a477aca2a30817273c6422a7378a28d7e1e46d13e99a8f84b978ef126cefa375

Resubmissions

28/03/2025, 18:47

250328-xffqks1qx4 10

27/03/2025, 23:25

250327-3ea2la1rv5 10

Analysis

max time kernel
84s
max time network
83s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
28/03/2025, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.3.7z
Size

29.5MB
MD5

9beb9885ff45fafcd599daa6878c6298
SHA1

2f99bb2e16eb4140b96248d7092b6cf466afb1ab
SHA256

a477aca2a30817273c6422a7378a28d7e1e46d13e99a8f84b978ef126cefa375
SHA512

20c8a67c24a9b0a0e88f204b77d8cf40707f41115237b55cf1b6be01e0681f93256fadb84913323cbe0413e3d2d49a1058dd254c99c8f979a37705cdd6165062
SSDEEP

786432:JfWIbeWlM/KrzeqOY0NoevqMlnkvlA/oUpxvgaRA+Xl7uPCZ6:JWICWVrDOHNooqMtkWwytlaA6

Score

7^/10

agilenet discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3204	XWorm V5.2.exe
4640	XWorm V5.2.exe

Loads dropped DLL 2 IoCs

pid	Process
3204	XWorm V5.2.exe
4640	XWorm V5.2.exe

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/files/0x00070000000282fc-166.dat	agile_net
behavioral1/memory/3204-170-0x00000254314E0000-0x00000254322BE000-memory.dmp	agile_net

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\it\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\en_CA\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\si\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\fi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\lv\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\cs\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\fr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\is\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\tr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\lo\messages.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ml\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\bg\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\da\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\hu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ru\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\nl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\kn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\te\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\sr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ro\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\sw\messages.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\msedge_url_fetcher_2320_1096067926\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\be\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ca\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\id\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\mr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\de\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\sk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\offscreendocument_main.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\bn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\en_GB\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\en\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\hy\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\sv\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\mn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ar\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ne\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ko\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ur\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\msedge_url_fetcher_5452_15824781\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\service_worker_bin_prod.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ja\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ka\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\pa\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\sl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ta\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\th\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\kk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\eu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\ms\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\es\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\gu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\gl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\no\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\pl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2320_1700537614\_locales\uk\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWorm V5.2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWorm V5.2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWorm V5.2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWorm V5.2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWorm V5.2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWorm V5.2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876613623899393"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zFM.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2067557190-3677960511-2209622391-1000\{B7ABFD07-3299-426A-88A8-262061A86480}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2067557190-3677960511-2209622391-1000\{88C61A6E-E4F8-4594-B3D4-0F61A008A8F0}	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1596	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5452	msedge.exe
5452	msedge.exe
5452	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	1596	7zFM.exe
Token: 35	1596	7zFM.exe
Token: SeSecurityPrivilege	1596	7zFM.exe
Token: SeDebugPrivilege	3204	XWorm V5.2.exe
Token: SeDebugPrivilege	4640	XWorm V5.2.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1596	7zFM.exe
1596	7zFM.exe
5452	msedge.exe
5452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 5452	4640	XWorm V5.2.exe	97
PID 4640 wrote to memory of 5452	4640	XWorm V5.2.exe	97
PID 5452 wrote to memory of 656	5452	msedge.exe	98
PID 5452 wrote to memory of 656	5452	msedge.exe	98
PID 5452 wrote to memory of 1832	5452	msedge.exe	99
PID 5452 wrote to memory of 1832	5452	msedge.exe	99
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3148	5452	msedge.exe	100
PID 5452 wrote to memory of 3112	5452	msedge.exe	101
PID 5452 wrote to memory of 3112	5452	msedge.exe	101
PID 5452 wrote to memory of 3112	5452	msedge.exe	101
PID 5452 wrote to memory of 3112	5452	msedge.exe	101
PID 5452 wrote to memory of 3112	5452	msedge.exe	101
PID 5452 wrote to memory of 3112	5452	msedge.exe	101
PID 5452 wrote to memory of 3112	5452	msedge.exe	101

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.7z"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1596

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1940

C:\Users\Admin\Desktop\XWorm V5.3\XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.3\XWorm V5.2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:3204

