75eaf0cad1ec5a2d549238ad1dd05b1df911ba69dede4fcfd0aafa0aa01db8a0

Analysis

max time kernel
1563s
max time network
1567s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-12-2024 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.6 BypChat.zip
Size

106.6MB
MD5

bbddcd512fcb1bf4efdb11987c45d861
SHA1

9fcab4ae4f41f478e8b8eda82e19d7e37fffaf63
SHA256

75eaf0cad1ec5a2d549238ad1dd05b1df911ba69dede4fcfd0aafa0aa01db8a0
SHA512

8dcae5750daee9802eab794d82db0c8830a8772d9d9733a78d879481f9de3b634f410a75d83d17e2e956081fc7aa6f0d7611a33f715175dc1205a1be76341569
SSDEEP

3145728:aU6Yky/N+O5V6HToU3usY7N6pzeWlDgal:V7N+On6HbesgN6MY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 42 IoCs

pid	Process
2204	dnSpy.exe
1548	Xworm V5.6.exe
1216	Xworm V5.6.exe
2548	Xworm V5.6.exe
2608	Xworm V5.6.exe
2856	Xworm V5.6.exe
2372	Xworm V5.6.exe
2244	Xworm V5.6.exe
2016	Xworm V5.6.exe
1472	Xworm V5.6.exe
1196	Xworm V5.6.exe
576	Xworm V5.6.exe
768	Xworm V5.6.exe
2760	Xworm V5.6.exe
2772	Xworm V5.6.exe
2780	Xworm V5.6.exe
588	Xworm V5.6.exe
1752	Xworm V5.6.exe
1936	Xworm V5.6.exe
444	Xworm V5.6.exe
2800	Xworm V5.6.exe
2356	Xworm V5.6.exe
776	Xworm V5.6.exe
1016	Xworm V5.6.exe
3064	Xworm V5.6.exe
1232	Xworm V5.6.exe
2216	Xworm V5.6.exe
2380	Xworm V5.6.exe
316	Xworm V5.6.exe
2744	Xworm V5.6.exe
1212	Xworm V5.6.exe
3000	Xworm V5.6.exe
2552	Xworm V5.6.exe
1508	Xworm V5.6.exe
1592	Xworm V5.6.exe
2720	Xworm V5.6.exe
1904	Xworm V5.6.exe
1492	Xworm V5.6.exe
2324	Xworm V5.6.exe
2620	Xworm V5.6.exe
2560	Xworm V5.6.exe
2604	dnSpy.exe

