xenorat | hxxps://github[.]com/moom825/xeno-rat/releases/tag/1[.]8[.]7

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2024 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/xeno-rat/releases/tag/1.8.7

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

localhost

Mutex

testing 123123

Attributes

delay
1000
install_path
nothingset
port
1234
startup_name
nothingset

Signatures

Detect XenoRat Payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000b00000002350a-779.dat	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat

Executes dropped EXE 1 IoCs

pid	Process
5132	xeno rat server.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xeno rat server.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Documents"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b98ea471d7e4da0173d05f0be3e4da0166551141ad0bdb0114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000b98ea471d7e4da016b9f3a1dad0bdb016b9f3a1dad0bdb0114000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "5"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
1936	msedge.exe
1936	msedge.exe
456	identity_helper.exe
456	identity_helper.exe
1868	msedge.exe
1868	msedge.exe
3276	msedge.exe
3276	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3276	msedge.exe
5132	xeno rat server.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	1824	7zG.exe
Token: 35	1824	7zG.exe
Token: SeSecurityPrivilege	1824	7zG.exe
Token: SeSecurityPrivilege	1824	7zG.exe
Token: SeRestorePrivilege	5352	7zG.exe
Token: 35	5352	7zG.exe
Token: SeSecurityPrivilege	5352	7zG.exe
Token: SeSecurityPrivilege	5352	7zG.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1824	7zG.exe
5352	7zG.exe
5352	7zG.exe
5352	7zG.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
5132	xeno rat server.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3084	1936	msedge.exe	82
PID 1936 wrote to memory of 3084	1936	msedge.exe	82
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 4852	1936	msedge.exe	84
PID 1936 wrote to memory of 5028	1936	msedge.exe	85
PID 1936 wrote to memory of 5028	1936	msedge.exe	85
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86
PID 1936 wrote to memory of 3684	1936	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/xeno-rat/releases/tag/1.8.7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff305346f8,0x7fff30534708,0x7fff30534718
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1284 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3164931196012202024,3579642927256118785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6432 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3276

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:64

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap29595:72:7zEvent32672
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1824

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap18716:72:7zEvent22408
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5352

C:\Users\Admin\Desktop\xeno rat server.exe
"C:\Users\Admin\Desktop\xeno rat server.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:5132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
90KB

MD5
48743a670fa866d07b162f046726b2ec

SHA1
5f180be674c56c4519f531f0796b5b958c20127c

SHA256
9d436fc2f3d4ec40a0e3ae981b315036ac944d2347995d37c27b059db59ce966

SHA512
cbeb13a3ab5e6cd811bc64a14304f389d56de091db12618d62fc223de96e686545393eda1fde83ffea24468ff77953054b25a4a7a87ae2d9f61283c3ec46f69f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
28KB

MD5
0cf073ce762780b25ab047b7bd97a1e8

SHA1
be0c7a673506bcd55bf1822c764221ed40030ac3

SHA256
5612e9131414c70749cd41849fc05f52803ab4638eefa88edcab8719c2816619

SHA512
7dac21665988e09c74ebdbf85da4a69208cc167e807056da03936bf5899e78d4dd2b7e2ce302fa559450c9df33483bcec316995be19c8adcc1cbc46a67d0fa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
78KB

MD5
35a46116980c974751122a331d47fd84

SHA1
cd6e9014e38596c681641a27706124b5b69f86fc

SHA256
ccab92b9bfa43457f743cd83e454bcc63a768deb352fbad2d06d718eb2815a66

SHA512
aa4f484d3ca65525d5613243797d7e025e552dbd4e68bd9887d88d32fc6928c13dd7a47e8f97c77436924478d451445fa121d1bc1958a0ba94a2a05159345048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
96KB

MD5
b27770d4bf79fab41671f55c9764a706

SHA1
2545d01a47925ac326cf3220c2bc149cf7ac1921

SHA256
70f52e2b6023d9d9a5c515dec9f87d398f326611081eac2aaf71061c20ecf385

SHA512
8d892ef3e6867d1fbc6c5f2cef45b2ce35d3ee643e0f396bfd25b129e95cbee04072dc054616715a27c64658a442ca3698bf9032f8a0482573cb24a7302f20b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
20KB

MD5
1435f3cfd01bf0f3c24b8983e6780db0

SHA1
439ab7ffa6f9d5b654710691d8736eedf2b6e892

SHA256
8cd3f9f312e86bade2e77eb25c28eba805707909441d49e29288944677ce6d47

SHA512
dded0517b2c8f6c6ea045ba87f3ae870df63843291c3e2219e7bdeb4e33baf360b5fdb6065f0566fd1c79253105574ee4ca8cb13a11f7e6a51bf20eacf03155b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
125KB

MD5
53436aca8627a49f4deaaa44dc9e3c05

SHA1
0bc0c675480d94ec7e8609dda6227f88c5d08d2c

SHA256
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

SHA512
6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e69b5b753f8a2bcd68a70dcce30b205f

SHA1
a144d06f991618a3ed5d20fc2c39848778cc3e31

SHA256
26c370b0359ffbe6f7295f73abc6b37653230b5782f6ceb7ba5c0d5a89795302

SHA512
ccf1b122f2ace77cf74c673ac6a31a7370e1314e073c7419195a8a6c645ae0d48a51e0ee211fd8ed0c5daf6d0582889a3b2a0ad8c876108f20c44805a9278f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2250edc3967f5517959c5b4d8521d3b6

SHA1
62b79a74c66586fb14a701c840585533d346ed30

SHA256
357a913c0657894016a48106fb607f551e4ac385053722aeeb53a0a6196a9cf1

SHA512
0e7126035cd3db78b3390cc883da0b09060628189a8385bf390772edda7c2ab6315b27274ff260604757b9f2aaf97ad309ebd23b0eaa1eb9ffb62473366da3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
30322550d9f9c54f345ea1c71f3b2e8f

