Overview

overview

10

Static

static

3

Microsoft Edge.exe

windows7-x64

10

Microsoft Edge.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/03/2025, 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Microsoft Edge.exe

  • Size

    3.3MB

  • MD5

    a06a19515b00d599ecbf2c6d7a2a185a

  • SHA1

    79c2ebaa97f6a46f6b10929d6c268541a9580aff

  • SHA256

    ff853e1b05a5ce860ea3cc1f6beac04ac7721ca15f30795957fb35333623c76f

  • SHA512

    f1fdba22e8f065e57fcfd468fe1e8afb40bf7e279919084ac32e1f085ef9b3d033e1462fa4295430bee063e9f0d7510899766f23abe3b4cb9121706bd4c9c2c4

  • SSDEEP

    98304:xx6lXt2M6z/UsjaVs9jZ0WgH8zcinUP2yWkIy8vE:xx6dn6znXjCW1AiUeoaM

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

Attributes
  • Install_directory

    %AppData%

  • install_file

    Microsoft Edge.exe

  • pastebin_url

    https://pastebin.com/raw/zYgpCQBC

  • telegram

    https://api.telegram.org/bot7322335748:AAEr-qkbNoi4AH-VkGzWTsoAJ0Jx3HkKwbk/sendMessage?chat_id=7763830849

Signatures

  • Detect Xworm Payload 4 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 10 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 8 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Control Panel 2 IoCs
    defense_evasion
  • Modifies registry class 33 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    defense_evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 25 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Microsoft Edge.exe
    "C:\Users\Admin\AppData\Local\Temp\Microsoft Edge.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4176
    • C:\Users\Admin\AppData\Roaming\SvMicrosoft Edge.exe
      "C:\Users\Admin\AppData\Roaming\SvMicrosoft Edge.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2312
    • C:\Users\Admin\AppData\Roaming\XMouseButtonControlSetup.2.20.5.exe
      "C:\Users\Admin\AppData\Roaming\XMouseButtonControlSetup.2.20.5.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4416
      • C:\Users\Admin\AppData\Local\Temp\1.exe
        "C:\Users\Admin\AppData\Local\Temp\1.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4136
      • C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
        "C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Control Panel
        • Modifies registry class
        PID:232
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9aa1046f8,0x7ff9aa104708,0x7ff9aa104718
      2⤵
        PID:4056
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,1756915811879030590,18075473665500653791,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        2⤵
          PID:2868
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,1756915811879030590,18075473665500653791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2320
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,1756915811879030590,18075473665500653791,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
          2⤵
            PID:3464
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1756915811879030590,18075473665500653791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:4928
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1756915811879030590,18075473665500653791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:3872
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1756915811879030590,18075473665500653791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                2⤵
                  PID:4256
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,1756915811879030590,18075473665500653791,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3748 /prefetch:2
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1352
              • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
                "C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
                1⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Modifies system certificate store
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                • Suspicious use of SetWindowsHookEx
                PID:3268
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:1636
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4208

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
                    Filesize

                    364KB

                    MD5

                    80d5f32b3fc515402b9e1fe958dedf81

                    SHA1

                    a80ffd7907e0de2ee4e13c592b888fe00551b7e0

                    SHA256

                    0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

                    SHA512

                    1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

                    Download Submit

                  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
                    Filesize

                    1.7MB

                    MD5

                    bb632bc4c4414303c783a0153f6609f7

                    SHA1

                    eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

                    SHA256

                    7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

                    SHA512

                    15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

                    Download Submit

                  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll
                    Filesize

                    1.0MB

                    MD5

                    d62a4279ebba19c9bf0037d4f7cbf0bc

                    SHA1

                    5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

                    SHA256

                    c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

                    SHA512

                    6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    f2b08db3d95297f259f5aabbc4c36579

                    SHA1

                    f5160d14e7046d541aee0c51c310b671e199f634

                    SHA256

                    a43c97e4f52c27219be115d0d63f8ff38f98fc60f8aab81136e068ba82929869

                    SHA512

                    3256d03196afe4fbe81ae359526e686684f5ef8ef03ce500c64a3a8a79c72b779deff71cf64c0ece7d21737ffc67062ec8114c3de5cafd7e8313bb0d08684c75

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    6cdd2d2aae57f38e1f6033a490d08b79

                    SHA1

                    a54cb1af38c825e74602b18fb1280371c8865871

                    SHA256

                    56e7dc53fb8968feac9775fc4e2f5474bab2d10d5f1a5db8037435694062fbff

                    SHA512

                    6cf1ccd4bc6ef53d91c64f152e90f2756f34999a9b9036dc3c4423ec33e0dcee840e754d5efac6715411751facbe78acc6229a2c849877589755f7f578ef949a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                    Filesize

