admin\AppData\Local\Temp\server-0.xkm"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\VcXsrv\X0.hosts

Filesize
26B

MD5
a3228af4474ad877a6c0a73ce5b8bcff

SHA1
f0ab84b0577ea8ba3ea153399603b7d194ada868

SHA256
1b96d314224b778c9406dc2b25e4c32eb53d4ff6c80eb1c8a34aabacda1b8148

SHA512
55b82780fa5f653e0ebd70ddd675c644ea285fd771c8c8a822fb47fa3c2e35858d2af589e61e989cee3f5cd829eb6183c45b60ca6fa634aa58a1b0f75c414b10

Download Submit
C:\Program Files\VcXsrv\fonts\100dpi\fonts.alias

Filesize
3KB

MD5
85bebd6ca213aa656c301a72eb4397cb

SHA1
c9d647f11b8ec82b092ad2e906a437407e616bbc

SHA256
ede02a8f00005bc9ca372f788b1820028cde3ab389e2d27ae71c896bb2c0b5c3

SHA512
f33fe41c31ab45147f4a7b7c46a5f2b68cfe1fd03f886b70389e6f78ae60b8f4d18aaa3d1ee28a9f17959bcedae0b6ea6b8cbed3b591b7a1e418d796b4894fb0

Download Submit
C:\Program Files\VcXsrv\fonts\100dpi\fonts.dir

Filesize
165KB

MD5
45d9e44439722e4f536a2a8e2433c137

SHA1
82387f654b60805c490ca9066485b05a1b0dfd58

SHA256
115ac9711d3187adfb5b98f1b3e4935cdb22a5b182088e60f23eb84efc209b61

SHA512
cf409b63565009e2bad4ab25a553fe15036a6bf145cbd34f454cdf20e25f095e80fc74839278e99880e2a3207c6d70e1a7c52a20051a190e51c96263905d5892

Download Submit
C:\Program Files\VcXsrv\fonts\75dpi\fonts.alias

Filesize
2KB

MD5
6bc48023f2ae7f3bfc105db7b0ee6b49

SHA1
f472477029cb639472e95c8654c8e03ed0fc31eb

SHA256
cacef1a7b4d2949d19e792d6ab462515bf38687005164bddd1f3f1f161e007bb

SHA512
ccb4421d501381064fdf66974c26908e0f718534eb289900ef85360f5d7242db2530353f04219f55941f37ca402893df776779a0e79baf54023535334ddf3d97

Download Submit
C:\Program Files\VcXsrv\fonts\75dpi\fonts.dir

Filesize
161KB

MD5
09b3dba040da83b368b4d2711baff546

SHA1
6666604b65cf70966cf341afc807e369fe98ac96

SHA256
9c4ed13eed35e2f8fe4214f56c12b66fbe7eee69a7a2929a71a0177ac6280fdb

SHA512
cf7a22dbef8577496a05a80f0896cd7d25d4e0f0e38197dfaf421beb0153c67df761f48a3482957b43a0a608d63618baf2693e64ebd64c498c4d0612c4502cef

Download Submit
C:\Program Files\VcXsrv\fonts\OTF\fonts.dir

Filesize
1KB

MD5
46d17001d9052f36905763ac27ca8ef5

SHA1
279ac99152c68ce3ca56bb249968594c9163fe8e

SHA256
83dca820b1bd83cba324f819ea63c471127132387aad08774fb8c14de9cba8e9

SHA512
235d2459e3955da4783d5a580cf551d36fc30dba7013fe522106702c5f62688ddbb17654ce288c5147aa31d8c821acd0954d3cfd184d51d7c42f044d612fdab0

Download Submit
C:\Program Files\VcXsrv\fonts\Speedo\fonts.dir

Filesize
1KB

MD5
74cd4eb54f565773e0e41157e39ff652

SHA1
ff4f6550dca0b91817bd98b4f34d7d7232829a99

SHA256
af53bc1827d75c4ab63ceab44918c95b5e0025819989fa02f1af8b155bc12482

SHA512
914fe61ac41bddb2339d7d01d6f2b9361a2f564de54df3f5172c9381d7c1f3e0b56b5c619cc5cea7950d395c4d8c543ec807fae71d5539241ca839341862774f