C:\Users\Admin\Desktop\XWorm V5.3\XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.3\XWorm V5.2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
  2⤵
  - Drops file in Windows directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x300,0x7ffea2a6f208,0x7ffea2a6f214,0x7ffea2a6f220
    3⤵
    PID:656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1928,i,7942451787240714487,15389689378049417781,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    PID:1832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2116,i,7942451787240714487,15389689378049417781,262144 --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:2
    3⤵
    PID:3148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1992,i,7942451787240714487,15389689378049417781,262144 --variations-seed-version --mojo-platform-channel-handle=2732 /prefetch:8
    3⤵
    PID:3112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3564,i,7942451787240714487,15389689378049417781,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
    3⤵
    PID:3868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3576,i,7942451787240714487,15389689378049417781,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
    3⤵
    PID:6132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5096,i,7942451787240714487,15389689378049417781,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:1
    3⤵
    PID:5036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5080,i,7942451787240714487,15389689378049417781,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:8
    3⤵
    PID:2932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3804,i,7942451787240714487,15389689378049417781,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:8
    3⤵
    PID:1636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,7942451787240714487,15389689378049417781,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
    3⤵
    PID:5764
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5760,i,7942451787240714487,15389689378049417781,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:8
    3⤵
    PID:3828
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5760,i,7942451787240714487,15389689378049417781,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:8
    3⤵
    PID:5436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Drops file in Windows directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    PID:2320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x30c,0x7ffea2a6f208,0x7ffea2a6f214,0x7ffea2a6f220
      4⤵
      PID:4744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2188,i,15524442430316035026,2894361833776521875,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:2
      4⤵
      PID:4224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,15524442430316035026,2894361833776521875,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:3
      4⤵
      PID:2260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1908,i,15524442430316035026,2894361833776521875,262144 --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:8
      4⤵
      PID:5848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4132,i,15524442430316035026,2894361833776521875,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8
      4⤵
      PID:376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4132,i,15524442430316035026,2894361833776521875,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8
      4⤵
      PID:2852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4584,i,15524442430316035026,2894361833776521875,262144 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:8
      4⤵
      PID:2960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4368,i,15524442430316035026,2894361833776521875,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:8
      4⤵
      PID:560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4748,i,15524442430316035026,2894361833776521875,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:8
      4⤵
      PID:912

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4076

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

Filesize
16KB

MD5
cfab81b800edabacbf6cb61aa78d5258

SHA1
2730d4da1be7238d701dc84eb708a064b8d1cf27

SHA256
452a5479b9a2e03612576c30d30e6f51f51274cd30ef576ea1e71d20c657376f

SHA512
ec188b0ee4d3daabc26799b34ee471bee988bdd7ceb011ed7df3d4cf26f98932bbbb4b70dc2b7fd4df9a3981b3ce22f4b5be4a0db97514d526e521575efb2ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0a33713f4320be61de2679c1a601e60e

SHA1
a0b7dea51f371e0a7766cdcc6463c7ee9509c94e

SHA256
c2bb2ec86ba57e4a72b66cc3d6bfae3337b86514f71e55833e987783f704193f

SHA512
3326c7e4df151133806d285d4d43da08d2d9cc6bc15d9645f25b31f127edf0d32af03f3d236622a56e573e7ead2a158a40813d6156e5f375413d808a248972e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
3be5572456ff76c145491b94cbe9945b

SHA1
6f0d665c92b682f36c97426b16aa8a101ae43d6f

SHA256
eb9c0be448f9f55ec7969538b9df7fb748f6bc852047ecf95cdc44757fb320cf

SHA512
d32af81e5311c88585780e6c4f90525a6713f26e4efab9bb0d518db83d57fee27d15a31185d217d73c37e4d991a0a9576bebee3bfb40a1d5a8690b14d5f7ff22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6c41afb4217b7f94ea755288a96b1deb

SHA1
5afb28681ab28c1c44806824a77b177fb4d8913d

SHA256
a4f89fb8345ee63ab6ae7f638c3ff53ceba3ff446e7481bb1da6c6de13cb50b4

SHA512
c36b0db67b9c66e1e6dab927afec9f87f24849d0731c419a33c52251b07522a287ed5ec367a347d6b3c8f9f3ff290032ca31cd1ec28483ebc0d21912b77119fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
eae2015e2e9f1e0d5422401077be94af