Loads dropped DLL 64 IoCs

pid	Process
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe
2204	dnSpy.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2780	7zFM.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeRestorePrivilege	2780	7zFM.exe
Token: 35	2780	7zFM.exe
Token: SeSecurityPrivilege	2780	7zFM.exe
Token: 33	1212	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1212	AUDIODG.EXE
Token: 33	1212	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1212	AUDIODG.EXE
Token: SeRestorePrivilege	2672	7zG.exe
Token: 35	2672	7zG.exe
Token: SeSecurityPrivilege	2672	7zG.exe
Token: SeSecurityPrivilege	2672	7zG.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2780	7zFM.exe
2780	7zFM.exe
2204	dnSpy.exe
2672	7zG.exe
2604	dnSpy.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 660	1548	Xworm V5.6.exe	35
PID 1548 wrote to memory of 660	1548	Xworm V5.6.exe	35
PID 1548 wrote to memory of 660	1548	Xworm V5.6.exe	35
PID 2548 wrote to memory of 2672	2548	Xworm V5.6.exe	39
PID 2548 wrote to memory of 2672	2548	Xworm V5.6.exe	39
PID 2548 wrote to memory of 2672	2548	Xworm V5.6.exe	39
PID 2608 wrote to memory of 2468	2608	Xworm V5.6.exe	41
PID 2608 wrote to memory of 2468	2608	Xworm V5.6.exe	41
PID 2608 wrote to memory of 2468	2608	Xworm V5.6.exe	41
PID 2856 wrote to memory of 2124	2856	Xworm V5.6.exe	43
PID 2856 wrote to memory of 2124	2856	Xworm V5.6.exe	43
PID 2856 wrote to memory of 2124	2856	Xworm V5.6.exe	43
PID 2372 wrote to memory of 996	2372	Xworm V5.6.exe	47
PID 2372 wrote to memory of 996	2372	Xworm V5.6.exe	47
PID 2372 wrote to memory of 996	2372	Xworm V5.6.exe	47
PID 2244 wrote to memory of 1256	2244	Xworm V5.6.exe	49
PID 2244 wrote to memory of 1256	2244	Xworm V5.6.exe	49
PID 2244 wrote to memory of 1256	2244	Xworm V5.6.exe	49
PID 2016 wrote to memory of 1996	2016	Xworm V5.6.exe	50
PID 2016 wrote to memory of 1996	2016	Xworm V5.6.exe	50
PID 2016 wrote to memory of 1996	2016	Xworm V5.6.exe	50
PID 1472 wrote to memory of 1428	1472	Xworm V5.6.exe	53
PID 1472 wrote to memory of 1428	1472	Xworm V5.6.exe	53
PID 1472 wrote to memory of 1428	1472	Xworm V5.6.exe	53
PID 1196 wrote to memory of 1092	1196	Xworm V5.6.exe	55
PID 1196 wrote to memory of 1092	1196	Xworm V5.6.exe	55
PID 1196 wrote to memory of 1092	1196	Xworm V5.6.exe	55
PID 576 wrote to memory of 2736	576	Xworm V5.6.exe	58
PID 576 wrote to memory of 2736	576	Xworm V5.6.exe	58
PID 576 wrote to memory of 2736	576	Xworm V5.6.exe	58
PID 768 wrote to memory of 2168	768	Xworm V5.6.exe	60
PID 768 wrote to memory of 2168	768	Xworm V5.6.exe	60
PID 768 wrote to memory of 2168	768	Xworm V5.6.exe	60
PID 2760 wrote to memory of 480	2760	Xworm V5.6.exe	62
PID 2760 wrote to memory of 480	2760	Xworm V5.6.exe	62
PID 2760 wrote to memory of 480	2760	Xworm V5.6.exe	62
PID 2772 wrote to memory of 2392	2772	Xworm V5.6.exe	63
PID 2772 wrote to memory of 2392	2772	Xworm V5.6.exe	63
PID 2772 wrote to memory of 2392	2772	Xworm V5.6.exe	63
PID 2780 wrote to memory of 1888	2780	Xworm V5.6.exe	64
PID 2780 wrote to memory of 1888	2780	Xworm V5.6.exe	64
PID 2780 wrote to memory of 1888	2780	Xworm V5.6.exe	64
PID 588 wrote to memory of 288	588	Xworm V5.6.exe	68
PID 588 wrote to memory of 288	588	Xworm V5.6.exe	68
PID 588 wrote to memory of 288	588	Xworm V5.6.exe	68
PID 1936 wrote to memory of 1304	1936	Xworm V5.6.exe	71
PID 1936 wrote to memory of 1304	1936	Xworm V5.6.exe	71
PID 1936 wrote to memory of 1304	1936	Xworm V5.6.exe	71
PID 444 wrote to memory of 1704	444	Xworm V5.6.exe	72
PID 444 wrote to memory of 1704	444	Xworm V5.6.exe	72
PID 444 wrote to memory of 1704	444	Xworm V5.6.exe	72
PID 1752 wrote to memory of 1944	1752	Xworm V5.6.exe	73
PID 1752 wrote to memory of 1944	1752	Xworm V5.6.exe	73
PID 1752 wrote to memory of 1944	1752	Xworm V5.6.exe	73
PID 2800 wrote to memory of 852	2800	Xworm V5.6.exe	74
PID 2800 wrote to memory of 852	2800	Xworm V5.6.exe	74
PID 2800 wrote to memory of 852	2800	Xworm V5.6.exe	74
PID 3064 wrote to memory of 2084	3064	Xworm V5.6.exe	79
PID 3064 wrote to memory of 2084	3064	Xworm V5.6.exe	79
PID 3064 wrote to memory of 2084	3064	Xworm V5.6.exe	79
PID 2356 wrote to memory of 784	2356	Xworm V5.6.exe	80
PID 2356 wrote to memory of 784	2356	Xworm V5.6.exe	80
PID 2356 wrote to memory of 784	2356	Xworm V5.6.exe	80
PID 776 wrote to memory of 2176	776	Xworm V5.6.exe	83

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6 BypChat.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2780

C:\Users\Admin\Desktop\dnSpy-net-win64\dnSpy.exe
"C:\Users\Admin\Desktop\dnSpy-net-win64\dnSpy.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:2204