Download Submit
C:\Program Files\VcXsrv\fonts\TTF\fonts.dir

Filesize
9KB

MD5
27f1cd4ae69e7ba81e7e51b082dc775e

SHA1
9c7e9cfe3fa0c8415b05350b4db65e16c0729ac8

SHA256
d7da16b95d23ab3fead6bb080b8c1b800299f69fcc7991d0a473d7a817d15886

SHA512
9e14372fe0d09c891389a5ef017452ca05293470ba9fea032fb8c396a7064eb58eeb9ad0c9df9e86cd121fb0669a4839847f30cc010b96a2484e4f8389ce328d

Download Submit
C:\Program Files\VcXsrv\fonts\Type1\fonts.dir

Filesize
6KB

MD5
b9d447914b5fc3fcf365c2b259051a7b

SHA1
df25e8899f39796b78e7fc44e5e607a637f09883

SHA256
960264ba01c337a8379b6e6a389c5271b592bf7f1d924fbf5a5180c338996a91

SHA512
31e2c22977446b24d493ecc1a525253186ac455c67e58358d2ba2961b6314975aadc52ddcf2ee2d42c37a3aa049736f2dee7ccfe5f1ffc8dd3f027981fd3f5da

Download Submit
C:\Program Files\VcXsrv\fonts\cyrillic\fonts.alias

Filesize
3KB

MD5
f40795b0640d6785826aecd3b16f6124

SHA1
3eaa556a2745b8ea1b513e478a33de301d071a90

SHA256
f14f011b33385aa501c2cd42e569474654fd4473e14459148206e485224e009e

SHA512
3e923c8e20e9d4f6b666faf8f854d1a46f3c2527ef5b08f8a598f870b27c97b1902d1cfe5daa608b817479ab22d3babc88e265abd98e9d9500f6714f67e1b3af

Download Submit
C:\Program Files\VcXsrv\fonts\cyrillic\fonts.dir

Filesize
5KB

MD5
c893decc4b3375bdd67f9c981edbeda7

SHA1
0d70672e74b4017650c1af0c045b513e4e9eb515

SHA256
db330e35a801e4ce23daf5359d30fd870d919380c142a2bc56c27cca62e667c5

SHA512
2f795c64e6400e34393503a0e5376ea3ef2ce6a0fd406c4fdc52d29b289f543bce03714aa44f7b5988caa07ecd632792a400e5bd94c01ad47fa928b974abed4d

Download Submit
C:\Program Files\VcXsrv\fonts\misc\6x13-ISO8859-1.pcf.gz

Filesize
4KB

MD5
36f3b4d6f9842aad8f80058b8cd2772a

SHA1
0ffe013056cb6a9a553bdfef22818d39ddc8466b

SHA256
e4b1b57976c7014eb4ff200bdad24e3152445a62f0e0a63e4b77d56b826b162f

SHA512
ac7cdc786c26aadfc458580621f7c7be610897dccaee02b0d293f93b9870748aa975677fe36d6d92ebfef5d1d3c76fcf10dc646acf8dba31027752cf0f3bfd4c

Download Submit
C:\Program Files\VcXsrv\fonts\misc\cursor.pcf.gz

Filesize
5KB

MD5
b902411d4b5f5cd0716547991f720174

SHA1
dfd56df3fd93caaf453d1646ef50e401d2afab4f

SHA256
b6e69b0d11ace7213f2dd04384bfa09bc44cbc3433cc51b9a68b3312c738b82d

SHA512
c283067f431b6a5d4da9073e64ec315c7e2c1487b3d8fd26d5d11ea917e871c59bbf8e21c573e6bf44064f4b484ca6cf38745a05586c1f3799f2f2ee3955be66

Download Submit
C:\Program Files\VcXsrv\fonts\misc\fonts.alias

Filesize
6KB

MD5
a8ec05d528431d4c9703b55a7efd67a8

SHA1
1006724e4b59024ac835c1d859f36b5551f3672c

SHA256
82bb1f9fcfb13b35739f4fe707504c8e3c86c087c20b9589756addcbd4f4bfed

SHA512
f21f02ff334f793dda6c3be6973f5b2a8dd377e56ed525ed39dd80f4deaf9156828cbe8cb80033d7d956874a163e76185f178409568f71f03eda67a0e37ca869