                    168B

                    MD5

                    f6e68f1e630df6e2ed8c19949d1f0f0c

                    SHA1

                    900bdf1de64073daa5d770075a602db140c4284f

                    SHA256

                    1b82d37f9600c41b45222d0988fdeb128d89e0fe728d6c61e2fa936b25f8e366

                    SHA512

                    0e5c6680e1e3854478387bc95f7ccafe80ee061dee2c2ba468f7028cf3b52a58552e3029051bf547e4b815ccdf6442cd6dd48ae002a6e8931cf01f2ce6e71467

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                    Filesize

                    1KB

                    MD5

                    19af8e0183a65d624643006a80baf7f5

                    SHA1

                    017f28015e21b8af1de68d71aac02c573c61c33f

                    SHA256

                    de70e4fb8250c05f6fc332e6eaf26f8c757b8e69bf6100bb51b5f8ea83063089

                    SHA512

                    0fa62161831a9047b17f56b5880fbd2b4c5e204bbb67620b39d13932a660d802926d0b814f97ce3baaa448ed75dcf45bfad537b71e5e5f113c5f19eac98b9695

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    5KB

                    MD5

                    106be2fdeb6bc357e28f2882e6f1b7f8

                    SHA1

                    7227aa9cf5fbebfa9f8f84a95aac36355b20e627

                    SHA256

                    e31e3521553fe65e403a0ff3e65f6c4e2cb4127bfde090cb15d887c7a5f6109e

                    SHA512

                    cdb7e57abbe3b3078b8cf761fab1c7edd6e513776922b524d7235374b16a98ed82c9433098738c170d34ac68a9bfa8ace1e2cfc8b02ef4c55edfad0a285215bc

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    dac6fd04a6150b028bd8f146b1ecbf7b

                    SHA1

                    7b0d1f57a3df188c8ae7347e8aba04b7652e2110

                    SHA256

                    46d8f9bf4b15252a547c0e7a81dd729658e24fa5423b30244c2bb9ae23a68909

                    SHA512

                    2480660e4e583266c940e328b6b2f1e24ad7f40bdeed2f0dedf56919bed05ce29857bd4a0c2aaf97fc71576b3363b7d1ea204c357aa6d31145871c5030711f97

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                    Filesize

                    10KB

                    MD5

                    d06c0f891c2d70611becd35310e2d4a0

                    SHA1

                    ecd8b88fa4af103aff66ff57e53538886d4dbe49

                    SHA256

                    e63cf30987182bd7810b8963e6c7eb06d46e935b9ecdfceeacc6e87341f77721

                    SHA512

                    eb487efc2daa1d61c4d9cb6040cf40f1b86ea7cb9c01de8733d6f1af2e4a18bc4c90f658fe1a9e7106e9f34cc42aebc4f4a32cb659e25b7869850cbdfeed8102

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\1.exe
                    Filesize

                    72KB

                    MD5

                    86ca1f0b4ffa5c117debfd36930bd8ed

                    SHA1

                    b60034026605cbb7bfa0d959a2490d5ee8afc07e

                    SHA256

                    0269d49364112f21d4013cf1313b89d85f721497ebb00a74f94f70accefcf466

                    SHA512

                    a59c702fe1dac077cb123287f1b8cfb20e14d49ed589ede8350c1643d2cb65d72df2a68c6e4d7bd5b8606a299018521c2c66b3f534280d7de7420cc58b1dca9d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
                    Filesize

                    2.9MB

                    MD5

                    2e9725bc1d71ad1b8006dfc5a2510f88

                    SHA1

                    6e1f7d12881696944bf5e030a7d131b969de0c6c

                    SHA256

                    2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

                    SHA512

                    62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\nss1932.tmp\InstallOptions.dll
                    Filesize

                    14KB

                    MD5

                    d753362649aecd60ff434adf171a4e7f

                    SHA1

                    3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

                    SHA256

                    8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

                    SHA512

                    41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\nss1932.tmp\ShellExecAsUser.dll
                    Filesize

                    7KB

                    MD5

                    86a81b9ab7de83aa01024593a03d1872

                    SHA1

                    8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

                    SHA256

                    27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

                    SHA512

                    cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\nss1932.tmp\System.dll
                    Filesize

                    10KB

                    MD5

                    56a321bd011112ec5d8a32b2f6fd3231

                    SHA1

                    df20e3a35a1636de64df5290ae5e4e7572447f78

                    SHA256

                    bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

                    SHA512

                    5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\nss1932.tmp\ioSpecial.ini
                    Filesize

                    697B

                    MD5

                    6e6ed180a531b7e89ff80e423734aa03

                    SHA1

                    cf77a32d56deb931929026b9ab1c9ce2fc568f03

                    SHA256

                    3aa400c358cc88ebe3cb9228c04cec116dd4eaf223ed983b9921bdf4d792e99f

                    SHA512

                    bf433e2776f7baee8c64eef479da719b8789f75fb03f0aa32b0e4ace337f88a1d3da5f07937239ea11b9d58b5f44f187cf2e839dfa9cc0b9bb30306adeef8e39