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1548 -s 528
  2⤵
  PID:660

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:1216

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2548 -s 528
  2⤵
  PID:2672

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2608 -s 528
  2⤵
  PID:2468

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2856 -s 528
  2⤵
  PID:2124

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2372 -s 528
  2⤵
  PID:996

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2244 -s 528
  2⤵
  PID:1256

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2016 -s 528
  2⤵
  PID:1996

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1472 -s 532
  2⤵
  PID:1428

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1196 -s 528
  2⤵
  PID:1092

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:576
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 576 -s 532
  2⤵
  PID:2736

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:768
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 768 -s 528
  2⤵
  PID:2168

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2760 -s 528
  2⤵
  PID:480

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2772 -s 528
  2⤵
  PID:2392

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2780 -s 528
  2⤵
  PID:1888

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:588
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 588 -s 528
  2⤵
  PID:288

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1936 -s 528
  2⤵
  PID:1304

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1752 -s 528
  2⤵
  PID:1944

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:444
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 444 -s 532
  2⤵
  PID:1704

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2800 -s 528
  2⤵
  PID:852

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2356 -s 528
  2⤵
  PID:784

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:776
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 776 -s 528
  2⤵
  PID:2176

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:1016
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1016 -s 528
  2⤵
  PID:1096

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3064 -s 528
  2⤵
  PID:2084

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:1232
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1232 -s 528
  2⤵
  PID:2448

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:2216
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2216 -s 528
  2⤵
  PID:1376

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:2380
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2380 -s 528
  2⤵
  PID:1892

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:2744
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2744 -s 528
  2⤵
  PID:1548

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:1212
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1212 -s 528
  2⤵
  PID:2308

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:316
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 316 -s 528
  2⤵
  PID:660

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:3000
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3000 -s 528
  2⤵
  PID:3008

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:2552
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2552 -s 528
  2⤵
  PID:1984

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:1508
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1508 -s 532
  2⤵
  PID:2580

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:1592
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1592 -s 528
  2⤵
  PID:1276

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:2720
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2720 -s 532
  2⤵
  PID:2184

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:1904
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1904 -s 528
  2⤵
  PID:1524

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:1492
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1492 -s 528
  2⤵
  PID:2240

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:2620
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2620 -s 528
  2⤵
  PID:2164

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:2324
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2324 -s 528
  2⤵
  PID:1576

C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 BypChat\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
PID:2560
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2560 -s 528
  2⤵
  PID:3028

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\XWorm V5.6 BypChat\GMap.NET.WindowsForms.dll
1⤵
PID:2252

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\XWorm V5.6 BypChat\GMap.NET.WindowsForms.dll
1⤵
PID:2880

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\XWorm V5.6 BypChat\GMap.NET.WindowsForms.dll
1⤵
PID:2220

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\XWorm V5.6 BypChat\GMap.NET.WindowsForms.dll
1⤵
PID:1020

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2140

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5a4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1212

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap1555:94:7zEvent5773
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2672

C:\Users\Admin\Desktop\dnSpy-net-win64\dnSpy.exe
"C:\Users\Admin\Desktop\dnSpy-net-win64\dnSpy.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zECDA7B7B7\XWorm V5.6 BypChat\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\Desktop\dnSpy-net-win64\bin\DirectWriteForwarder.dll

Filesize
485KB

MD5
fe18b6ed4c63d18156217dc30f1482e5

SHA1
1d1eccc4e03b086d49c453b4e5716e164892f006

SHA256
1f1093930ebc3779f2d4659ed3a31fd05cfa1dbffc0f7575955cb28e7b990c64

SHA512
c5c6e64eb2ab0ef93f6d823e002f895333983f4d151ac7296c7de65e9fb8096502f8db3035ded3612fb9c6c99a8a1c09c81c3ff84dca7e1b5c5b803d10e36052

Download Submit
C:\Users\Admin\Desktop\dnSpy-net-win64\bin\Microsoft.Win32.Primitives.dll

Filesize
22KB

MD5
61919123a166bc20a0f81c5abbf954de

SHA1
5cf381490ca233cf848320f698b75bcd796bf8d9

SHA256
e38a1bdac35ec926b8bf766fceec70293ba64d49380369ea4fdd8116280fd8a2

SHA512
7e445ae08a3f35ae336b27f0e27772f316369131c8ae61ac23ac519264c4697342a0f4a0cb2feb7e49c2140505984ad1bf8c38b43225b50a565d781d1992156d