SHA1
b5a3cff2995147279c2bbed7c03b2280ecb286e5

SHA256
4e7798d8476361378f8fbfb0442db63c7f6bf7e1830d50808bfdb8a58700d8f9

SHA512
261d1f5bc9c8a369f815eb846c252f54681f70862153bd49959411450870207b3ee240cc9016533c27401922527d561cc1ea7bb23708e4a257f071d010cf55ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9df3c3b58fdbd0e15521c2d9a499f4db

SHA1
a4393655e1a81961370434ce59c82ec5e4d889b4

SHA256
b6538249032379b9b68c1381e497e049c4afc70e82f03fd38269e939c955d840

SHA512
9044e56288f9db12a74867e247d8b221c95ef38014c71f8745b58f3649706c30695304abe1e5441b364fe16f516f76d50676e75c9c61f64b8266316557ae51a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff2fde3cc155d4f4ccc415edf70e5c62

SHA1
192871f91bb91a8b72b14c7c1e6fba84d59c17a2

SHA256
cc94be179f7ec54fe30ef7429486c93f15b5d532b2f0c774dfdef88096b9365f

SHA512
d76b683a3f05a1857f8b9d0d7f359e996ea92949de688f635ce6ca76ab626718c0e7283f52cf1b7a99e52ca4684f7537a36c1de26784eb71b0c0c2f6247ce16b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff08df71e04a73f2201439eec327897f

SHA1
c40444c01a9817a7eac632b1a8bb4f0c9ce485a3

SHA256
379f7bf52b37053064e59d0a24395fc2e168dfa14f713493e83720399c195827

SHA512
3e317c205c854711d7611264c1abdd4cac1f87170aa3177597a0c8a3f34e0d4f51acb9e6aa39cf06a5caf72dce074d9957960003846600f0306004d47b1fb8da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f36cd058715308ef361223fce4252d6d

SHA1
3178ba4fc438561ebe31888009e87d6dc5e4fec4

SHA256
423838147cbde5d1b69b0e745d5312310ecc69def08d7b15de976d4a6cc8642e

SHA512
766d78168ff7c6294df2bef5e3d04fba3625e6186d05f7e8e00bee097beadfffc641af71b46a5f852eb60d9ccd94c4fbcf9563d009b9aa7f2f0903f0c13d0359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b173f7fcc9c08fe2e9eb11c1d4aa1dc4

SHA1
04925f7b71aaef201cf617c52d892de4f0bef916

SHA256
1bfe4373fb222769cde5e0c341a1d41393b3fa0c36cef225fb2d0f58acfa113f

SHA512
b1b944e4e09102ed4e46b85ce8aa9dabd18a2ddfc204b8127a49e88fdeb2625cb2e430997dc5b05b6825133c395f02f8972f0b0a9ff565bcca5fa8d35a5d5735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6314f43fc801990417c8bb3863ebf728

SHA1
587b16f1dcadda077cfa4516d25f6aacb5410d67

SHA256
35ddc9ec93148f6d82d523307eea39554574c4d02b9b26e5ae772eb1d702b9a4

SHA512
50e7d770d57ba3220980dc7980b939b85036d384dfcade8ac1420d99bd4aa9c738b109835202bba41095a56df57d12dd473a24db6685efb109a4c588758deebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e72556bdfb3e81b31e97970a78f81430

SHA1
813b8bb6bedf82a39e285f2013f774c1630abf94

SHA256
ca58df9d946478f2bd4b4eef2d6f79144f56de7cf04ef95dde7ddf23ce20a84f

SHA512
d0998a3e04c6f88c52b1add8a3c9ef7e08459c9894525c55d03f20706ab1360042f76a4565e661e30c531c60660d915bb7e65c5bed71fa7e8188a609a4d54acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5952e9.TMP

Filesize
48B

MD5
db985644eee728184d4f63fe2f61f9ec

SHA1
3d58c5493094e3fd8adf84244af788810aff0f16

SHA256
07ece158c5475d76430ef1ea6ef975251b841c7646b410010431c2525f221caf

SHA512
c46b32ac93059308201c3db2e8da32982505fef37513ef571c946ac962da7bee7a1c9eb3e7b3edfd4d9ffdc4f7cc954f0e5bb7d9d43793c6a69578febb2c31b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b54e7955bae06b75954d553d4efb9881

SHA1
a7f873ea42e37349a0dc3f6862109252a3650738

SHA256
6e39a91364779037c8ab3793b752903ef1095a84402b6694d9be4cb93097995c

SHA512
db6399415329b4ef78b384edde39e73a13058406146de022fe35aeb4e2da6969274e1bd55680d6aae1dc5fdc02da5a984942a816a43af3104a4f8bf1e380fbb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
1530278afcd30f3c7648dce65c11a85f

SHA1
243a7e25c72b1fe5c909331cc728ed50406a95a1

SHA256
bb49ac39b95463363ab67e5830b97de66a8e1fe5a3ab7b934aa4bfb4c9060592

SHA512
479eebe53d796d425d4227229f9eab1c67e6802bb19049260c60e27b8f705b70b7a426be563d0a7e3fa7366f3062eec8e30d382b06c5aa7a34e6692fd4eda6dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
e826449e28ced375902ccfdf14d1e353

SHA1
ec98bfeb71d8d158709a4d2c63caa58221d15dc1

SHA256
9c2a1bd77dd2b7d7d9d2e672444f5068e894031e1cbcb2498171462f47d87b2e

SHA512
71296951160b39489ec7aeecc4a5ca1b316e818fba29d1791ed8322b8ed1f38e3eb44d217a701c4c868961988f96e2c7dd67a561f6c1db0184cbb14dd08391b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e06d.TMP