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\nss1932.tmp\ioSpecial.ini
                    Filesize

                    710B

                    MD5

                    88c94ff128e9ff03d3eae49fcde74f21

                    SHA1

                    fa16f8a9f4b9a983d10456a691cab3da089a8637

                    SHA256

                    40709ef4d3eb6c26fb6458d4bc9443a93310be8dbdf03f335301b57999c8f094

                    SHA512

                    f0605fa5cc17ffde5935db14c02972805e4b464dbc09c0795a2518ea4bb7a6381c7c1485761f3169a78c49b8f20b96eb9b802a80c92d55052b4d9db738066b83

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\nss1932.tmp\ioSpecial.ini
                    Filesize

                    418B

                    MD5

                    704007704608fa8f0fb8bb980f45e334

                    SHA1

                    4d367fff74f43bcdefa63c3fd3ad091a9811c260

                    SHA256

                    95afdf70a14e72c6a7437a206d0ec5073d14a3e88e92bccc120a9b920779329b

                    SHA512

                    54a90a696e1679eef4a8a10a55699a261e2411ea90aeec7a428b4b64f2ca14d929ee1148c4e1fcf259f75ae95e0228f77ebff0c584f9f084f93eef8dadf694e4

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\nss1932.tmp\ioSpecial.ini
                    Filesize

                    726B

                    MD5

                    d21cdd0d7b8cada4a57ed8ed56b7d047

                    SHA1

                    0d15d0ea90c5a2d99516ce0c1d78c8565bf5d0f3

                    SHA256

                    556f63a84778d39374ad3d07f875eaf3cc64a787b531e8737ea0f8cdc21bc43b

                    SHA512

                    fac94693c899bb90f0e25a998ece0e91e31cebc7ad16430ed7628fe687db83b2ef93628d455ddc068e34eefcb91d67a0910024decf0ca0bfc363b0b6252132a7

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\nss1932.tmp\nsDialogs.dll
                    Filesize

                    9KB

                    MD5

                    f832e4279c8ff9029b94027803e10e1b

                    SHA1

                    134ff09f9c70999da35e73f57b70522dc817e681

                    SHA256

                    4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

                    SHA512

                    bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\SvMicrosoft Edge.exe
                    Filesize

                    196KB

                    MD5

                    3704b4108c5fc22934f53039170e80b1

                    SHA1

                    3e7c89c12ce94732bd98faf4f213519679c5a258

                    SHA256

                    58e1887c60d92b26ff6949984a37a5afcd79d72a2ca67091725b84c6a361298a

                    SHA512

                    a34d62a8c1c2a06a3826f5e9c9d685fd104887a4dd5c8daf47372d8c95fb8c89d02682b63eb0c8883df56303b3a135d11ebd4601f5b9198587fb602cba27f63d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\XMouseButtonControlSetup.2.20.5.exe
                    Filesize

                    3.0MB

                    MD5

                    ed193fb6b7c818e0cb4f23b28063afa4

                    SHA1

                    2dd264437554fb82fb2da776bab1b213795a4480

                    SHA256

                    0c5c102b1ac5d2a8be80d3fbceaab8392e544c9be9622443fbd4c5f710e3e005

                    SHA512

                    bc35b1805336406c2ebe5365bf5af83223f6412f3cc98cf20b38cfc5a7b34f5c685fc33a39dc8e9780c9f6d7db58a8b345b975be8c1ee35dec6ff1d4edc4242f

                    Download Submit

                  • memory/2312-22-0x00007FF9A99A0000-0x00007FF9AA461000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/2312-140-0x00007FF9A99A0000-0x00007FF9AA461000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/2312-13-0x0000000000E80000-0x0000000000EB6000-memory.dmp

                    Filesize

                    216KB

                    Download

                  • memory/2312-139-0x00007FF9A99A0000-0x00007FF9AA461000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/4136-44-0x0000000000100000-0x0000000000118000-memory.dmp

                    Filesize

                    96KB

                    Download

                  • memory/4176-0-0x00007FF9A99A3000-0x00007FF9A99A5000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/4176-1-0x0000000000FC0000-0x000000000130E000-memory.dmp

                    Filesize

                    3.3MB

                    Download

                  • memory/4416-51-0x00007FF9A99A0000-0x00007FF9AA461000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/4416-30-0x00007FF9A99A0000-0x00007FF9AA461000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/4416-27-0x0000000000A50000-0x0000000000D4A000-memory.dmp

                    Filesize

                    3.0MB

                    Download

                  • memory/4416-28-0x00007FF9A99A0000-0x00007FF9AA461000-memory.dmp

                    Filesize

                    10.8MB

                    Download