Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
14-05-2024 01:40
General
-
Target
https://mega.nz/file/EOk21SBQ#jY7FymFuEQLRiDtjBVW4YEad9MdRmLAFMk7nlBLjkb4
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/EOk21SBQ#jY7FymFuEQLRiDtjBVW4YEad9MdRmLAFMk7nlBLjkb41⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f95a46f8,0x7ff8f95a4708,0x7ff8f95a47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4160 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5976 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8513474263947121798,10426110367800601449,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6004 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x308 0x2f41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap32493:88:7zEvent129531⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exe"C:\Users\Admin\Downloads\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8f95a46f8,0x7ff8f95a4708,0x7ff8f95a47183⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5408f798-056f-41e4-acb9-9bc9d0cc91b4.tmpFilesize
6KB
MD51860376f68c91ffd99fb1227d7b2345e
SHA14dd5ba1bcc5392b8e3f9552780a59e57915fe1a2
SHA256242255f44dd45d11246acbbddc8679ba6c4da231de42cd92a6955cf1013fe1f0
SHA5122286153d335f5470af2583db3f8968a7356e1ec1e493e21e96bfd0083f10b8ec59229f5f2dc6ee7fa0dbb8e268937d6118264370e2b72351d3fd504b8f23ccbb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5a43e7d9c9f54bb3e144847ee133244cb
SHA1f4555c70d81abdf70537d8cfc1baf29380aa80fa
SHA256ac6a57c315113a8a9e901935f12520cdbb92166d78b10a6733203b9c54d16744
SHA512a1759704c637f27812deecd16788035d1fe160a35ec2220e125af7f0f6d2bb0244b2ee137d3b4e7bd8edfd0fc9b57c5508b85b52a8f737f6721c1dc722d54de4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD57f276447650b6476e3ec1082b35efe7a
SHA1db6c87f5e67c104242655881cf957c72ee3e9ec0
SHA256cba3516aa034a0dd300a8d25290d6373f61f0b2e0f64f95a4e874bef56431383
SHA512b06d2a369868b4c7e16e40e7c7d543707f6da8d5167f465ff0b2e091821472d7fba14fcab5763b690e6e91d1859f52b24f3125334e452ca142d9b241735e8466
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
188B
MD5008114e1a1a614b35e8a7515da0f3783
SHA13c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA2567301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
520B
MD5ca1b46cd529444c6c5bf7e191481435c
SHA111fe5cc9ad571df07a5d4d56f53075961dbf8fd0
SHA2561bb7e34a4b531e2b5887d63b8d3ec2738333cc432e2c714d4398cf631dab8363
SHA5123f27944df9e3d6869a5120b6074630505ae5433f107cae2b9344f2a20c2da44905a2c7147a82ad0fc642f8acd5976e2811a12403e159cbb8c97ff7da483816ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5222ce1d5d89ef472e686ebe0029ddcfb
SHA19671b94d089ac9eadb00ce43ff49af46afb19ad7
SHA256c010dec2a970eddc6e5ebe14babba443574aecbe2b37b521368bad6023f21439
SHA5128f8bcc7f6be77cee7ce6b81261c41981a73be9b6756dab675fd43a44b92b02918ec30e524361c6c797189d0ec1241c096fdfd76df5929998b8dfd494c3e99025
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58fbe9823fc1fce4969ae09993de35a5e
SHA12ef08f0f3ae59bb9711e54f024d987fc5a3f1a9f
SHA2568c72f00a30f3b5cc9badc44180f83511975198955d5d1bf780b50de3d6e8ff4c
SHA5121018c3a816982e75ed867def9c1dc160e10e56ff96a98ddce0251bc65139819a72332cb2e98f0c847a368370cf300a3af9072969214a2723589ef18d859843e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5f9a6bcd6b0c75f08492ff5daa56c1c09
SHA1c89a0907e0e25c9ba7d771731e3597e348999df9
SHA2568dc040c79982ec4d52c5133def4a7f2c9d647b10e151dd5e366caf8924fc6de0
SHA51266d318166ca9f94c8d5765e094a7d31e5b0ff10d22b94c8a98753af7077c7f2185963822a7cfb9f6400e8f62574aece6460a6b8ac1a1f9409e156dfc466c7c41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD5376e12cfd72d06cbf2e90f11fed2d042
SHA150250ce860d6c55974a9f3217031d80a6d2ca487
SHA256365c906c323696160c0b35542d1f3e617ae3a5b801243dcc3f197230055b023f
SHA5121afd0251bf0c30a1f32eb406ee7b6ac2a028bbba7371f6f6061849e7a63842ac7d8f9d5be29219a3524362962e3c39308eb427d4befe7deb365badc3cf791e24
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a2a8.TMPFilesize
48B
MD5ffec30f969d56092cdbc586737311747
SHA135ff13f103af5260a88cda39676ed1c389b956b3
SHA2564e7caba7fb26885ef96ff1e8a6e26f37c121caaf3b446b4e82e22140c84f42ac
SHA512fd323bbc2f83d00f661d6543d6b0f2e0a2951bc8dd19f591e69541e7755e43e75c9c4c3a60c8b42b25b689d609317ec01bc09381e475171b58f7e9e8d8380331
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
699B
MD5db94c4984cc94b0b891768fbfb2961a0
SHA1fdb14a4f892a5c5d63f27947441c72527f737165
SHA2564c134def13b5674f02e5b44d01073452e454d7727559e2ee26a25e7fd91cf164
SHA51222cd7ce8765e0c4ec24938ac49006a8615868761ab7105112bd0ee65195253dcc90f0ec7930d3751d189135dd7cb7385145394ebbd40320a7c2d920fe992d953
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58967e.TMPFilesize
203B
MD580f5273041d6d85db3f4f44745cb35b6
SHA1853e9258473dbabb81da90e5d9d7ba65a15fa8ae
SHA2566e8452845435ecad69dda13a7a211962e8657a2685bf909c92e11eed78d771d4
SHA5120a0f757e21c7fc444a935c1f53c88681a50dfc15b72cea3cd312905167071ffe189e4ecf211a4485db78345e01902945aa4d1c8f63cd818e58ba72f3106e982f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5e530ab3d434da9879e670d9ddf774486
SHA1aef8cff2ca5ecf2b168f6f8dd7a0dfa8dd8ec470
SHA256dcee984396e6c01e5f9917abe20f61848383c5ab88e5b1ae9979f94e6d40f927
SHA512642a49dfce18f940c5403d5ac303dd1481bd8f9e2a7c73a677cb02420d817a2f3ed88e07858d79aa79baa9417dfbe7bab75be367c7e36055c4f00f5874e46cd6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD51b8b67112c38d4e30caee792ef94728d
SHA1f1a04ed0b06ed0239552b811aed33831adef7c92
SHA256d81311b500a7fc4c7c1dbbb909ff846b9bd0b4045c83dd043e3efe72a898b942
SHA512ea718261296261f113689851a0d0dee864faf042edd8a6816920762ede96d9b3a987b024fae11682e6cd61408c213b076b0b97af72666d4a8bdf081116ca2ac8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5d93a3b3ee54e492137ddf8c81ebce040
SHA1dd11d069c3922baded00f30e1c85ec10da3eb234
SHA256a574358c277f0e2aafe3d8d226b46d76845e93dd3866aa4071f7dd441ab61d1f
SHA512d653695097f89afe75dc19fe91a83f0da60504c960249094a2385aa06aad645eb3e2e8a3c9c8c7268b08d0c05e9227e2b314fb59d6f0e024ecf10ba6372f6c4a
-
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dllFilesize
112KB
MD52f1a50031dcf5c87d92e8b2491fdcea6
SHA171e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA25647578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA5121c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.1\Icons\icon (15).icoFilesize
361KB
MD5e3143e8c70427a56dac73a808cba0c79
SHA163556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA51274e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\GeoIP.datFilesize
1.2MB
MD58ef41798df108ce9bd41382c9721b1c9
SHA11e6227635a12039f4d380531b032bf773f0e6de0
SHA256bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740
SHA5124c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\Guna.UI2.dllFilesize
1.9MB
MD5bcc0fe2b28edd2da651388f84599059b
SHA144d7756708aafa08730ca9dbdc01091790940a4f
SHA256c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef
SHA5123bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\Mono.Cecil.dllFilesize
350KB
MD5de69bb29d6a9dfb615a90df3580d63b1
SHA174446b4dcc146ce61e5216bf7efac186adf7849b
SHA256f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc
SHA5126e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\MonoMod.Backports.dllFilesize
138KB
MD5dd43356f07fc0ce082db4e2f102747a2
SHA1aa0782732e2d60fa668b0aadbf3447ef70b6a619
SHA256e375b83a3e242212a2ed9478e1f0b8383c1bf1fdfab5a1cf766df740b631afd6
SHA512284d64b99931ed1f2e839a7b19ee8389eefaf6c72bac556468a01f3eb17000252613c01dbae88923e9a02f3c84bcab02296659648fad727123f63d0ac38d258e
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\MonoMod.Core.dllFilesize
216KB
MD5b808181453b17f3fc1ab153bf11be197
SHA1bce86080b7eb76783940d1ff277e2b46f231efe9
SHA256da00cdfab411f8f535f17258981ec51d1af9b0bfcee3a360cbd0cb6f692dbcdd
SHA512a2d941c6e69972f99707ade5c5325eb50b0ec4c5abf6a189eb11a46606fed8076be44c839d83cf310b67e66471e0ea3f6597857a8e2c7e2a7ad6de60c314f7d3
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\MonoMod.ILHelpers.dllFilesize
6KB
MD56512e89e0cb92514ef24be43f0bf4500
SHA1a039c51f89656d9d5c584f063b2b675a9ff44b8e
SHA2561411e4858412ded195f0e65544a4ec8e8249118b76375050a35c076940826cd0
SHA5129ffb2ff050cce82dbfbbb0e85ab5f976fcd81086b3d8695502c5221c23d14080f0e494a33e0092b4feb2eda12e2130a2f02df3125733c2f5ec31356e92dea00b
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\MonoMod.Utils.dllFilesize
319KB
MD579f1c4c312fdbb9258c2cdde3772271f
SHA1a143434883e4ef2c0190407602b030f5c4fdf96f
SHA256f22a4fa1e8b1b70286ecf07effb15d2184454fa88325ce4c0f31ffadb4bef50a
SHA512b28ed3c063ae3a15cd52e625a860bbb65f6cd38ccad458657a163cd927c74ebf498fb12f1e578e869bcea00c6cd3f47ede10866e34a48c133c5ac26b902ae5d9
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\RVGLib.dllFilesize
241KB
MD5d34c13128c6c7c93af2000a45196df81
SHA1664c821c9d2ed234aea31d8b4f17d987e4b386f1
SHA256aaf9fb0158bd40ab562a4212c2a795cb40ef6864042dc12f3a2415f2446ba1c7
SHA51291f4e0e795f359b03595b01cbf29188a2a0b52ab9d64eadd8fb8b3508e417b8c7a70be439940975bf5bdf26493ea161aa45025beb83bc95076ed269e82d39689
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\XWorm V5.2.exeFilesize
12.2MB
MD58b7b015c1ea809f5c6ade7269bdc5610
SHA1c67d5d83ca18731d17f79529cfdb3d3dcad36b96
SHA2567fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e
SHA512e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\XWormLoader 5.2 x32.exe.configFilesize
187B
MD515c8c4ba1aa574c0c00fd45bb9cce1ab
SHA10dad65a3d4e9080fa29c42aa485c6102d2fa8bc8
SHA256f82338e8e9c746b5d95cd2ccc7bf94dd5de2b9b8982fffddf2118e475de50e15
SHA51252baac63399340427b94bfdeb7a42186d5359ce439c3d775497f347089edfbf72a6637b23bb008ab55b8d4dd3b79a7b2eb7c7ef922ea23d0716d5c3536b359d4
-
C:\Users\Admin\Downloads\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exeFilesize
109KB
MD5e6a20535b636d6402164a8e2d871ef6d
SHA1981cb1fd9361ca58f8985104e00132d1836a8736
SHA256b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
SHA51235856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30
-
\??\pipe\LOCAL\crashpad_4068_CDPCQRCGQXOIEIBQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1992-567-0x0000023866150000-0x0000023866156000-memory.dmpFilesize
24KB
-
memory/1992-586-0x00000238013A0000-0x0000023801F8C000-memory.dmpFilesize
11.9MB
-
memory/1992-575-0x0000023867B50000-0x0000023867B8C000-memory.dmpFilesize
240KB
-
memory/1992-588-0x0000023880220000-0x0000023880414000-memory.dmpFilesize
2.0MB
-
memory/1992-571-0x000002387FFC0000-0x0000023880016000-memory.dmpFilesize
344KB
-
memory/1992-576-0x0000023867AB0000-0x0000023867ACA000-memory.dmpFilesize
104KB
-
memory/1992-565-0x0000023867AE0000-0x0000023867B08000-memory.dmpFilesize
160KB
-
memory/1992-563-0x0000023866190000-0x00000238661D2000-memory.dmpFilesize
264KB
-
memory/1992-572-0x00000238003A0000-0x00000238003A6000-memory.dmpFilesize
24KB
-
memory/1992-561-0x0000000000D10000-0x0000000000D30000-memory.dmpFilesize
128KB
-
memory/1992-569-0x0000023867BB0000-0x0000023867C0E000-memory.dmpFilesize
376KB
-
memory/1992-578-0x0000023880C60000-0x0000023881898000-memory.dmpFilesize
12.2MB
-
memory/1992-573-0x00000238003B0000-0x00000238003B6000-memory.dmpFilesize
24KB