Filesize
874B

MD5
f0ce43ffe0c40f745f56a1cffe0cc10d

SHA1
8e5c2d37b5805d1d65efca1f51025126f85e7cfd

SHA256
f6fc89f357002de5cd9db66420c3bff8ace44dcc9637296fc1646344a845ee9b

SHA512
1b207afcdac0355dda050fd56b50c108573d49f8e0e35afe84c485d1569b3d1a1e068c086c370da35fd3f411d75e91d3d501baf66240b7c6f5e63280507b9885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e35712046d5d117aeaf763330544d710

SHA1
b808024bccd7988e66899b53fe49039442d72ea6

SHA256
6fd9196879fbdd4104fbb9e50cc55c89496f7539989da88e08557170cad76f9e

SHA512
9af233cd7b6a1fd111871a03c66bb20ba53762248b06dcb00bbc40f41b217caedb1136e685b4dc4015a4f954a74600dcbefc69d8e2ae087a2590712dee997986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12057527efee867345c5f834fa3fe936

SHA1
3e0107e69dec6463c56236ef30a49c078c08ee8b

SHA256
235f4d9a108654f2a04b24626631ea81664e9da1ea2d2ef9f0c0f5a77d149348

SHA512
08c5f335fdc8b078bef421e9b353477f5ee0c4875a2615732acc5696bc9a83447c6079a437c83397447103bc6c2a013706cc3ee3326ac37244546cdf5b304e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cf2469da29eb68d96e63dd9fed9db739

SHA1
82a6b0947536619bb1573597f8571377349517a9

SHA256
116720951fe0e3fcfb0f6bb8ce7676d4ba23dfa0d4d4c7ff976284d87e7dd525

SHA512
523741185b73f8eda8c438e55b5e515fb14dc8645374097f1fa7d100d41777b29e708185907de95365fef7d132087d397258d589fb3bf42dd695c816a4cded03

Download Submit
C:\Users\Admin\Desktop\country_flags\ad.png

Filesize
1KB

MD5
68474a4935598753955993ccbd7062b3

SHA1
79f32a99fa7a3761d7e7b592bbac279c7a1d5559

SHA256
6e45d3cec2a17a9b9353b68288934e7c4931a36ec271b595750bf8441afae019

SHA512
631cb2594d55d14f3321cb1975cf7e35ee0e79d63c9eec23a39851849ef17cfb81edf74a6f906d92ef4dc9ed48c230ec7e3966e71a91c603beb6708f81aa90fe

Download Submit
C:\Users\Admin\Desktop\country_flags\ae.png

Filesize
687B

MD5
0aad6b193a525af068832a5f3312dc3e

SHA1
75d2268655d2e9c2cfd39f4512c1ba46d701e91d

SHA256
6af9e1cb4e4c86a1d1b9f2fdb5c9a4eb554f4cfb674d8357f2e7e1086de4b4be

SHA512
0cbbdba73d929ff425b55abc437b82c8b56f29ec9a7b59573d134e3df5ceaf8bf928f0c4049f7a9b09638337cde8cc9cdcb0a823101d121ce99e57f5f5726cc2

Download Submit
C:\Users\Admin\Desktop\country_flags\af.png

Filesize
1KB

MD5
b438e2fcc22b7b7138a2270b0c46c11c

SHA1
a725f3930551e5d9ff2c719d1a159942c33ee659

SHA256
2e738e232ba262bd7b40d39f0a8ef1b68204381b0f5d97367c8b827aea9e83be

SHA512
01df36890f1cf4fff686ae1c16f2e18edb5fd2b88ba659e3cce651b3ffebe371e4dec1fb16b27c2714a6d4dbace1c7da9e7c59aff58579b111b444622eceff13

Download Submit
C:\Users\Admin\Desktop\country_flags\ag.png

Filesize
983B

MD5
f16d86d6cd9efed9d56c4e27222225cc

SHA1
2e1a7b01df725adcbdde98b683a2788c68eeeff2

SHA256
8cf632b5d10c24e29c68082bdba8737269f5160360985f9c306e8b20940552ac

SHA512
5b970073ad7b7561311d83ab5bd8d6de5486be90fd6e4ddf0581eadbdfaf007926ae8747141cd2bcd243bc254bfe0eb2db0ea3db01759361601350759d426a8c

Download Submit
C:\Users\Admin\Desktop\country_flags\ai.png

Filesize
1KB

MD5
2e5628753b22d149925f2edca861cce8

SHA1
eb12eec16eceaf289cb33cb4cd777b369d85e793

SHA256
d95df82e43d2e94018a777083e68bb5a00260912037fc02243ddfe3a0a377f45

SHA512
7db7b846c7710e8733928113acb9f70893ff16d06775c9862d03d075ad0fbe429a382df1f26ebd4836eefeabc1b8cf7734a7ef1b4b478c45cc2bf5ed2a1e8be8

Download Submit
C:\Users\Admin\Desktop\country_flags\al.png

Filesize
757B

MD5
8109adb0c3baf5d82c44385afb369943

SHA1
4bc749135d32c08bd0557bb67ddc98a858354835

SHA256
2e005216be2a847983ebe9a5a4b4ff2936c9008cc7c925ed7059350d4fcf370d

SHA512
56f8f92eef8b8ae2e79f0a3a3b08df2ca22da658cd417fc3928d0895058776536f33ae93b61be7032295c9dafbc9b369016a16be0e0a4aa3243ad60f3ac3ff1d

Download Submit
C:\Users\Admin\Desktop\country_flags\am.png

Filesize
887B

MD5
d833529f7fa3d6229f5d2022dfefd1e6

SHA1
6f46a741c8f13f4811fff2be726617cc679f5514

SHA256
484fb381d03d5e519fab2c4dde2b78f13e67594713dcf4083a55d713a1eddae7

SHA512
126c39597b26569f52757cd16796886f180b04d78182070a586852df87413205e01d4e6fe9e041da207011804fba3db6c5f0adc27ab378ce7a6ddb2300b1ac75

Download Submit
C:\Users\Admin\Desktop\country_flags\ao.png

Filesize
734B

MD5
1b6993d439cd730838399aec3b0fb44b

SHA1
18b30a13eda5a7b00e1ab12f9b7534ffbcd3eedd

SHA256
27e99589098bf031636fa0eae8ad7881e54181978135375c7f599f6e49fa8fa6

SHA512
4ab06e0d6eec0cd1480baf66d5c4bb9d5a88ca0cd16d95b52bc2f26da23c18a7b63a75f4cddc27d4b7563375d1f49d3deae8b108adff29c3c0a0dc520307ffd6

Download Submit
C:\Users\Admin\Desktop\country_flags\aq.png

Filesize
793B

MD5
bf7280a322bac987ee3e421dbc5f6330

SHA1
6c4a9108c1a5125975f235df5956e7bc16794d20

SHA256
956390e90c1a201ed454b741eead49964393c3026d5882c47b02f564c7c94564

SHA512
d037387964cbc1c6fcb1efc780996886e2e92fa580f374fc7ae5026854635209f69efb6f57e0a65f06a1e3fd60a8ebaa31482f2f278e9af1c4efd90a345fe2f0

Download Submit
C:\Users\Admin\Desktop\country_flags\ar.png

Filesize
830B

MD5
69cf780d75e1619d4ef97a1cfb485f37

SHA1
8d65ef01654415778dbfe664a4c3167ccd5cbbbe

SHA256
8438d5e69e23edc2054c6ca8f5b5eae4bbda37adec341a2f63e44ec7af2ee3ae

SHA512
df83d8938e5d7508b385a209bafa0ed11afdfb0dd8d4e16782e397f0addd2c54d1a55dac7bc14a704b50010ba1fa013041d8fc19aa3b98126614e0282821658e

Download Submit
C:\Users\Admin\Desktop\country_flags\as.png

Filesize
1KB

MD5
d3fa2caf8084ea005f29dace6a1c1a2b

SHA1
8922a843a5a7b6ecb0a47dfef6525346b762b64f

SHA256
4c4d9b46ee8b8648976fbf45f3baa20f1d2bd81d955f4ad12e5f185f0184bec0

SHA512
fdc0ed2421d1c9a1dd8199cb047a35c6b25cbb231dc0c2beae22c9dad997273d73ebd1e3a4f52f980909c1dbcc3157832eb73072d23c77fc76652dccf7c4b341

Download Submit
C:\Users\Admin\Desktop\country_flags\at.png

Filesize
651B

MD5
47386d35c3bc3d7ba01d5a1adcb240ee

SHA1
77993763b9809110d121436e2eba607a401b9a7f

SHA256
f9167d1381d27d03c461b8d467406b08b1ec1ca128ef455224a79a54ef1c4cba

SHA512
2cc35e482f8788bb112f60ce1dd18dc3ca2d791ae80994a7a0e3a1c4bc0b95f29edc5bed6df012197089f04712edb263ffd494b5e73c8a369af1bcffea3cd27c

Download Submit
C:\Users\Admin\Desktop\country_flags\au.png

Filesize
1KB

MD5
15bbd2633ed2f55b2022585c40300988

SHA1
16faecc7bc0e49d9703427823201da8a9dee0f3e

SHA256
515102fb7dab425bb3492eaa94e7ac51306d93d01dc8fa83aaf7ad9d3df00b62

SHA512
0456431b748414c018c8fd7080bcf7dd65c68d97475111cb2aecdfb8b8b5d17bb6ef1786a91e26c480bdef5c018b5e4043cba82d88b3c789e55a1a46d28bdfcf

Download Submit
C:\Users\Admin\Desktop\country_flags\aw.png

Filesize
1KB

MD5
15b939b6f1e18d1c00c7365cbefe135f

SHA1
8cacf901d1207cecb8b925678701b75e2c19c403

SHA256
88dfe3018ff9550227b65d71eb80ca826e77cd760b12790fcd84bb6c2a6ea79a

SHA512
1a933aae54a5d6ac4c52c2de249de5dd7180e4fdc630b4c993bcd1d018712edfad69d6c0ffd033fbc050a95c7fba90937ff2c349c5c7c3ccd73644aabfe6da2d

Download Submit
C:\Users\Admin\Desktop\country_flags\ax.png

Filesize
1KB

MD5
27e057f1aa91f3a3fdbf354c701e9ab8

SHA1
176861508ebf7c814ba29409a7e5b5bbc04aa5f3

SHA256
f81df1b62a4476dbbc0237f024f18bb509c62037c319fb252b86d8de8d59d122

SHA512
756307faac7289f6d4250d2ef1d1086b5076cb6275be7b5d867d3451cb65a8fb70584e4286ad7aa483ab5342f6dff9bfd27562b583dc5e921530236e4c89d3b3

Download Submit
C:\Users\Admin\Desktop\country_flags\az.png

Filesize
1KB

MD5
8e6c46e33d4ab8ce843fd82bf0cd164b

SHA1
41ccf6b437adf53667e86cd55398aba51093919a

SHA256
95df1829f101a8f4adc6e3e7f4e1f8d6224cc0b8127729032d645b26cca7b0fd

SHA512
05812b0a89f709de4130c6b9c0835153a77b496118c9beef962abbac7a8b960ffa5e8f19c750fbe24d94707a3ee5e8af4744a5e48ff59f92eb9dd17a82f6b1b8

Download Submit
C:\Users\Admin\Desktop\country_flags\ba.png

Filesize
1KB

MD5
4eb708fb9510b271281d25752d504718

SHA1
077fbcc85234448e47052d161f8af2effe5b587b

SHA256
7b523c68fefe0a7df99e8703980206e728d3c339e1326b70824292ce654097ff

SHA512
bdb346006ce4006866570a914d890a3cefdc509770faeb8535ace87d93101f85add3f58872dac15b928d230dd2942aeebdec1ed90303db2ed122b1c8d343b405

Download Submit
C:\Users\Admin\Desktop\country_flags\bb.png

Filesize
963B

MD5
e1e028da72b38c64d76c1043ebf917cc

SHA1
b09a3bbbd52ebf6cb0a246267e5636db1f879853

SHA256
a944e7cce43b21f0780eb94a8a1571ab233b2b73222cba01cfccaef9734a064f

SHA512
740bf0a81f5da2f9320339271d8511af00f84dd869bfdc9678662afa6d5d7df751c2536037e10d448d77c2667c9f61c2d8545123ac03b983e83bd0289de08fe8

Download Submit
C:\Users\Admin\Desktop\country_flags\bd.png

Filesize
764B

MD5
4ff4808e4ed9fd060050379d38ed7bac

SHA1
3115ffe9a401d0f1f5c7cbbcd9ada9f365acc5af

SHA256
02f8bff79a1eb5201547755ec8fc8611b605fa8a85c225c38de7578040976cca

SHA512
ab86bc614a1ec6a8656559cb6ad5c0adb3b059f1080db8d53a63f14e115612ff51ae783f35f64490ee8626f3df4d8760e796cd66128ee53c5abaa84384d9b568

Download Submit
C:\Users\Admin\Desktop\country_flags\be.png

Filesize
654B

MD5
56ae68a6e0b4aadf02609736ee65dd0a

SHA1
54f6b698277409722b16427e5e7a1db2e2783e2a

SHA256
968ad30023dbefef58409fb7e86d7ff43f9207ad136444a4cddcf2a29a7602e9

SHA512
d8ea14b827b60fc4cefcc0e36db862300533473742f33d7e70bf359f02874f47a0a54289341537384e5d680319542eafa46d80d506f28ca22b19e3e138507095

Download Submit
C:\Users\Admin\Desktop\country_flags\bf.png

Filesize
766B

MD5
09096c9b04a4dcab8c716b2d6f3fe878

SHA1
5dcdbec1eb0adb7c5b478ae9626c76c092100b8d

SHA256
053a5ac85416b8c8355ba613b79325ff8734f3ac16305616ac2bcfcde95a8fe6

SHA512
d10b823bd048360075f7a915f7d4a3ca96d7c647d72616e4fafd09d5095c7660a9ccf5207faa8af9c5c88a01ffb9cc85f25025c6b00542e89f88c265892505b8

Download Submit
C:\Users\Admin\Desktop\country_flags\bg.png

Filesize
765B

MD5
15d9a2d4d4eb0a045c7f082ff2987ee9

SHA1
d780bcec786ff9a78f0d0acd47a86fd096c79117

SHA256
963e10d9f42d27225a514bc1fb89aeb77ab258cb278e4850b2207d80d572ae74

SHA512
2c816e9d6948d60716618bed3f7d87f8a28c5369dca80fe9ebb30fbf0f35d6e576fa55a879b53a3843246e118fc39cbb5a266fc83ef1a4306d0fc088d3229b9d

Download Submit
C:\Users\Admin\Desktop\country_flags\bh.png

Filesize
747B

MD5
34f84d7c72119f0b672641450bbe6c40

SHA1
6aef283ad7f3b8bd4d45c955731d715290925d50

SHA256
ab9af1e42b20793174222b3755837cf06b574dba14b9c939db7ef01dc4ccb277

SHA512
b182ada47015996f3052311a2f1e3db556e8bc2b597e73b78f2f7f4366727a69287ad998fc83f8b782a0d1f2f606240bea433fa6251e605d891d92a2bf2a263c

Download Submit
C:\Users\Admin\Desktop\country_flags\bi.png

Filesize
1KB

MD5
18b763caf78d097de5d2ec4c70836263

SHA1
fdc6fd9635f09f1c4531258d0ac1fb271a4e9fb0

SHA256
0bf069eadc836e452702cb7217a85bcf4df656702155c96414b272bab0321a8b

SHA512
3011f6763f2787e7110813bc7c93386fd9b658fb7197094ab138bd67367d5ab67780df9f46de8b9eab625dc04caab862f6eb3b15530e38f5e257cad2bb9780d1

Download Submit
C:\Users\Admin\Desktop\country_flags\bj.png

Filesize
853B

MD5
03cdcda8b815a5309282300402e338a5

SHA1
76892ab949477e558fe4760d17a5a357242a7b6f

SHA256
5bcaef0b2129ee077c6a45fad9614b1c20fa7087e20a9a85e4146dbe47cab7b0

SHA512
a4f523eb92e7a82114625761cc4aa493242e3a27da54cdbbb9945793b753931e966840c30608a56237658e83579f73ab402b3f9ff10748bccec3934ff989fd1a

Download Submit
C:\Users\Admin\Desktop\country_flags\bl.png

Filesize
1KB

MD5
ffa7d1b59636928e39881f1d0a0edaa3

SHA1
400ad9971d41b7f31a109f0cc7e90d2020600356

SHA256
750e0d9fb423608a1de413c843cbec1ac8d2e3e82d6a2531afcf2a472f899515

SHA512
fece6377840a8cb3a395b433a144fe244b9b4a0f24e3e821fb9d8d5c1c78ab9d4e4a2275b17d142d16ad9f8f590fa19c9a0e716fc929bb8fe13a0553693193fc

Download Submit
C:\Users\Admin\Desktop\country_flags\bm.png

Filesize
1KB

MD5
37d93c75e0c74aff9ab7d8d37c3b8e7f

SHA1
ae5a8e8178c60cecba78c529c94c23e079e94414

SHA256
42bd53dba164f119c44148e6c9bc28c0b92220800a007d499f253d1ae438c72d

SHA512
bd00f76432d816a3e81f34fd19e3002d134da223cbe6d811c4487fadceec42f6cfda17eb7577ebf514dfc1ab9a3b3cbc0c556654331c5fb76578a49a197b7043

Download Submit
C:\Users\Admin\Desktop\country_flags\bn.png

Filesize
1KB

MD5
f96f107fc7dc89b9113214c81d883576

SHA1
f10f384b6a5f6a3979b59b1e33f7e4f4b3d6cc18

SHA256
5e9484dbc8a347b857258606d4705394f7ba8aa6f10b53b5dc58e55524ad39a7

SHA512
9e94355db2dba83c097976dcc1f74d39f01449e376418d4a5907d7a6a15aafa6c30d78445550d16d5ef1ecc5f0a1d1255e4954d8496e4bc89cf974e5f6519f46

Download Submit
C:\Users\Admin\Desktop\country_flags\bo.png

Filesize
1015B

MD5
a00567a7f443d14523d414e1d1c37c01

SHA1
c143926a9127570a0a4e8ccc5af374c6f155b029

SHA256
ce52a198a07350d5d0fcdd55e914aea5ad81d2ec10e39e76b32255631017f838

SHA512
cab600088b03f2ade41a88f0a1b0cca9e86a1edd832a5f270d81f3e4009a9d4833e17b5fdecf80ee3106d1da2d3b11d809320dc9fd26c2db60542f28dd2c040d

Download Submit
C:\Users\Admin\Desktop\country_flags\bq.png

Filesize
1002B

MD5
98b2ab646a5e61eff3dcc3456fa5ef5c

SHA1
c2ecf619bef994cfbdeb7761fe81ef0b05044c9f

SHA256
a9d2823ef28a3f87d60526f7d71ca2df41dab1ab0adaab11409e05e8e5207971

SHA512
c88b888b62e8844ab175fd7d5106fd14c34479003a57524d2e362d5db14b097d7b07676f59484f2f4b1a0a77c4913e56be1971c73163ad59d3f969532c7f5605

Download Submit
C:\Users\Admin\Desktop\country_flags\br.png

Filesize
1KB

MD5
e650e4a38ab3cc1dd03e835db4fabf46

SHA1
d517da25d527101ae9fbcf4d7567759252cf4b3c

SHA256
ba2c9ed05d5e1d7c6b8a460f1f21d6630938d179eb38a2e59a5841ec5afea543

SHA512
c216e68cc9ae43ba24c3d4cc86549e2efb0de86980197b6ea2cb6653f6d79aca66f948c2eb598746d0750bed4f0cef0551d6a4b1c651671e424de3b06fd8f55a

Download Submit
C:\Users\Admin\Desktop\country_flags\bs.png

Filesize
877B

MD5
567968761d29569f8f4ae2008922d64a

SHA1
5651bf8b16071adc0bc86d0de6412ab580601a6b

SHA256
8c6827bd280ef162aff6b42c25416a61daf36c0982862dc5cac9d31480f79ab0

SHA512
1d88648063003e5b4fd1109337fad4cbb769cba30be811676634abe6d082dfa86543153e01944e3368d72dc1802ba9bcda19de8ae321920dd0fb0fc0e817299f

Download Submit
C:\Users\Admin\Desktop\country_flags\bt.png

Filesize
1KB

MD5
871708b85a41dbf488c83c0f6d38847e

SHA1
af8858c51803ab9925e1168eea4374eab453b10f

SHA256
5cb7a5818b14e0d879a9b91aeecd9c64c6dab2f468a8147b86b117f6cd43d311

SHA512
14cce6c1b446e54517dde1241a984374808ca8e20683e49a941fa19342d4958853e000ce99d8308fde9b0d6f092f16734ce8ffc6a7b0b3e7635ba04926808b47

Download Submit
C:\Users\Admin\Desktop\country_flags\bw.png

Filesize
851B

MD5
3243d26cca90de9992b6067af59fe61b

SHA1
c9494ff65c1acf60cf748772069598a0446962d8

SHA256
ba18f482f566315edc8db6e8874fdec95731f9e46cda105092080ca02f0c2540

SHA512
fdd3053487ddd46913503392b1c1047c7ff031dd96f7e26b659ebfb49ac991dc082bea686527cb3d78e7deeafef2cf8318bd798fb57b600cb5148879af10a114

Download Submit
C:\Users\Admin\Desktop\country_flags\by.png

Filesize
1002B

MD5
39e046973fc2969bf7e54c8b61770d3d

SHA1
a39723071a4426f8627802f952c11b41696ae5e2

SHA256
25a1fb58dec67ada5090771415da58ea598ae629f28e52420ba53f5f59d0504d

SHA512
2691b0eb7c69aca4f00be377bfa477ce9c38d0c901dfd2ffd56348f1960b3931e8183487b8208159b17785ce7e7ca206e999c80042d83824b4631d2c410dd73f

Download Submit
C:\Users\Admin\Desktop\country_flags\bz.png

Filesize
1KB

MD5
04df3acbfaba16034f2bfd9370d36209

SHA1
2dd58919c12245b59b782e930353b2dc781cf58b

SHA256
91327f9a8a46a2a660f70fd22ad589b9ae07b8617ee21d24dc0360d6b00ff0b2

SHA512
59cd1cd196cc35e9775229ad1cbe72beb56fa2e54a9b6cc3ae0073024cfc6b0e2002003b667976025b5dc649571d1c0ead89264a5dc341d1aaec210b95f48444

Download Submit
C:\Users\Admin\Desktop\country_flags\ca.png

Filesize
747B

MD5
5941934b5f8ff897111959984b554b5f

SHA1
f3789b6d8f923c3dec484a50c1a898ff4f8ee9a3

SHA256
7b4509c54260961e637aa3e44c3c911631137ce300ebcea5cac297286023ec93

SHA512
0cec0e8f4210ca3ea4df7ce795ce463c7de3f2c0d18cb41d431aef6041893f1fdcd56cdec6955858c1e759b615264567d9cd4a4ac5d0b640ca3688c7c890a30e

Download Submit
C:\Users\Admin\Desktop\country_flags\cc.png

Filesize
961B

MD5
4e5f94be5a63a2fb0f7f09b13c709ca3

SHA1
919700a8ff35c79293af2293e1211f1a513e5504

SHA256
0156d11191c6c7cf9164cfadb164b07d15ccc2b4e07182714d0c44a7f29a8451

SHA512
66e018c28ba5231b4aa3564b8aff87addae970ee48cecb042254d7d7c20ef763cfce8b24153878a7179bfe4e038941a1dca506989e21134785673cef4f5c408f

Download Submit
C:\Users\Admin\Desktop\country_flags\cd.png

Filesize
1KB

MD5
f39d846c77218c4be0cabb86c5de400f

SHA1
1ece3bf46c237048ab866fc9396e0a5ff7b10416

SHA256
0890c7a0ca097f03cb9c09f24ab2e55a1ab234635eaf0b6c2e98e0afaf60e43c

SHA512
8970dfd053d6911c07c62ba353e817a2732fbb318b122eb1865f760b209d47bfee9e63dbe0af978fb831cf8a322aeebfd370b2b1d9a9b839bc752a93836e825c

Download Submit
C:\Users\Admin\Desktop\country_flags\cf.png

Filesize
1KB

MD5
06baaa819f4877ca461c78366f7281de

SHA1
1296d1334691690c95cf7ee27faa5b0e15c4a837

SHA256
5ad829236ef89cc8d9d8ff4bae28cc4066186d3520194bc91ae3d2e050308e33

SHA512
2869fe105dbd89098cfc198c9a8beecd9fdb270295911c6cc6b6d8a1c8306869b67ec4f04fcee5090b023036615f05d2ed80aeac9760f810b9725777b54b381d

Download Submit
C:\Users\Admin\Desktop\country_flags\cg.png

Filesize
918B

MD5
1434cb15bc1666c296b2e23bacda5aa0

SHA1
8b6416de2b072a4be3ada2ecfe22bddf3fe35931

SHA256
1003afdd38cdfa5c45aa8977b8f0906260ebb4d4063cf5bbf2bdeba4b797f694

SHA512
0a94ab8b617f752190c09d3a24aa1c7b12d984238987c657bd6f1298997a86fb644a4c0f50724acc188cb51b4f8e948369e8ada1b0c39daadd1ba31a3bce7952

Download Submit
C:\Users\Admin\Desktop\country_flags\ch.png

Filesize
554B

MD5
acf0658dfd8c84f1f306f3fea2c92d67

SHA1
9b12a8ccb9ca119a73b0a84a995670ca63d8e168

SHA256
4c1725303c045742c8521d0d534bd4246f909f9c289e861c0edacbe0b97ca118

SHA512
54c5fbab65b10e575f8aea3a49ee7a950d01c000fc01a916e03eea120adc26ee632bd805ee6771e3dbdf95f0ddf0df035b4683cb479bd8a5bb6587e59cd31c4e

Download Submit
C:\Users\Admin\Desktop\country_flags\ci.png

Filesize
862B

MD5
349c70fd34895e1fd7da09cec3e3a213

SHA1
48b68dc1e9dff0b78efa3749151600d598b1845a

SHA256
fcca98be86a64a9ec6263fbcc5d5e2597a29e97217a1828080c868d8a470d548

SHA512
ee6083b6876662053f2109f00cc46efe6794949887f47b2047dcb3f2b0c7fe354ef12f77cf3644c588a560144786f71cb610dc5044dc862eac2be9e3e2a8997e

Download Submit
C:\Users\Admin\Desktop\country_flags\ck.png

Filesize
1KB

MD5
d613e7401a410a218ed40a0a2da07f20

SHA1
b658b2d0ee868c0693ddeff3780f14846a9e148e

SHA256
b6d57adbb3af27167f9f3ec627e62241ee43ad2d9a7e8e2d67351d2e7cbc2ad0

SHA512
cae4fb83bc9786b491851e58fdca33f1569e57b0be4f449d4a3d67f15b47ff2c97fb2edeaac1b86fab07e9062f31fcfb2861ed581c755a67ca145e4188c30672

Download Submit
C:\Users\Admin\Desktop\country_flags\cl.png

Filesize
795B

MD5
4eb4919d32968b0df973d95491d61e89

SHA1
cecfa3ef8929ba2b8420beb9a18a66cbd239efb0

SHA256
f3fea7c8853556f3400d6b92e1aada01c8798db5a53f46aa4ac7fd83562d0df4

SHA512
6f89cc393e550e13f9aad61213e30c14ceb799b9bfd0306fff8b13fbebe0783fe72a631ca5b9adeb568d8170d62c7fc36b274eb905ce0136beb206395073b547

Download Submit
C:\Users\Admin\Desktop\country_flags\cm.png

Filesize
887B

MD5
cce1ba4ea50e8fd18e1575fd5812f4eb

SHA1
891ef1744c054387b6354840405aa052c61a2eb0

SHA256
e7372b1387febacd6e1612ff16f6fce0d178d7c5e0cc3e766002f147a4aef2d7

SHA512
8679e46a75790ab096f23e90ab5fd29e5115bc256d6841215f5ac4b355e03f1da1b4cb19a89e8f63fc310dbb9192b8f424b3646f36b8ead0cf3c6588762ef809

Download Submit
C:\Users\Admin\Desktop\country_flags\cn.png

Filesize
606B

MD5
8d729fd10d6709776f37228c7e0532d5

SHA1
4131fd3b5b330c26208d1c22a794d5462df5fd91

SHA256
fa710c79afe55745037b1a612d07da1ba8769f873d831c2a23e9bd9551506766

SHA512
7614287440b385af788cfe26d99e0f855b68a06c03b2e5b7cfd2c20a508cb0812a6aa112f28d529192180978143eb83ca7cb6a6b6c7cd756f04d9eed59d926c3

Download Submit
C:\Users\Admin\Desktop\country_flags\co.png

Filesize
755B

MD5
823852d5f3a27ca092302bec41378ee3

SHA1
63232f8c7649bf7a1a65b1b52591fb0d2d455ba2

SHA256
c2f4b317bf02f350ec7bb702aac74773e507b7fd98355fb627a78dc151f49174

SHA512
3fe0eb7a43017c1cfb6e3372fd4466bd735e8dfeecc3ea768daab24fbdc8e2403f129792b6bc590419043c6397f0134a9a2a7d76e0fd8a265298cedc50b512d3

Download Submit
C:\Users\Admin\Desktop\country_flags\fr.png

Filesize
772B

MD5
09471ea38d2d9a2c524608640b78ffe8

SHA1
02b26ae5b58fa1870c08be8dacd3700260367cf6

SHA256
220b8be17a1fcbf268280ab0a063f98b5db147efb2ce9b1cde4b2824c7670c5c

SHA512
30420f4e8b16972e8a7a1a1786699d0dbedd43529d38befeb8250637ea73db941a833b8a605b7f860d70511665ce7c846e330d14150cfd3d9a78efe510ed5bb9

Download Submit
C:\Users\Admin\Desktop\country_flags\sj.png

Filesize
1KB

MD5
a74dab3185ca47f60c3eb2a023cbb723

SHA1
496e6dd69c241ba662c9d91a6274a1477a4d8f23

SHA256
5bd80f95e6698c93044e18885ca1d234cc802b0b1e720d31e1d37b36eb6f4e5f

SHA512
508ee8bd337a54ef243a3539f5c64140bc90a7c223c473849cad27ddfbe7b1c6489b72819591c92c5954d59adb91f91dd7f923220d47c9db23e94f72fe2f3d9d

Download Submit
C:\Users\Admin\Desktop\country_flags\um.png

Filesize
1KB

MD5
27453f9e22826fb242cda307cf3816d0

SHA1
f48b69b3c1923a817f95b290ee60982265bafd2c

SHA256
f174decbfbea0e6d7bf2205319b21c5e59a428ffe37e131035c7104870cae492

SHA512
c93da58e85932afe4580fba4b0299ed7cbab980a57df9a1d00c418651b487e22ed5d4a14b2b5b810bb870a5743caa58af0cf55159431bb541670b72e550c496e

Download Submit
C:\Users\Admin\Desktop\stub\xeno rat client.exe

Filesize
46KB

MD5
d23d8120af87a615a456a12b43d4a98a

SHA1
73b41123d6f50aecdcf1c5e87a7d0319d753b0e7

SHA256
27178a08e0d8fb6e5e31ae9bff6194a5224406666fa1f528d4719c1e4a8efd67

SHA512
99026704fef97f9f9c01348310f199ad523851e105c7ea1f39312c7370cb6e50af5044fec1041298b96b6e661ac5f48d6af80687e21364806e62738d198ad319

Download Submit
C:\Users\Admin\Desktop\xeno rat server.exe

Filesize
2.0MB

MD5
3987ee127f2a2cf8a29573d4e111a8e8

SHA1
fc253131e832297967f93190217f0ce403e38cb0

SHA256
3d00a800474ddf382212e003222805bd74665b69cec43b554f91c3cd9edf04c4

SHA512
69d5ac7a691dde1a3ed7f495e9b9180e63152ddaaa3d1b596ad9cbeb4d7b088f3fc4b138ecf87070014cdfa9047be18940b720de60642389921a10053250787b

Download Submit
C:\Users\Admin\Downloads\Release.zip

Filesize
6.4MB

MD5
89661a9ff6de529497fec56a112bf75e

SHA1
2dd31a19489f4d7c562b647f69117e31b894b5c3

SHA256
e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

SHA512
33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

Download Submit
memory/5132-1856-0x0000000006050000-0x00000000065F4000-memory.dmp

Filesize
5.6MB

Download
memory/5132-1855-0x0000000000EB0000-0x00000000010B2000-memory.dmp

Filesize
2.0MB

Download
memory/5132-1857-0x0000000005B40000-0x0000000005BD2000-memory.dmp

Filesize
584KB

Download
memory/5132-1858-0x0000000005AE0000-0x0000000005AEA000-memory.dmp

Filesize
40KB

Download
memory/5132-1859-0x0000000006020000-0x0000000006034000-memory.dmp

Filesize
80KB

Download
memory/5132-1860-0x0000000008590000-0x00000000085AA000-memory.dmp

Filesize
104KB

Download
memory/5132-1861-0x00000000085B0000-0x00000000085C2000-memory.dmp

Filesize
72KB

Download
memory/5132-1862-0x000000000A4B0000-0x000000000A4D2000-memory.dmp

Filesize
136KB

Download