Download Submit
C:\Users\Admin\Desktop\dnSpy-net-win64\bin\dnSpy.Contracts.DnSpy.dll

Filesize
945KB

MD5
5897a5f8bb3fdbaea1f5d37f1a0137e5

SHA1
ad75c9397106112ae52dd1cb93899d81ea0c2d6b

SHA256
a06639a52050f3d0f4644ccd55c7ba1572a7f63b5cf51067f8e9088f7cae2449

SHA512
7f6567700efa2b8b01193e58992dbba714c21ba9e67896a39247335886c0f4e6a210d0023b6b7559c509131f83d99e2f16acbd08b0c4ad672b15582bfc234add

Download Submit
C:\Users\Admin\Desktop\dnSpy-net-win64\bin\dnSpy.deps.json

Filesize
172KB

MD5
c5ebae728e2f6d81ebb2811311491990

SHA1
41b37ba7693bb8c9f9852a80d1752e39203ee878

SHA256
c30990252f79f8a94c56ce5af663acf1333c34a4dd2c8abd199c82c684a45408

SHA512
9acc4497bdcdb472cb7b59d257be5275803abfc358f56803b73cc11bd691cc4320135d534a47d00605610a7426db2115fe227adbc98b60aebb78d366f312e737

Download Submit
C:\Users\Admin\Desktop\dnSpy-net-win64\bin\dnSpy.dll

Filesize
3.5MB

MD5
1495a61498fafbc13a37b91bf32fe191

SHA1
770e93957a7fd7a3172a51a48c56e7159c1aee09

SHA256
13313b9a80d6fe4e86e289475a57c96451e6e98133e136a74619ba3443306d12

SHA512
1750161ce2cd2ed6c4c21d904d249459ad91ac4c9a96c00645848852a0c42c85b0ce8c790c41322e148b43988b8bf78ef89df49dd3a1825c343178c33762a48c

Download Submit
C:\Users\Admin\Desktop\dnSpy-net-win64\bin\dnSpy.runtimeconfig.json

Filesize
274B

MD5
c0bbae9a92c0004f0e48a1303834a4f1

SHA1
6254cc2e4595c272c88200a569ced499f82fb531

SHA256
d73d166ed2c36560e74ccd1067673bc17c881d570e09394ddd5ef0ffd3d9e8a4

SHA512
29a0025944bc65b708909a18e8d42723de52b5bf9fb191ab7936090f51edc4430791f341229f204e875d0673b046bc71e73842babc72312e19eb9c9019549272

Download Submit
C:\Users\Admin\Desktop\dnSpy-net-win64\bin\dnlib.dll

Filesize
1.1MB

MD5
4d0b771879de85137ee7e5f0d4bb4b16

SHA1
fc32cccd0cd5c3ebd968bcdf48e32a7ea25e9bd7

SHA256
962332e8c8cb459fb2f7dacec5d7a618cc53b1b49bc1740156398c89742f43fd

SHA512
bae39862ea07ebc5c9aa07a7333a880471baf4bf52eebedc03536e45584887eecc1075e0c0171229a54900ab93a66db9f666aa631c160912f538666da8c9e980

Download Submit
C:\Users\Admin\Desktop\dnSpy-net-win64\bin\hostfxr.dll

Filesize
487KB

MD5
fa1ba429770bc8b64ce65511f29ff88f

SHA1
c9af6e053edc6f4ce1fcd165f1635cd15db98a9f

SHA256
48d9968db0001585b27c46c96d47952e86a42540b236a7d6877e8c67b7fa79a1

SHA512
c6dd92c56739e0b11dfeb496bbc14b24374e1910cb1a4c83edbb07d2565b2279fae0a9325d363ea7b2c548aea429ab6dcb875328ad48dcf2ef3256eb6c2778a3

Download Submit
C:\Users\Admin\Desktop\dnSpy-net-win64\bin\hostpolicy.dll

Filesize
494KB

MD5
af83b14c9628f161c980f69f7ae7b2be

SHA1
8b38008a74370379548a3accd259f43833b529ff

SHA256
fb249fed957ee658bfc20dbe18d1810aed29cd0b626374d147da5891a24b1b52

SHA512
a70d3f787b63345e7c2d6fcc50f66858d3c4bfccc952c637900067c1b59312d6c72febd04749fa36e027d65eaf07c5d7f6e90c1ed4b28767f6f5d36dded15712

Download Submit
C:\Users\Admin\Desktop\dnSpy-net-win64\bin\mscorlib.dll

Filesize
55KB

MD5
a029bd0904a2966373c1302b0e0324a9

SHA1
b01c81668917eb6b8566c1fe210fb300648d97ba

SHA256
2b3ead4f40779324d728c8970721b3af78f8085877e73e1ae163085515ed285a

SHA512
33e9deb58c0f1220b097a6be47f8b00696261e61d0a3910cbe871cb03240aaf4acfde2af9a9dbf38c1b9061246fffc9eefe6b036d0cba87f351182c367c9acf1

Download Submit
C:\Users\Admin\Desktop\dnSpy-net-win64\bin\mscorrc.dll

Filesize
138KB

MD5
68c5c4241d78d1b9973beff2f96a6b24

SHA1
da17cd135c2f0ce05954cfa6ef5200a019d456d4

SHA256
35d573b3f48f074de868cbd82e7985cc9763d643eba218c16b65a3bcd778bcba

SHA512
e12afb50469922605f40255a625da8ceea8909f4eaf460dcdd279416fd49f97b2962bc07b67887bfe7c1471477d1f8fa2e5dd428022e5735075bbe6e91c1d133

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\PresentationCore.dll

Filesize
8.2MB

MD5
8248dae04024364aec8b53ce0a292ec7

SHA1
02d208a9641770565ba0b5cb670c02eb72cf4edd

SHA256
d9108c34ce90cfe678a8151ff48ccb814f7865263b233176a27c4745344a1a3f

SHA512
b65b492e9a110cb73135aa74e22626b53776784bad2966831125736706efb183e598f78175517150889cf42ddee1dfa4d79ce8d38474137df91dd185f1787fe3

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\System.Collections.NonGeneric.dll

Filesize
96KB

MD5
2e493ec3902127e6ae28eea5fcb8d8de

SHA1
554530e3655166bc7430060ead50056d00b1c0d5

SHA256
dda6e3fd90dcfa60c661a5c760268248e1379c07bd9c266a784d5b63f94b22a1

SHA512
17921b9c3f5ced1537915c562745d30985058e8a81932c5dd6dca72e42d6bf1b37d32991b6a16d2802ec3153b39b60979d6bf7c2b3e0fd7e7b2ea26af6bccb9f

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\System.Diagnostics.Debug.dll

Filesize
14KB

MD5
409aa1e6671ff019c128c60ef64f6c82

SHA1
7219f187def9d15b69e87bfa470225c5414e0c71

SHA256
ef95c63de453b85d493749502295ac69a79b9959b18b19346ce355f84e83fd1e

SHA512
1fe89a97e39746088388f4e521de6c8d1e4a577db72290f9614e3ac705cb22872181d19b442b688d841fe06cf6732b86cb7d13997b3b5c0848b1b29f37e4916a

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\System.Diagnostics.Tracing.dll

Filesize
14KB

MD5
04e44e8deaf68d6285623287e6494209

SHA1
060a22f69e413b47e6b0c2a8e9bf2f9b200c4575

SHA256
474dabc74f78e89a40de5be362ca399de630400b46e7cb81c224692ebdbeed25

SHA512
02bf3a560e4f10c1d2f208f16f03efc1cc7dbbdd8fcf875ef6040012663a1c6008331920ec62ccc09378f6337c8470e5b456566c4dbdb21478d079269df56ea1

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\System.IO.FileSystem.dll

Filesize
214KB

MD5
944c070c2ac2208867b57d15c319ccc6

SHA1
7ac800a94af0da43c78b3c3411aa21d45ccf911d

SHA256
aa4db7afcb061c7b1029c414beef19ad5bb319b69f6eb7756113c9f207162e63

SHA512
8d5693c6dfe07affc6d814db358aaf8c69c7d66d98d97bbb4b922d1bc192cc399c84642f16d6415dcd4189e49e96068fb9049306f05b8faa782bfc37f96403cf

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\System.Private.CoreLib.dll

Filesize
9.0MB

MD5
bd42384077787fb221c9f703fbb8bb88

SHA1
0228f9a53ff3abd70c711b86b489718307eeba05

SHA256
7a2279cd7d0507adcb206269bf0fe2e69f1059ebe5976f7413b76b769c75d531

SHA512
5e9c4a4182756d835bf231d5c8657eb98b82244740d9af034d59d0628d91ef0a25c11028f88c878513538bdb6cbc9ef4e4ec5b7564354ca346ea50fefd3c9fa2

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\System.Runtime.CompilerServices.VisualC.dll

Filesize
18KB

MD5
0d3b1fd3984d4b42539920b973ba359b

SHA1
70c8e7970ea3dd4b5c3c28ab0fd251dd4cac4160

SHA256
3d93fba495ca0b08f5f4300eef51428e29586223356df3a774473ef3ba02cb92

SHA512
dc3be7dee13e7eb86764da10dc15de7b29095ed944488fd7699c9121a986f5cf06823c2a44a97459e4b62067fbb76ad2aea712277658f6642300ad776c9f7641

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\System.Runtime.Extensions.dll

Filesize
16KB

MD5
621f8acc3152f04a3fd9a901b08985e2

SHA1
19e89c3f51c3d8048e1d2fe1de269f8906f291a4

SHA256
ddd7f16cf52c23b5953f67057bcddcc8fc7f11b32dfd93a1e3079fb0e81a56fb

SHA512
3b31121685825b9cab3e0def9b9549f9fc5580d240e3abe8058d65326d2cdd37b6cf9ceaabe2d56b66d91b283203c8fad518eb0de3a6b8c02afef23915bfb1f8

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\System.Runtime.InteropServices.dll

Filesize
47KB

MD5
48fb2d5f200c68a00ce0388770341478

SHA1
7279cd97c3f7f4753629e21cb8234e4082b1f890

SHA256
31286dd429d6588632adb78b514a0d9f8b8fc9ac2e88976d10f83d46cabdccb5

SHA512
e120bf83ca0bb6f91108d34839d88c23204e83b9805bac9bac3d08336132dbbd0c2b2012807d4ae1ebb1c5247d33cba4e2ba859ea45ed3f7517a0adbb1d3cdda

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\System.Runtime.dll

Filesize
41KB

MD5
715f4dc52da61002d5bb4e1a64108e82

SHA1
a48ea9b3a88780ff489858bc02ca42ce969fa593

SHA256
7445aa86efeb0045d10ad97ec6a3b5bc72556e06501f471d754ae033df87d5d0

SHA512
b0dd8a363eaf975aa517fd7f109e7100da24f1d0f5fea52780c47dec7679609d0029c82cc79f5ee6d1bd296d3875f42ef9c9cd9033392a1269de4596ec27bd91

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\System.Threading.dll

Filesize
75KB

MD5
f792dbcb5d39526e0066f92e0f09e39f

SHA1
48ff372e76c61a3514619d3d2140e8fb8874b473

SHA256
015914b354e42b685bb289943416d9b8705c4a0710b42955c0cb720c61139e9e

SHA512
de5fdc0aa64587010f19112eccd9ba33d12c0b73decf7a9d240e85e5cb8f56a27dacbc6858f0546d37a9460a32c17824e6da13c8bece7292557cfa02ba04c2e2

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\WindowsBase.dll

Filesize
2.1MB

MD5
e8674dbfceac4bc362c1f15cdc8fd2ef

SHA1
d2c693cc121df0a69e5c1d1ab67a43123601f8e3

SHA256
85812bc0cbe06a06ccdd20473155a5cfef31b1760767e29ea688457f2830ccc1

SHA512
c01d639a188e745a0c4e789598b60e99bf0ea0544ca9ebd6b12f3e158c0bbc1e164dd0aa274cadf4b1ea3c99254656d057dc36d9ee29904de0e021485e652fc1

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
0b1c38c9babecbe7664c80e0dc2c0e68

SHA1
eba69ffb10487780c1b5e35430dbef0e43b8cbd0

SHA256
cad6471e8393046ff3c623454fc904b33e6166e58ed05f98dc36c122309db618

SHA512
3fca96585f4f6f3968b9d76757b5428531c7aa3b72d0390cd552f567e47b7937b522bb417af06326ed04e45f83f228312774ae64c438bdd628f1eefb057adcb0

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
0fc56003ffa56ccbb9e7b4e361f8675f

SHA1
d3b6c0efc553d058d115a20ece9b28a29dd97b6a

SHA256
e85f92bab9228a9f68ed1dd45f10fd08a6e69ceb476cb2a62a2a4b43bf572c3d

SHA512
dbe5cf5ce11a797e13a0628ab737d85daf67005634a5168558fd683aac8dd90962742c5f071e1be746b0bdaa5179399f49835cc5cead525a683713e3948cbae5

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\clrjit.dll

Filesize
1.3MB

MD5
ae031b7fafb431d7e30b08d5e9a0b831

SHA1
28a59dd780e0329ef19248e953e8cf703a9f97b3

SHA256
97c766dbd9786e66e967263371b9f06a9f21aa2950795d4254a11edcd20e430e

SHA512
036e35fa9751c9c54006077da4ec5d248e9572d9b5e30f1af83992700d11210981df10141316b6afeb7ebe82d6e3517575bc9ba77cc7a9d2383b08ceceaf50fc

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\coreclr.dll

Filesize
4.9MB

MD5
27d49de876adc48752954f64f5db9da4

SHA1
2137a2a832fbb479bb2ae15297ca6d11a36cf68c

SHA256
f31d2089328db88ffd561f56db944cae79647478e2b72be201d95607b8ae1666

SHA512
d2bec99263f36fefe1760f22b656e8cdd27ba5c66d5df9e8509165a8f119f0ba63c6a766e25ed4895a927a089c816c59fdd0c2fc0b2b9f2a22db65abbb1d9fd0

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\bin\netstandard.dll

Filesize
111KB

MD5
349c39c3ff7dd2fb44d5fa3c5baf64c6

SHA1
b60d38ed5bcb35f66468a43dc4349dfa970b1c02

SHA256
737d504f6fa742b23cf4149cd0384fdbdc929bc4231bdd0d7bd772ea9dd1805f

SHA512
e63dd8f5e1392740a0e2228fcd88bba0392c5834ae2a3caa311e894b177623d636d12a5c0107f81f9b92e01fcdc75cbca287731eee4d136f73d1e9b6fca9bc0b

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\dnSpy.Console.exe

Filesize
139KB

MD5
56bb7df6ed7405a8ff99797423b44c6f

SHA1
99fafb636f51a5d1bc03cbf813f806e50d05bd2e

SHA256
826608b138ce60439dec9828aa246a847e02c34cc04a2933ba242696c770fcd2

SHA512
9f00bf86a1607f5bf441bbf6e6fa44b8c907ef431d7d5ba991cbadce09658a4322f952d3a7da7e8e2cad936501faf1fa156a1109289723c4f2ab233c2354e86d

Download Submit
\Users\Admin\Desktop\dnSpy-net-win64\dnSpy.exe

Filesize
207KB

MD5
5cf180fec9628c4df4267de3ed7a98a7

SHA1
edeaac9111d8f499378b67c983f7b7defbddb268

SHA256
bc1c4e0fc49c138bbfc223d3e94231cd4884439c663646d91e48fa005df6704a

SHA512
97149bb70657393965382a152f8dcdcd9bdca5a6914b788dcba6b92be1547a83fd2720afbd6b2deb9d20da524ee2bb85375d9ffd4b019157f0eef51d46539133

Download Submit
memory/1548-2050-0x0000000001270000-0x0000000001F9A000-memory.dmp

Filesize
13.2MB

Download
memory/2204-2039-0x0000000002090000-0x000000000209A000-memory.dmp

Filesize
40KB

Download
memory/2204-2044-0x0000000002090000-0x000000000209A000-memory.dmp

Filesize
40KB

Download
memory/2204-2040-0x0000000002090000-0x000000000209A000-memory.dmp

Filesize
40KB

Download
memory/2548-2053-0x0000000000C40000-0x000000000196A000-memory.dmp

Filesize
13.2MB

Download
memory/2604-4031-0x00000000020F0000-0x00000000020FA000-memory.dmp

Filesize
40KB

Download
memory/2604-4030-0x00000000020F0000-0x00000000020FA000-memory.dmp

Filesize
40KB

Download
memory/2608-2054-0x0000000000090000-0x0000000000DBA000-memory.dmp

Filesize
13.2MB

Download
memory/2856-2055-0x0000000001190000-0x0000000001EBA000-memory.dmp

Filesize
13.2MB

Download