SHA1
a661ef2199678e76b31a46faf8f7a7931d129e25

SHA256
8a0686429b3a1f0d5ad17cd8c540398f1d50e79e9bfd1309365184dc398cace6

SHA512
2c0208e24f2e5a83c75c0589625c0c09d14038be467d8dd63512e83fe03238e45b656f47dbca61d478bb2b4cab344dda5e1dab2beb8e4a5dda7dd423272fab96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e957ef100455a39e434e88be53d3dfdb

SHA1
a7a3be815926d04531380dcd5a761bf64dd2d663

SHA256
a67aab6cf00ca8ac98e64e1fca779ec3d4d37153c16fbf45c5ce3c0a1541050c

SHA512
d51aebd76e1db47c8c5f4bcff78f2509e960c3cac54b029e046c4ea895f2b6b361fb56bb4cb0af972723c7202ebf68892b6d6ab525a52d6469c9fbb1e4731946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
148e0f737a4f952bca4065b9d41b28c9

SHA1
9aa956b3b89dfe0d4cb444abecfbe4ab3a6f0778

SHA256
0f9533396b61fedcf73d7e3b39f91631b16ddb62c0de2f105277788bea8d93f0

SHA512
d8e13a1faaa55b2c187889385140dda7410756e4353c5993961fea4e2eef4e893769d3bede37dd49dd2d53944954f237f78e357a4a3567b82a19e8fa1a4427be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
c22c0a4f772d10a627d4518611547a57

SHA1
ff525a53e156b66ed5dd003239257b8c790a7f0b

SHA256
ebf7f05dd188c8ad73c493c028b7fa1129a3980f5188a94e6f0a66983abb0d7e

SHA512
23ff09146e3b991f211aa42272b1a1f586e58e7c9062759beb405ae16ee39aabe781ea0883ef57b692597ae90218450a8da864a58e12a4a3da2686d207d072b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
29KB

MD5
21c8de3de813f933f27959cd480452ba

SHA1
2f8f04bdf0cd52f3f10c73ec4c0673a1aaaeb832

SHA256
22d13d7262496b0b2507ff8ca8a38538b5fed04f19c288074e63a5fcfaae10e7

SHA512
dc0bf35fd279848c5e374ac562e727b1a0e2c5ec5404811afe9c7a8c06c1535ee7e58602ad134a9995cfe22402a7cdc4241803d263c0e4b2c7a67f0d50c4b4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
80KB

MD5
14e39be019da848a73da7658165674cb

SHA1
e016473c4189a8cc3dbff754a48b3e42d68af25a

SHA256
39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd

SHA512
828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
91372a55ec73a0023bac174ea820232d

SHA1
8ecb015faea113cf07ed7f3d6dd3b5b359ab44d6

SHA256
af2ad75f2f823d3d904ac03ed109a40d92f6e42956880036be75800b96a7f98f

SHA512
a2a918564152a041bb5018aacb00cff5ecc8e6e7813e1b19da7364c99fc77ab02693a88839cce4accb5c3cf4550ce4ee6de2518f1fac863701c017658a60f46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58a5ff.TMP

Filesize
3KB

MD5
c2a4afe8c6edacdd981bb919e9fac485

SHA1
3d6af5ebe1d5cc9765ee47cf52f68b88aa176be6

SHA256
46490c9e8b4e62187a61b32d6fb0af2081cfcbfb42cff53fe9fc440d7276e10a

SHA512
e329c4c88c3420a51bc44b69d2e69942e786ae05ad170ed8fc7fe15abd99f7a4cff568120a3eaf64d2c6d3bfd7277772fb3a3dba37db2e7b2489b9062ac3c022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
343B

MD5
22af57cc43e664e5df6319dbceaf7400

SHA1
3642c838807e504670845eef2b6ac3387399b809

SHA256
1c1b9511fa3d1e809fcf0af2adae597096816560ea45ca18e80abf78056f5375

SHA512
18de2106690ab1274fd6dfb9324735c39bedf0dd44119575882b470902546f9efced4855c64a62d469c026f56c0c1920f2d1ae21b964056f4afe507391885879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Filesize
32KB

MD5
3cebdfd893fe8223bcf7f090094f622f

SHA1
1231e00a2c950a1a7e97555ee6cb554ffb2878b3

SHA256
adae90b98ce4b6d5d8ea70176b4f1c5bd2c22c930c434cd5e694337259ff6c44

SHA512
41d15715d26b9ea64df30f44c513e3bf62ad94c3981ea5d69d02a99598223a9e3ddf5567ac530200463feb89b5951c78b6adc0a66c7b0c3cc5afdea66b1a9648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
7f36bcbb163050081cde1e418e6e5fb7

SHA1
d6724c99903d62fc091f31524f7b8425b62cd2ff

SHA256
33c1e379f570e8266131614417ea035e3611489089a2a00889a30cee8a058014

SHA512
d041c9849532284091495f177b2b74dcefba1f709bed6ed1c38d2a735c03b0e0c8f4ca172d93f1dd71325e587839d78fc492bec81cc64f8840935bba61c68609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
cddcb8596fb24e66a07458d7e55fcded

SHA1
6599219bb4d01358e859a8b8c7dbd94020030f92

SHA256
bc31a387fc77e888f7dea9e0a974dcb4a86fa521b2fff6afc8c37218e9c2359a

SHA512
d108f4292576f0fe9510387b2ffbb1a23ef1b1e115bd7b3b33f245831a033f26f1c1898637611141b959871b96f36e65b7a719913548848de4a4d376d778143d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
25155c5d4c90da7584ea06ac9a22c01c

SHA1
efd5017330f8692ba7e2704d27b9fecc0ddca655

SHA256
ba307447b79ce261cdd996f2f3ec8121591bcda5abe70d7b56605e7b2fd3f7de

SHA512
4ffec9eb82c90e92e181e6612d8da7a957b83c673c44b9a7e5c429bca25d834cef49d521668f19aa1850d6ddfdcde5c4f7e5038e037eb04159a166ffc91ddf8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
f441c7e00d0cf37cdba264dcc0c7720e

SHA1
953215fc2a0f08e1e77e73e86e0a27dd035ead1b

SHA256
0cf86356c5a9bbfb68bee6a4b33603ae588599546cb9b2cde2e0087171d7ae77

SHA512
dc5effd920ee42be5c94d6390d4cd42da5efe5b873219a0a2d5300ffea2eab02390984f4748d7ff2019ca28cd6ccaa143596df41220eae072b6a4ba7ec6c3dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7aca1e2358e022e114103757c5452ac5

SHA1
890745abacbfbc7c7fc747e86872371082d6e64f

SHA256
4ba948ff412532af926012daf309dc25f49509eac2e6aeacc3457a11eb4d1377

SHA512
c9fbb9c91cdbe0f429732406403525ccfc733a41afb9eeaf4040d03862f2d34db2e4fc8b65d8b77ccde1ac4dd0e64051e0f81a52be024bd12613f9a8a20ab4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
953d0aeeddd945ad92709cd1fb93b185

SHA1
7b0df3b1d82f95d129e818a71ca91b158b0eba12

SHA256
ed516ab694ebae1966788c2e25437acc16904e83e8622824a898d83c6ce4908f

SHA512
60ac08697a8ee6b550342b0bbf63e98072761589e9f8da419885adeb42f792583fbbc70143aa109fe5949cbcdf03cb5fe7429e9aa37125269f7a8d752cdc0450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
44c07f63576a41fc422a861573f1a599

SHA1
b7538da659424a0e47c4d64d6e49e5c6ef373356

SHA256
2132d0c9ff76d1a2aca3bbe880d73c8a6a071c51a91168833dfaff033d07764f

SHA512
0d6a807c2a8a72f52e47939d38bb15719da1cffda7ac73b96b88e5c1f30c7812d53216a4f6ac9fa12c34f08bff6e71e26ddc1095fba8f0b894bbed2924e80af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
447ace4b6511f58ecbf096c6e8725dee

SHA1
861ed5b9c5498079f3455d02f34b9755c4592d00

SHA256
45f9812ede3abc74719129aec9fc0ba4975fe0c53a551df60b93b4a3df157fcf

SHA512
821e2b0513b615788b3da62dd88a625551766d6269aac6a8a1f9f643cb5c5eca1a2320b137d690cd997db58507f1636ae30ffd2b1f08834dce598716f357e6a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
9522c83467d5ea44288969e9a182cf15

SHA1
3f480ee70cfdc1195cf3b1c67edf6ef9dcb94a62

SHA256
d5bdb81691fc180b4a579a8ccae1c2ab8f3e8f75052856b294b5c7d34f003ff0

SHA512
ad93eb214261a3f28c9c1533a4f9efe831b21807b747cf16edcf99236a2aa273107033479a555b882ef877e216fd14dd3bda50d5b8fd19e759d45ee1cd6c1cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
39b72d5874079bfab007bb5caf91fe95

SHA1
bb523b8420791d995742e6bb038bc679fc943db1

SHA256
1e97ce804c28ce95c2b023064e7a89632a47ff88301057d038fe1bda3f299edd

SHA512
3780f9882f986f2d13575df5743b6a7d9273e148423b0036c9f944d71b864c489e46da38843dfc8b557c01cd373c8ccde56f650b8f7a06431cc3a102b0b518f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
ec525709297887fa30beb36e133977c2

SHA1
205e33578619717cd0dd62ec7105c7e1f3542897

SHA256
d8040faa7c9912f2a8c3e0c4cafe87083e97dab6f53db626d2ba0b64993473a8

SHA512
31b5dfaf2e54dd7d2316513da77b397da1e9a466e6c608388c2171efbdedf03fb576caf1707a30d6c10d4523fb35db65333b585e5d9dfc39fa2e05d7599a399e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
ed445b7e61253d975021e92402ae8015

SHA1
d9bd91396fe9c0d2eb1eb363a79b42074642e554

SHA256
c2a6cfa1edee4dd03d185c15f23cd730054e41ab8c1f287c8c3c5648023d46bd

SHA512
5f33ebc0008c17a83ded67ec03b87d568a4b3974005022e7dcc3477b2a475cadd1c079a94300c1fb296170b84d7d110e5ffc9553917e6ba6593939eb96528da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
5d87e269b2f30aad12e6fa5a3a7b5c40

SHA1
e1ccaa8dfb2c16c8f08abb1c275ff0df7f7fd042

SHA256
55dc4a7e2b9f5176d588c44c4707af8f633fa1278cc97cdee43c197f3293dac5

SHA512
0e8a890e4b8135ca4069c1c0a14cde77e26f37e9b98b3943246f3d109602aad7eb34ce21a7bdd37aad7d57ede256c15469503dc23a902c188dfe168a945c13e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
25KB

MD5
9755a3da0a40ec0e3632a3c33416a027

SHA1
d8177353747a409c4de6213854d14147814a67de

SHA256
1634bb55b390dadbac4cbda4fd7193209e74faf9a3fcd86545cc1f919ae4f40c

SHA512
9b1b56f5a35e6e0c9753319af615df7cfcb56aee74dddf6058972a93c792990c199cb82defa0f3ca3ac86991ea2c95f0e84c5cb2db2b5602fb080867e1cae9c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
e4f1048a481ea15d08c8105e41dda334

SHA1
fe5e6680aeb8ae1b9eea901edc038de7e76806bd

SHA256
ec578174a23839642538060524f6cc4687fc3eab67ce1ec8d58ac6a7457f0157

SHA512
855734034a4941ee36f7dac46eb0bb91ab9c4ae916cde24e08402761778dfd836659bcc9002f58905dc7509445288fe95140df3954fd76079007be6fe1d45164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
14KB

MD5
23a60bab450f334f6c952eda30780619

SHA1
c0e8da9768006c7bac18b3c9532ec3eb54ecd302

SHA256
661db6f9d9df0f011b4c71db224fb22b1d5c93d0f4298c2588af8acdd8d89e31

SHA512
41a7d06c752786f295459e86e2d701d8167e2ed59d8b9a2fceaf79bf8bd2275bc9244f71eb123fef2524c4daa0577404dd80572a6a685630d28399f463923d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log

Filesize
3KB

MD5
8a6099ba27dfb1c83da5780304c00484

SHA1
6dbd37ce47d25e88ae9adbb5377ec5687f27b38a

SHA256
3f4c5e88b903facd88839c597afe08056be1e9ee30280bc162ab400d00f2cb87

SHA512
88f301f1f2939d3079bbbc1a535c9193b321dc2fd705eea070d112875f37b5c1e6530e4f068bf7de66ffbc52a6ac39bae6c6d18eaa1f0afdf308a8c6670f657e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
1b1ec58ffbbccb8f30e3e856967b6b5e

SHA1
08ca18a8fd345777094e84b62f2b15124d999088

SHA256
832490d22ab33968d980d9b02ae0d2442ae6e3a7f06049cae6adaca2d2f87ec0

SHA512
8baa4335019a56533cc4e4f76e46e9877f5534f7cd09b1978d4e6a4e835d4d4a0569c2f8c8e40e47d804b9342ff3230f16929dddf31b44ff3a145bdf676ef628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
43532026a4c67fbb524645b126860cf5

SHA1
a5b652e03f8fb454b2ff14d9aba2c9456dac1540

SHA256
3235dd84090c0f88a7e9070e259ff8ef3373c996b1de270ca798f7437596580e

SHA512
f8daa51b22fab22a68ab75948edb27fbf90f1478a9e7aaec18e9847ae307b055e87a4fb374e954d9aecdc0b94f254c3499990926215df3b36d07617449d31d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
4a1e35765a56a44b0b1289199de1d5c5

SHA1
7666eed1eca0d15fe5f2436a7c96d09535752720

SHA256
2d1bf4b098f87579c1c972eac9d4321fb045a65e41c8c562d58957c238cf3849

SHA512
66bbe2775ac5ac5fa021bc89485d9e2fa0212392085d54f2417097b28b835c1e0461e5589ace5631de10844da6dcb551ff5c2b522582dc3711e7f4356a578d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
d1c6af05fa9ce475a296b0bdb6be19cc

SHA1
d4a6bb70abb1e05abb683c87cd691ae5fce2b53c

SHA256
388eb03d43a588f2f3f4a380fd1007dfb3d4af52adad20dd7e8fd2abfeace5d8

SHA512
cfbf86a180e3e7cc34dc249479f6682091e0359cee7e87ed5401c14c70bb73faec50d6445f990e2a1f930a66a3fdc6d09f3fcf38393e994f6dab9ba4341566dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
5363ba7dc21ba789a787763d6bd79171

SHA1
f628b62c93e4a789a98d3de71d416b11c7aea248

SHA256
41aac287519a4b4947c54895ed8a2893c5e7fbc4f08da88541cedd7474048960

SHA512
7e3b01cee01fdfb9d51ae376015423e61ad3438a3529d6013e5706a3726f0c1718a02daf13f62a74be8144e298c2b81f7280aba745a37dc1d1bc0ed8c8f6c261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
f4b846bade7bda02f531c9637d41a66e

SHA1
bd9de71af76684be54e134539136068e527e466e

SHA256
34290f31ac5d8b4e9cd9a0f2ca5253f30d93f5012ec7a6a1147422bd9816eec9

SHA512
2e8b096f38d5088919a1900b3d3ebc958fb2a268212481da8747538398925221ac8f5914552a62fc78f1cce65953964a0aa4acffbc7b4cd373464d717367a530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
64ef6ff0f39da6f7c710c10fcc4a219a

SHA1
81896bd53a8574f6016a882ae2f38ec60c778c21

SHA256
60179e347ff42ce1e6459732dc8137e20bba88c4736a9ee50422e6e5211a72ef

SHA512
c9d3e42c36617562875501bc27d29207ccedfa3af71a8309f5bc50b510c1f81c42b06f2e46ae7bceb8e835ec824e29cf2d3f2d1126edd92d8d7efeff58582e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
5df91239633b68c51fd0bf2ca3cd3188

SHA1
e7b0b306269d2ece351a4202b5b2c0b4b6be65ed

SHA256
727509533a76e7b95c6640cb33209057c4e83a01b2c9e53c118d043f74243a16

SHA512
0f09bbc6b49f55f900c4f37558d7cf4deb398951b2589dcb84a3b516061fe4c749f49c7cf1bd0da471927639d9180e5e7ac22cbd987496dfd172de634a5576a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
5784f13af090aecb7e2e6a95a124cde3

SHA1
d7f4ef69f4f178f49284c40c6ace18fb3b550814

SHA256
2709ef016ab6386c57bdf286799875c9cc95f1deb0547960433e5256f79b967c

SHA512
e4b89cdd09102ffc07a7dcd2687a2999d61236295ad1e0df0a8a6f497a4e4c2a4fd71eca822ed01903ab6525df4716630d21eb08678a9747b1d28a5b49378648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
695327845cf0bfecf65ee345bf9b5b5a

SHA1
b912357220d71192170b530d66edce0330ad7f69

SHA256
175493f67945a0bda7e3bb13e468ef0090d21e68db52d3991ebe9b09c01679f4

SHA512
f2250bba4893df12882ed3936a4a21e9b7c472391f13ff9ce796acd04c016dc075012d0f154d493e183553c3a4ed41c1f09fc6f9fb7e8fce6f5cbc07170ceb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
05192eed78f58c0944b742d0b544c0a0

SHA1
bc6d591524c9f74de470df68c51640947b448a2a

SHA256
58f9e5827a9f871002da70278954df546f63792741e1b5dccdb9f0dc832aa638

SHA512
2bd325c4de67aaf7eb94c6723097adb70e016a1025cc19bf2d3dbde52c4d544a7827f5bf8a3c6bf6a5846076324d23f53d3ca4e9f12d0eb6ae7312018ff517ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
2ee3b186112fd6a81b371dedab3b56cb

SHA1
a55f9042abd16d13c8525b55588ea7b9f664cfad

SHA256
4540782730658d4a7f29cf4fcd78b343555a5cf506b15aaeb46dc4a40f2cee81

SHA512
eda65ad65b621c6cb5e903872fb9c2cdc452637831e064d7fb320d16c51690925f3623755fcaa382a6874ce1a74e6e3aab6223aa1cb4618449435327ec8fc6b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\65798ba8-d990-458c-85fd-e0016deadebd.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\RFZzY\RFZzY.dll

Filesize
112KB

MD5
2f1a50031dcf5c87d92e8b2491fdcea6

SHA1
71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

SHA256
47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

SHA512
1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.3\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\XWorm V5.3\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.3\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\Desktop\XWorm V5.3\XWorm V5.2.exe

Filesize
13.8MB

MD5
897201dc6254281404ab74aa27790a71

SHA1
9409ddf7e72b7869f4d689c88f9bbc1bc241a56e

SHA256
f41828bd13a3a85fdf7a1d688b21ce33d2015c3c5f46b4d92ab6ea8ea019e03a

SHA512
2673cd7b927ffc22f3a4b4fbfcb1b4f576c416d67168e486e6d79fdd132129c9e244e36d7b7883a4a1ed51e993cc4384bf24f2fa3129584f2bd43fd16042de20

Download Submit
C:\Users\Admin\Desktop\XWorm V5.3\XWorm V5.2.exe.config

Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
memory/3204-186-0x00007FFEA77A0000-0x00007FFEA8262000-memory.dmp

Filesize
10.8MB

Download
memory/3204-178-0x00007FFEA77A0000-0x00007FFEA8262000-memory.dmp

Filesize
10.8MB

Download
memory/3204-170-0x00000254314E0000-0x00000254322BE000-memory.dmp

Filesize
13.9MB

Download
memory/3204-169-0x00007FFEA77A3000-0x00007FFEA77A5000-memory.dmp

Filesize
8KB

Download
memory/3204-185-0x00007FFEA77A3000-0x00007FFEA77A5000-memory.dmp

Filesize
8KB

Download
memory/3204-179-0x000002544D6D0000-0x000002544E2BC000-memory.dmp

Filesize
11.9MB

Download
memory/3204-181-0x000002544EEC0000-0x000002544F0B4000-memory.dmp

Filesize
2.0MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads