fe6371034d55bb7583081b03f4aec7274f8340cfea4740325cb52e1c6ac77f6d

Resubmissions

25/09/2024, 13:50

240925-q5l6bssapb 10

24/09/2024, 19:49

240924-yj5pjssarl 10

24/09/2024, 19:44

240924-yf3e1s1hkr 10

Analysis

max time kernel
80s
max time network
86s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24/09/2024, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm/XWorm V5.1/XWorm V5.1.exe
Size

9.3MB
MD5

540a501c683c91729e712fe83cf4e92f
SHA1

d426473f486cd7b46ec8d3bae4a3f9b42f780f89
SHA256

567ac8995973807a1288847d357dd8014118f07194a4db64cccaeab5871d54e1
SHA512

25aa06429cc1272c1932e543d41563905964ef2b7dad9e6b0a13aee8c6fff5a4a9e9f4ba023435d265ddb36cdfebaca8efadfd8e9a3918747e29a2764e09a2a6
SSDEEP

196608:fHMCjsbDbqTw0l1s3PIump2n7lpQutrONgFETLU6Jz8p:fHaXYDXs3PIo7wutrMYEB

Score

7^/10

agilenet

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation	XWorm V5.1.exe

Loads dropped DLL 1 IoCs

pid	Process
2544	XWorm V5.1.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral2/memory/2544-1-0x000002588BD90000-0x000002588C6E2000-memory.dmp	agile_net

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWorm V5.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWorm V5.1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWorm V5.1.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000002faf8d44370d93e239cf918f60f5d879a73ee913db2ef77434fa40d620c478ae57e24155bc13852787db0f1e721d925b06daf44d8fd366f42e03	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
3848	MicrosoftEdgeCP.exe
3848	MicrosoftEdgeCP.exe
3848	MicrosoftEdgeCP.exe
3848	MicrosoftEdgeCP.exe
3848	MicrosoftEdgeCP.exe
3848	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3760	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3760	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3760	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3760	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5048	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5048	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
928	MicrosoftEdge.exe
3848	MicrosoftEdgeCP.exe
3760	MicrosoftEdgeCP.exe
3848	MicrosoftEdgeCP.exe
1272	OpenWith.exe
4760	OpenWith.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 2680	3848	MicrosoftEdgeCP.exe	78
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81
PID 3848 wrote to memory of 312	3848	MicrosoftEdgeCP.exe	81

C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\XWorm V5.1.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\XWorm V5.1.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Enumerates system info in registry
PID:2544

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:928

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1516

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3848

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3760

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2680

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1272

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5048

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:312

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0S6VZEZ6\website_icon[1].svg

Filesize
1KB

MD5
02f7553e1ac3129cd1c4d0442b5a0f81

SHA1
0dd8634450681fe1a2d0c1e5b02d6d0954e2772d

SHA256
0019255c610cb0843c524d7995905fa5201651fcc393846bee8414f0610097f5

SHA512
ac141a5648a3a22ceb295de8ecc6823f53d2a453316cd591dde888715344a60694316e1b85a5ceec72af62e34cc3d01768b020e5dfd5e0cb9916ec975ba4318e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EBI17AT4\favicon-32x32[1].png

Filesize
1KB

MD5
16a75c7824b5223b8e22864354e9e33f

SHA1
2c35e76ebe2d8002369d582b32bd70374552c574

SHA256
7f3e38478d53875c1f35d67fc035067274bacf9df8285889ad04fb143dfdddd8

SHA512
bd09744894646081e02b9e730c68c82354e3907c419578bdcb45d52c99d909d78ee084c8948b99d14ac6c8dfb343c9eb9197af039c5ac99d356440efd10a4ee8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP[1].woff2