Download Submit
C:\Program Files\VcXsrv\fonts\misc\fonts.dir

Filesize
31KB

MD5
82a143d94d6a974aafe97132d2d519ab

SHA1
cce53ac2ae8af5bd5dde9078f46422a8160c00e5

SHA256
9186a442a0b1f9ce92a0214216c868aa4283e8625695724da689f78a93c67584

SHA512
208720963c884aa39406ad11260d887b786f9ab5bd73dfe9b28a268744bd4468b03ad83270f962607fc97f6cb90688c959023ffaaec81caaf2cc5dfc5fdc31b3

Download Submit
C:\Program Files\VcXsrv\fonts\terminus-font\fonts.alias

Filesize
17KB

MD5
80c93c582b432dbd948b81776942cb83

SHA1
ff8e818d794f9b96c5c23aa83d183d19802df49f

SHA256
22931a0a1af7b17021b846c109d241c1a6bfef1df5e4047cd0d7826bede9f14b

SHA512
0bc4347742983dcf6ad7bd024fbb0e89ed19e1b0c36d67a9453faf9992295d583265b49dda4ff8a11c03fabe2bcd45819a45447e063224f0b2b692828b83338d

Download Submit
C:\Program Files\VcXsrv\fonts\terminus-font\fonts.dir

Filesize
15KB

MD5
5bcc7cd91f50f40fd724c1a3969e4e33

SHA1
f4efdbe9a65881a1ade2cc3bb6d602d7823042e9

SHA256
8aa49feafe7877284a20040f14992bbf10727a4a4ca2321cead655faafc3eb97

SHA512
3d1024b88abf4444cd1187d2070141c571e75d48a8854061a79e71ee0c072c9667a594184fb5682b24b283838ff2888392b0c72ce31ef91e1d3d46d628a8af4e

Download Submit
C:\Program Files\VcXsrv\fonts\terminus-font\fonts.scale

Filesize
2B

MD5
897316929176464ebc9ad085f31e7284

SHA1
09d2af8dd22201dd8d48e5dcfcaed281ff9422c7

SHA256
9a271f2a916b0b6ee6cecb2426f0b3206ef074578be55d9bc94f6f3fe3ab86aa

SHA512
a546d1300f49037a465ecec8bc1ebd07d57015a5ff1abfa1c94da9b30576933fb68e3898ff764d4de6e6741da822a7c93adc6e845806a266a63aa14c8bb09ebb

Download Submit
C:\Program Files\VcXsrv\libX11.dll

Filesize
978KB

MD5
6a2b96dd01a07dcfc5698118cd4383fd

SHA1
4a7e54cbe9668b33320c37db6a188183306553c8

SHA256
e873557ffd83a1ffddb79021db5ef5fb4f1ab2ca4d8884d9b4666fa025ac5225

SHA512
454ea9db149bbf3064514d040240c0b131fc88a16a2586aa00f29e670c8ce2123d68fcdf373540a38698ef103efb6aa2ca0bb9ba8a098280ddf0668bafdb75bc

Download Submit
C:\Program Files\VcXsrv\libXau.dll

Filesize
14KB

MD5
f1fab3713b091fb733bcc9a724690f10

SHA1
aa43f500852e6030856905182b1e4a4dd1d6a50d

SHA256
ca5b1d8e61ac3e3cb7df2788ca17022fba3d2887493a4d2f44fb010f27a9aded

SHA512
fdb8b25c9132669c2eac38ec465df0b616f2c8c3fa3c515b8de29ba76e99885eb2f5038ca6af17bc5e60ad21604bd8db876fbf382e657a0637497b5fe6051d68

Download Submit
C:\Program Files\VcXsrv\libcrypto-1_1-x64.dll

Filesize
3.3MB

MD5
8d183ef76cf01e5e50476b7b2df51835

SHA1
f10662b3416e97ab68f8da6cf24de314b0d510ca

SHA256
7cb40b9aa8e0c45c0f0bcef036b423eb93e6a546b1db7e3843c1c5ba5137f963

SHA512
95163b34c66d9250d049e9763fb6c11ae94e0800437f7875986c5880438334d0139afbf029d3101d86ca53bc299ec9a0b08af17183e0f046872e49d484786ba9

Download Submit
C:\Program Files\VcXsrv\libiconv-2.dll

Filesize
1.4MB

MD5
09a88768935dc6aa4a05fa03e986f7f3

SHA1
b16f89cd3eb2c305695887102406846371e4e2cb

SHA256
39d99d6d077544403ab9a4eadfc01e4df1196868b053f1bedadf9b288e6f9287

SHA512
087b3b32cba4c2a387e902efa257df619183b2be0c1f9fb93579f4ae855c3604bbdbaddbc0fdcc1548cb5830396bdad855e4a7de3ce5f9191c86beec284149fa

Download Submit
C:\Program Files\VcXsrv\libxcb.dll

Filesize
130KB

MD5
c83099de1ab4ad88586bccf6c499f793

SHA1
f8c9750deed32c3614cc7674a89619dbba2196cb

SHA256
225c87f90ebd05924abdb27a89658eaccc9933c29234f1ad4df57f32e5045d9d

SHA512
52539ec52ea88d33ff69472729377ca889f40250f2a4d4218b2ea43298292a44ad57ff353513e7b523ccf78f0af801fe342b0010f7178410d65da755d046f9f4

Download Submit
C:\Program Files\VcXsrv\libxml2-2.dll

Filesize
5.4MB

MD5
5614170928db34e486644ef6ca7d2992

SHA1
3fccdad422034ab623b92df661e8af1638962536

SHA256
3c68a190dc6d550334ff9d0a506e9526105b008364dad0915562413ceec092cb

SHA512
306fecb2e656c1bb10334be1f4a31b0ce10df0c41f0a5a03063e22c71d21323a88df8d914221ee70f177d011efdab5baa7c547bb31f2ec9fe274854fa67d1a8e

Download Submit
C:\Program Files\VcXsrv\locale\iscii-dev\Compose

Filesize
2B

MD5
81051bcc2cf1bedf378224b0a93e2877

SHA1
ba8ab5a0280b953aa97435ff8946cbcbb2755a27

SHA256
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

SHA512
1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

Download Submit
C:\Program Files\VcXsrv\locale\iso8859-9\XI18N_OBJS

Filesize
248B

MD5
df430ba0495815fc0641fa836b4d500d

SHA1
c77edc36f505f284455177a0abf04c7db4d9fccf

SHA256
a8a0e42aaf0bc6365ec936da183f3ab58784166f0155f8135265f926fe29a60d

SHA512
c9cbbd6fba0e1195b36b84ecc509b6b84cfbdc288467f08ec4aec2dcf20ba3aa8e8ed40b743e77169823c6f224e1a2d3b2bc6c1aeb99b580a66cfb75df375598

Download Submit
C:\Program Files\VcXsrv\locale\zh_CN.UTF-8\Compose

Filesize
51B

MD5
39a17f69bc1462bdda60d01adde5ea1c

SHA1
169c1b60242cfca96c2a4ad18b26fe120803755d

SHA256
af5cd2b064ae7241e45b1e354b29b534ae56c74685746a3499deeeb83e35dc25

SHA512
90f0ff17ed8121e14027879915ee21fc77f7d2393997ffa534b8aad870a22b029f7ed76498de08f384c5b35ff88fbdb9b01559331f952310912bac0b51d64d44

Download Submit
C:\Program Files\VcXsrv\msvcp140.dll

Filesize
552KB

MD5
cb75d6437418afe1a7b52acf75730ff1

SHA1
54c2da9552671b161cc87eb50fbdb86319b00f56

SHA256
7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8

SHA512
f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6

Download Submit
C:\Program Files\VcXsrv\protocol.txt

Filesize
25KB

MD5
9ebd4afa72d17db9c344a23d11f0d147

SHA1
288749afa449ffa04bd1f86ab293a1802dc63991

SHA256
b8f6921aaf1d88c74b0cd88295bdfe28b84b432200b8d2fb5b40b0d6eef6016d

SHA512
0e14dcc8f1299bcd481dc3de11e7bcf7b3dc0da0fbf859014038cde4c7986daa0fe191123a480de4cdc4e49bc62c6a08915263e76dbf3c567c13e7576345927b

Download Submit
C:\Program Files\VcXsrv\swrast_dri.dll

Filesize
10.2MB

MD5
ea9de82f09a71014a79e188b8933ffb9

SHA1
db26b22c92b3c0aebf49b3a8701f08357eb9ea6c

SHA256
660deb86818ac53e8002999e41fc0324f368621aa31dbed7a899ecd935d433df

SHA512
7d2b76a572c58d9de622132072f8a52c2c3cb690c9f4379a40d41ea21f246f4d5ee0e34f0324a8b0307ba260945a3c1b037e35363ef384380ab25e138666ebf1

Download Submit
C:\Program Files\VcXsrv\system.XWinrc

Filesize
3KB

MD5
6f59db0b3c49c95ad815712287e7c5f5

SHA1
6aaf52e2b31815054dba4235ba510def5f267be9

SHA256
7f503023780b91755e15cdac028daa31b89fb1a220cd8057dcd01eead880b66a

SHA512
1abdc4190d3b0c79a97a18dd2386a2a20c54ab04e787f8d09e56935808d7346f8a90bed33176ad5fc0929378131b98b8d0d018d8070aac896a069419e811056e

Download Submit
C:\Program Files\VcXsrv\vcruntime140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Program Files\VcXsrv\vcruntime140_1.dll

Filesize
36KB

MD5
37c372da4b1adb96dc995ecb7e68e465

SHA1
6c1b6cb92ff76c40c77f86ea9a917a5f854397e2

SHA256
1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf

SHA512
926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

Download Submit
C:\Program Files\VcXsrv\vcxsrv.exe

Filesize
3.6MB

MD5
10297f84807f79024874c61c0fbdc616

SHA1
61c617efd35ba10132449cc07de62c0aaedb50d3

SHA256
a00a750402f9940073e1b4be8cf260f368e1a23ecf6f637de3aa4d4b4cd4e213

SHA512
3cdc10538e645ae8c1f28b177ccfa4eb36506ff47984cc77a34667eebf654ecf6dc4647f0bc4925cf8d2f6da51174b3f77803f6df3922ffe34f7453dc0abe43b

Download Submit
C:\Program Files\VcXsrv\xkbcomp.exe

Filesize
298KB

MD5
1a934a263eb12e10945446755a74d458

SHA1
856df9a51aba258ce8c054da82f81c14ebac3d90

SHA256
57b87f1fccf36a449aedab2b5b57dd7bc0fb66f13a2fac900a37331ffeb64567

SHA512
66f803e30aa0be420b10915729dd8edd46cb36dd96d805776d4888c1d0b7c5e75d815c79dd17f79a740f697e861a6283144b9bd87269d707e226ecf9b3ddb2dc

Download Submit
C:\Program Files\VcXsrv\xkbdata\geometry\pc

Filesize
25KB

MD5
966c286a932bdb72277a6ac76f84be61

SHA1
66e290a60c2b1aa7ff681d8c80d771e620f1bfea

SHA256
18841483150a614b750ddcddf9cc71b5959f68129b42fd5a59cb3437e4e62e81

SHA512
71960302ed5c5e20189a5870af86db2034b6fe200d963ed416a61c6f4328e865fa19d16b9f91616fe2361944c4f33fc52336e4cc500215e3c009f8dd90dd805d

Download Submit
C:\Program Files\VcXsrv\xkbdata\keycodes\aliases

Filesize
2KB

MD5
e01f2cfd7b4e39af4ac38eeac76146a4

SHA1
20c6ef1e08a73f32af68bfcbb22f0777b0e9ff1f

SHA256
85f774170fc1526e8a909a1e2952423dae3891b721abc293a27dc450818dcc6d

SHA512
474f136666f26b9ac511371a723bc82872e10eb97c852141bc9b0739a38a6608d3f0f32f9d3f87d590a44174fa043f938404ee4b7898508bfb1973d44d28625f

Download Submit
C:\Program Files\VcXsrv\xkbdata\keycodes\xfree86

Filesize
8KB

MD5
ddd98d9354e69e58b860447b90206bd4

SHA1
6a87880a38701273b9e8e5a639e43e50b608cebd

SHA256
6495c2b7886aec625d3a16ed176cff45f0559b70a15826f4caf445cfef786228

SHA512
4dcfd6b70bb13cc5ce87050cf408081b90c600e7275229129c3f1c7a7f19b985c4f447b84b7bd90776d8569ebf5084bbaf90d8165206febc55a04c8a07e19b8b

Download Submit
C:\Program Files\VcXsrv\xkbdata\rules\evdev.lst

Filesize
44KB

MD5
42bcfe3e924fb218743e199c16230734

SHA1
08731576b9566c37589916fe7586438bafb6adee

SHA256
79894932f30c2adf0720697c6dc1847a4d0b48af30dc1317e56010be57d058b7

SHA512
c47de12c7e70c9a0e808f58a2782b1b7ae85a18a45463916a38c4b4ba539ed296344e3efd2fa6773cd245f97d7e1f017f2cbd9c9b4a0719fabc639e7482095fc

Download Submit
C:\Program Files\VcXsrv\xkbdata\rules\evdev.xml

Filesize
231KB

MD5
5034743afa4ba58309e0ca4bb6798b80

SHA1
db6843978a96af57e471c976a5c9bf10766cbd63

SHA256
e9910c8a328ca31f08b5b9c8b3e31e8b0a3b09fcb979d9b1f05b974f6e6002ff

SHA512
899104cbc1bd5c56c4db4cddd103028e2741499ecfc603464ee230026add1e45582eff4e9599b9d277b11d19794f7015ba7d73b54699153191f2c388dc336a27

Download Submit
C:\Program Files\VcXsrv\xkbdata\rules\xorg

Filesize
49KB

MD5
d207f3b92901533406e31703002534ed

SHA1
3c0630f50c97ad7fa7e41368d52b0faa04bcd02c

SHA256
8491aa3870c32548609000221ea59826733ebea62740ba72e08532346cc486e1

SHA512
808cc5d9d17850aa37530a4ffaf09b0f8f276b39add2dac32252e0532364961934a5fc984cd0ad012315a7fb2d1c624503271e188768c141bde4300d177be6bf

Download Submit
C:\Program Files\VcXsrv\xlaunch.exe

Filesize
175KB

MD5
53059ef5f499271d688e1d4a2b848c9e

SHA1
3138cf4c87fa176f1c0bec178f5abc2e418719a8

SHA256
51d27308290326a2f1a95a6fe67013cf36b1490bc1dd5f462ce1308aa67ce0a6

SHA512
ee03a2c26c15089635e883d682673430db6ccc1520f2788038817e4f140eaeb3f15a8a62fe7e9507c45c8fc1bb2b22faa07037ff55ad6ab0b495bdee757a012f

Download Submit
C:\Program Files\VcXsrv\zlib1.dll

Filesize
87KB

MD5
c1d1cda6f531f2f6f5d92b7bbdf1441b

SHA1
2fd23f064e7273fc764d060f8239106fb2e3ee0a

SHA256
f3013a30ada809f362ea8a5d6ea5d73ac4c8ee37a63cf7aa1306395f2e6a73a7

SHA512
7e43d662e5dc9775a91017863f135279f06d3ecc5fa34919dbe75884c5e33e70dc33db4127615931a5c9171cacfb4a25e4b2a272ed7a266d94320c570dc29b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmD68C.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\xkb_a03832

Filesize
311B

MD5
ae6099b85cf164242d1e272553bb5795

SHA1
3b7f4f2ca49e77899891dfc91df29d71f330e749

SHA256
46d3af7295ff52ea426d3a72cc25c2a55ede1dbc8d8c9a977abc92842acdb181

SHA512
bbba9b168e2a2da5db348cb5dbb0291097b85ef63345d5a298b952fd33989ff080fa4725454ded319263463fd0b74bbfcc3345bf14bde0479944ab2fd71a09de

Download Submit
memory/4956-5879-0x0000000066000000-0x000000006616E000-memory.dmp

Filesize
1.4MB

Download
memory/4956-5878-0x0000000070F40000-0x0000000071478000-memory.dmp

Filesize
5.2MB

Download
memory/4956-5890-0x0000000066000000-0x000000006616E000-memory.dmp

Filesize
1.4MB

Download
memory/4956-5887-0x0000000070F40000-0x0000000071478000-memory.dmp

Filesize
5.2MB

Download