Filesize
6KB

MD5
b44d0dd122f9146504d444f290252d88

SHA1
41f0f056110dd4213c98e7dd529cd726754408fe

SHA256
3e70e149a35f394bb78ef7842de11a06359fed7828f30331594a28d196c54012

SHA512
3fcdc52b3069e1037d4b12fbd752eafa9401f0331aa55ebc7c4c7477af4576228356eda226b7c28df7e13b1ea30553e3e339aad0febc183d43f0ac3d29bff511

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ[1].woff2

Filesize
10KB

MD5
e7df3d0942815909add8f9d0c40d00d9

SHA1
cf5032eea3399a58870e8a05e629b006a8c7c3c7

SHA256
bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875

SHA512
3632a44ee28aec0cf67ef7d3780a18db1aa84837817a3ea69a5f892d656a94b9faefc0314e2c38599410802f875df73581558ee9511ced7f717feda29336cfa0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\KFOlCnqEu92Fr1MmEU9fBxc4AMP6lbBP[1].woff2

Filesize
4KB

MD5
96e992d510ed36aa573ab75df8698b42

SHA1
7e02b3f9fafee2812cb08cc3ac9292c6b27b324f

SHA256
edad7f7e15729b7deddee25e34499c91a320ab4fbd1e60dd0420693c0d333947

SHA512
71cdc5e2539a915d482294f3f9e448b68b7f85fda7056f96e5a96da82bcfa97e1a0eea3b1c343781a40f208a0b375ab19bd768b19bbcb64b70d0564a2a382433

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\KFOlCnqEu92Fr1MmEU9fCBc4AMP6lbBP[1].woff2

Filesize
768B

MD5
f7ec4e2d6c9f82076c56a871d1d23a2d

SHA1
d897d15fb006f3c4ca1d12c348a96f44a8125531

SHA256
a269d3d076c42e10f61629e0bd7048d770cbbafcf04b3ead84c39a5ba3bd2b60

SHA512
dbb6749fef3bfc5ca736415640cb4020309f4a1ca7874066f43f8f3b6d1bfc9cb88915af90b418a5eb4224dedbdd8b08d382fc9778ee542f119dc268f15b2538

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\KFOlCnqEu92Fr1MmEU9fCRc4AMP6lbBP[1].woff2

Filesize
10KB

MD5
7a500aa24dccfcf0cc60f781072614f5

SHA1
a86ec3b3428e1bc7779122645125eda91cf7e18c

SHA256
514a8093c90624700cea152953305ca826b5dc9f0410945658082d1758aa9dfc

SHA512
8f787f9fccad04848e083a8f579ec7b8b2f817399699036d05e61c3b7ec581de16c2697c1fa0cae84e36cd188b3f174939e5ba292a2d1df159b6cdbf19793eaa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP[1].woff2

Filesize
7KB

MD5
90687dc5a4b6b6271c9f1c1d4986ca10

SHA1
d21bd154ee1c06a125f08c306c24978db497ca1e

SHA256
9cfe0546be6c8e0e13beeae9b8814f1e7bf0ff31fe4d286bf9ea12239a0abbd9

SHA512
583ec0e0d94d96c5456d8ac8587eb1c4d75119f25ed2c2010fbe7c1db31387a37ccf5c39b0072ece458784ee9835c4cb5cb070877c4c328ec1712b6ca8f99247

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\KFOlCnqEu92Fr1MmEU9fCxc4AMP6lbBP[1].woff2

Filesize
3KB

MD5
4d1e5298f2c7e19ba39a6ac8d88e91bd

SHA1
b2b509897d53c2bc727b1d669cd8bcc9386f56b3

SHA256
dab91182a5ab309ff749748ef255493eb4336822c3dc2d72ae47db6ed6764e1c

SHA512
a977a49641dd900906c7a5dc2c39d7d8428818873f783747465bdd00f27f55bbf62415b952e66b181fdf7247107f4dc494847adf5949e3f78a1c5fb34d509e84

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\font-roboto[1].css

Filesize
6KB

MD5
c706681409217a14a24c7e2deb8cf423

SHA1
08b443fe5bc6a223a9de08fb56282365b1d13857

SHA256
84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974

SHA512
2520a5417426cea58972529b3776713958ff259cc8467ebafbe291bd040e27195054c4133f4a9518d78da38ddf4f7cdac64da0813da33bbe707ad13af5baa7c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\tgwallpaper.min[1].js

Filesize
2KB

MD5
2b89d34702716a8ad2cc3977718f53a3

SHA1
04406ebd6a9e2ce79dbac5e5048cfe1384e4574a

SHA256
2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6

SHA512
e6fbda1e7d1e24c0db5a724e4cd30c883ceb5d35de1cc6ab8851c9b19e202024752e7e42aecc21002f9f9684ea98775f1ebe0ee8da9bd7562dac2fe171464242

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ[1].woff2

Filesize
10KB

MD5
5e22a46c04d947a36ea0cad07afcc9e1

SHA1
6091d981c2a4ee975c7f6b56186ee698040bb804

SHA256
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

SHA512
3e2dcb20c7416160573ea7c7a17bf7250132c5203161b03aeaa3cf065e3ce609da6d1b317d3739aad7fc0c092c44cd0c4ea5657a63bfa530c66f9b0ecb9daf15

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\KFOlCnqEu92Fr1MmWUlfBxc4AMP6lbBP[1].woff2

Filesize
4KB

MD5
5756151c819325914806c6be65088b13

SHA1
8ed6bbd5e59b3535703801881daf4cccc84a5c63

SHA256
05347b4e55e70240e1136cf632220ec6662c94f12757835bdcf8d578fae77e88

SHA512
657d233989fc635b2c67685bec1658cc93986eaf1c010a135f79a727f153299824a11b7df3bcf26991d968817acba248094a317568fe595b80ce224a6b7001e5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\KFOlCnqEu92Fr1MmWUlfChc4AMP6lbBP[1].woff2

Filesize
7KB

MD5
7a2e2eae214e49b4333030f789100720

SHA1
9d614f3701f4e26f09e31f22b23a1d16fb552f8f

SHA256
248ec746242539f7467873663d3a50ffe3c47324d07c1d5dea43bfc60ca14b22

SHA512
6906d2d60c5a3d39da5144d47071d189beff180d37619d384e3e9bf744e6b7b8684aa01554169e910c11e8f54138fb86fe6edf27e220f34752e9f3f19ccb6a00

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\KFOlCnqEu92Fr1MmWUlfCxc4AMP6lbBP[1].woff2

Filesize
3KB

MD5
2855f7c90916c37fe4e6bd36205a26a8

SHA1
579afdd351c4796fac0aece78195052d076cf9a0

SHA256
47fc12e7b150cb636b83cabc6695e8e55ffb911346613ef75d8014a974582712

SHA512
97084ffd8fab9d0c9ad4610b6c342cf79d169e5d9311e3587060de303e4e2671b0e30cc059014c3516015ccfa136220f2039e9297c3d81fdc3ff7a1e9d69988c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz[1].woff2

Filesize
7KB

MD5
93dcb0c222437699e9dd591d8b5a6b85

SHA1
fad0a82ab491e6ee403e116475dd6ea9a4cd8733

SHA256
582ca1c5738fa2697949cc4a495418e42df462e2bc3fc62bdae126bf159b6af5

SHA512
be07b461317bc3843a5728cfd892ce32cacdea2b14a10d014987ef7e4dedb148a88df07a5dc6f02f39d6c86517c6025ea8ec75be97c7d151fa198181670da1b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\telegram[1].css

Filesize
112KB

MD5
cc407e432532261714ca106e967bed72

SHA1
6d93baf813ea6291da475634726d3d7b3fe415c2

SHA256
f5f739b99351c1d64b3b890e80e78a9267e9ad2efe8116999ead3749d849e131

SHA512
7c9d63d818843e406d31d3beb7a9cf4a58f503346ddda554e55b3c8fc1d940cc0707c44e2c42f1b79b3b9795df036d68fcaaf855e205d06436a5793125ac02bc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\KFOmCnqEu92Fr1Mu4WxKKTU1Kvnz[1].woff2

Filesize
4KB

MD5
3ba6fb27a0ea92c2f1513add6dbddf37

SHA1
a03060228b60f28bc380a128188c8f4ffda4f02f

SHA256
3c8b5949070cb8420d2deefabd38557414d4112d3dc1bda58c3fd738efe984f2

SHA512
e8636f10ebf12ba6c7c32a0be3a36e2fcdd9e3397cbf148d069882cc8f1fecedbaabcbc65a93a9773697c9c1dfd9211b82144501b4c6c56bc0a3aa87a1120792

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\KFOmCnqEu92Fr1Mu4mxKKTU1Kg[1].woff2

Filesize
10KB

MD5
1f6d3cf6d38f25d83d95f5a800b8cac3

SHA1
279f300ca2cbbdf9f5036ef2f438607fbf377daa

SHA256
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

SHA512
716305f4d2582683b64c61b5e2390983579ea0fb33c936dd3ea8362872176625fbcb6f5ad18d2abf85da82d14c33a9640dfc5749922cb2fc079ddf37864f361f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz[1].woff2

Filesize
6KB

MD5
491a7a9678c3cfd4f86c092c68480f23

SHA1
32e18ae407d782adfd54c78c6259c7be52db6bf3

SHA256
41b5c3b25f4258190937deb900fa57a6db6d450ce7dd2af2259af760119a1c41

SHA512
bf89c2cecb09f56b6ec271aede7dd0bae6c0b9c88aba6a59e0e0c3f50c5f22e25178e766754d1c495866e76c00c8b413612b3516c75ad731ecb4f38b79d15e01

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\KFOmCnqEu92Fr1Mu72xKKTU1Kvnz[1].woff2

Filesize
10KB

MD5
fd4ff709e3581e3f62e40e90260a1ad7

SHA1
143c08c992c30851ff0de4140e64b50f22d264fe

SHA256
83572c3ab2cc39e33fb02c9050652e82eb00351564f8fa1581b586372934a754

SHA512
11477c7f087162d231929cb291243a233f9f920e71f5b636aeb356dfae9840fb6b060ee3c08ab2c896bcc95ad5fba85df8403589917b1bab5f5e8c55b3430922

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\KFOmCnqEu92Fr1Mu7mxKKTU1Kvnz[1].woff2

Filesize
748B

MD5
c2b2c28b98016afb2cb7e029c23f1f9f

SHA1
dbf6b0f2e2bade5c8f4f66e4eaab64134efe5ab8

SHA256
1df1ae79b14180fb1e9284310583ca4c17a861328a726b82068e0ab3ba586458

SHA512
2b0552b757b1ce2e3ebae1dcfc9a55e3373dd1956c0a50e104fde759600efa5e40de96d68e2fc2cfad9b56ccafe07999df308bc26b1393cf6698f84edbb9a553

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQ0DVTHJ\4VMV8DY6.jpg

Filesize
9KB

MD5
d22198f3592c20deb5d5ce9fca0d3116

SHA1
fa7611cf5b0b7f1d66e1bef3c8cefc82f7a59cd4

SHA256
df52c79a6b5f4522a842aa2e7274d783b6518066330f53ed7fee08732bcf9005

SHA512
e3e5da7043fb30e2659d2feeec5de035e4e256b042e3fd9b909546bbf9793d00c4bf0f3debc66328cfbcd7782218428d1c628d438e7736fd02865d4c4318d5e6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQ0DVTHJ\KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP[1].woff2

Filesize
6KB

MD5
376ffe2ca0b038d08d5e582ec13a310f

SHA1
ec85284f360bada79122b5dca3088103c769ca8a

SHA256
2f662599cf4323a18b4f7da381a998a8873c0277fff2d866336f7ee943a102d6

SHA512
1ac85cefc94039e2d11e25a2e289369e475558d93d1a9dce8f9ab11e33de5f37ffaa590b1e24f412d341d3d17501ae77c016a1ec4451ee42eb91d570862a25ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQ0DVTHJ\KFOlCnqEu92Fr1MmWUlfCBc4AMP6lbBP[1].woff2

Filesize
756B

MD5
8096f9b1a15c26638179b6c9499ff260

SHA1
3de8506ea9662c22ece06f78481d105bf6f3340e

SHA256
c5214e0140eedfa85f9d274d1a1fbef05fb6ad22eee49dd40876fedce3e70e59

SHA512
8d746755e3f668ab38dc939c48f41c5e81c714b3cd81894bc59a1fa7e0dc049c4109fe2a519f3b2d3a1d39ac09b3d6b55d52627651361d45d595b29cd3ce6396

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQ0DVTHJ\KFOlCnqEu92Fr1MmWUlfCRc4AMP6lbBP[1].woff2

Filesize
10KB

MD5
9a74bbc5f0d651f8f5b6df4fb3c5c755

SHA1
aada694b2e629076e3dc399a212efa237bbed6b9

SHA256
a05e513790b1979b52b2e4f8d6bbb9df34d3bcb935c15d6e0c12f8814fecad4a

SHA512
888a878d15365b405711c3908974f804f6b84030cf8c05e5676e4b95bd50c258e1678614dece6f0fdf851454307b8373b67ffee8b64d1c102a39add050386f5a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQ0DVTHJ\KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz[1].woff2

Filesize
3KB

MD5
e64969a373d0acf2586d1fd4224abb90

SHA1
c654a76bf4dd81fb918d3e08461c7123e5be1993

SHA256
4f393c516f720fc9745e48f9e2662ba069eb70e43bc95fe327225d47d5c89fef

SHA512
7e2929d0e7c8b5e2262d7c37ef8f2bb4b95903c2eb2eb79e4c84402e87b7b1bd4964d8d0f8d178127ccb6f5ac1bdf651d4226c013fff195925038128fb4072ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQ0DVTHJ\bootstrap.min[1].css

Filesize
41KB

MD5
c2656e265ef58a9cc9f4b70b15da5fb9

SHA1
85c5ebdb89d4574d72688c2650d4b84b9b09770a

SHA256
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

SHA512
6417aadebeef4ee35381bfc7034148d57fd061d84de9974d798468c6426c24a6bd1c9913cf517accf3e349fa06cbdd546d2883ea8391c595285fe0c6127e26e8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\156887258BBD6E1FEF562837733EA04E_5BBC02CEDFD3F7AC9E268D830CF231EE

Filesize
2KB

MD5
4cb5e0fba4a35cd9b474b8d8df469aad

SHA1
a04ead6824a027975d95080ad5294509a789a2a3

SHA256
4d08a4c87a32e68b5fe65a2a89b2136cf53eea745cb98cce4cd368fb207e85b6

SHA512
a9b4f5a58efb51112ac50ef012fd507d606e4abe5d9101e9c0660cbce5e8b4233653cef25b8c5ab06ebb44a9a4d6f85f5530e404849e0b5206c8b4b6385857fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
2KB

MD5
bc316c1c8e5c5644a43757a6c3c3e04d

SHA1
261635b907b646b8c559cfd67eb40b640b449dee

SHA256
7d2f974235d482763b421aab57c6f04d53fd963fccd6884ab83473e7c1895d5f

SHA512
5a1c4272b5532d8c16f424d5d014175da6cd456e81b726d176168a2c626dc6b1b44be616d233f589106ca26656c6dbc563eeb0886a3ca52d0a2d9a1217cc5d6d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\AF11BD9903F89351FA7C3EE3B4C96930_F2804F1978D7AC4139033E76F6AC80BE

Filesize
2KB

MD5
fbaf7c45bcdb0f956e9996a77a91b982

SHA1
2f83c8e856b01496876090fcddbb413697498797

SHA256
096ef04d5eccf40bd0fd5f76d1bf28d9f8375010aacc83f4b64b99ebafb196e8

SHA512
06935f23335656015c0cadaaabd7edc357753866ac10fc70e8b1a9bb180c1b33ea890850a6875037097c9c9fe67ed9c168955ef16ac725d53619027686aaa433

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
1KB

MD5
9cb683468dab466a6d5b21416af04cd1

SHA1
35520b5495c0554a2bcae74286db345a2c00b105

SHA256
8fb66ee6e3f33772d9db72b8a51a287d5f7b577fb50d0883f0471449a4c4f6b7

SHA512
90965d7c1328796a45cc7e7ffe7b74947cf66e31b8ea496ecd2363edbd374d751d6a6fb3a7394c07ce726796d77ef324e1dc9b82f5adeb4ede1dbfc19ab307ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\156887258BBD6E1FEF562837733EA04E_5BBC02CEDFD3F7AC9E268D830CF231EE

Filesize
458B

MD5
c915cc0e46b383e1c7c5a5bb84a8554e

SHA1
83df8c473237584739db0fd7a0c17f4d928230fd

SHA256
60fb53ea79d1e3e3d3eb34205ae8eba1fb56114b5d0e85dc94f60e376c8cb5ff

SHA512
32c52b8f009629e53e45c0b066b52fa7703114bc2f45c509280883d7c0eb0298cb8ab4144ca4ee92f811d03639300fa1ef02d58ce00d8d1dbf60501d416bd6d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
450B

MD5
387e0d894e8f38852f177fce22974fa5

SHA1
b7a34d9484bb29d347e9be9b64a3105ee5a1d6c0

SHA256
6765704eb6e312ab01bdc202838aae4960bf9eeb6acaeac435fdf6562f7c4692

SHA512
8708eda52042f47cdff75e5b8f04558bb7d74a0e4c104fc3317f8881480a920b16278b90e1a45b2a9ee9a9281d80e72cd807cc91640f264a67782758112f0fa0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\AF11BD9903F89351FA7C3EE3B4C96930_F2804F1978D7AC4139033E76F6AC80BE

Filesize
458B

MD5
715e60e02b76726529b659d7b4444daa

SHA1
4b822646709393637628972b7372732c0510fd1b

SHA256
fbff6a153ec8ebcb8f9068db27c698f0b99a52abf70a0c45dd36acebb77b89b0

SHA512
e2f42f14e46224f2585ca30f6e30b2131d4aa5caf4c668bd01b32bd584e30d20532f26784ff19c9c7ee9752b700e93da14879fd970c48d5db418e1e14b147de8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
458B

MD5
cd5dddf327768a46ae7e217538ae97fb

SHA1
67d7a02b3ac77bd1a1d78996959f3add284c88bc

SHA256
a5ffc36944ea36ebe5f8b4dcb60554908268b0f3ab71a6fe75ee7480a887d660

SHA512
64f62d2910a6c65d83f4776dafc21a8db538b29dff869964065b9424b3b0ba82e71ee66c3bdc28d20c6ebfb44062a167a1572ee96b5c3f6cf13bb2729f8ac3ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\eakSv\eakSv.dll

Filesize
112KB

MD5
2f1a50031dcf5c87d92e8b2491fdcea6

SHA1
71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

SHA256
47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

SHA512
1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

Download Submit
memory/312-234-0x00000198DE000000-0x00000198DE100000-memory.dmp

Filesize
1024KB

Download
memory/312-233-0x00000198DE000000-0x00000198DE100000-memory.dmp

Filesize
1024KB

Download
memory/928-197-0x00000206C80E0000-0x00000206C80E1000-memory.dmp

Filesize
4KB

Download
memory/928-198-0x00000206C80F0000-0x00000206C80F1000-memory.dmp

Filesize
4KB

Download
memory/928-15-0x00000206C1520000-0x00000206C1530000-memory.dmp

Filesize
64KB

Download
memory/928-50-0x00000206C06C0000-0x00000206C06C2000-memory.dmp

Filesize
8KB

Download
memory/928-31-0x00000206C1620000-0x00000206C1630000-memory.dmp

Filesize
64KB

Download
memory/2544-11-0x00007FFE6C5C0000-0x00007FFE6CFAC000-memory.dmp

Filesize
9.9MB

Download
memory/2544-10-0x00000258A83C0000-0x00000258A85B4000-memory.dmp

Filesize
2.0MB

Download
memory/2544-1-0x000002588BD90000-0x000002588C6E2000-memory.dmp

Filesize
9.3MB

Download
memory/2544-12-0x00007FFE6C5C0000-0x00007FFE6CFAC000-memory.dmp

Filesize
9.9MB

Download
memory/2544-13-0x00007FFE6C5C3000-0x00007FFE6C5C4000-memory.dmp

Filesize
4KB

Download
memory/2544-14-0x00007FFE6C5C0000-0x00007FFE6CFAC000-memory.dmp

Filesize
9.9MB

Download
memory/2544-9-0x00000258A7480000-0x00000258A8030000-memory.dmp

Filesize
11.7MB

Download
memory/2544-0-0x00007FFE6C5C3000-0x00007FFE6C5C4000-memory.dmp

Filesize
4KB

Download
memory/2544-8-0x00007FFE6C5C0000-0x00007FFE6CFAC000-memory.dmp

Filesize
9.9MB

Download
memory/2544-307-0x00007FFE6C5C0000-0x00007FFE6CFAC000-memory.dmp

Filesize
9.9MB

Download
memory/2680-113-0x000001EE1D8F0000-0x000001EE1D8F2000-memory.dmp

Filesize
8KB

Download
memory/2680-130-0x000001EE1E210000-0x000001EE1E212000-memory.dmp

Filesize
8KB

Download
memory/2680-80-0x000001EE0D100000-0x000001EE0D200000-memory.dmp

Filesize
1024KB

Download
memory/2680-79-0x000001EE0D100000-0x000001EE0D200000-memory.dmp

Filesize
1024KB

Download
memory/2680-106-0x000001EE1D8B0000-0x000001EE1D8B2000-memory.dmp

Filesize
8KB

Download
memory/2680-125-0x000001EE1E580000-0x000001EE1E582000-memory.dmp

Filesize
8KB

Download
memory/2680-135-0x000001EE1E250000-0x000001EE1E252000-memory.dmp

Filesize
8KB

Download
memory/2680-137-0x000001EE1E270000-0x000001EE1E272000-memory.dmp

Filesize
8KB

Download
memory/2680-132-0x000001EE1E230000-0x000001EE1E232000-memory.dmp

Filesize
8KB

Download
memory/2680-180-0x000001EE1E900000-0x000001EE1E902000-memory.dmp

Filesize
8KB

Download
memory/2680-122-0x000001EE1E4C0000-0x000001EE1E4C2000-memory.dmp

Filesize
8KB

Download
memory/2680-120-0x000001EE1E4A0000-0x000001EE1E4A2000-memory.dmp

Filesize
8KB

Download
memory/2680-118-0x000001EE1DF20000-0x000001EE1DF22000-memory.dmp

Filesize
8KB

Download
memory/2680-115-0x000001EE1DF00000-0x000001EE1DF02000-memory.dmp

Filesize
8KB

Download
memory/2680-210-0x000001EE1E780000-0x000001EE1E782000-memory.dmp

Filesize
8KB

Download
memory/2680-110-0x000001EE1D8E0000-0x000001EE1D8E2000-memory.dmp

Filesize
8KB

Download
memory/2680-108-0x000001EE1D8D0000-0x000001EE1D8D2000-memory.dmp

Filesize
8KB

Download
memory/3760-60-0x000001946D3C0000-0x000001946D4C0000-memory.dmp

Filesize
1024KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads