File name:

XWorm V5.2.zip

Full analysis: https://app.any.run/tasks/4edda40a-a74b-42ca-b603-6709ef697353
Verdict: Malicious activity
Threats:

XWorm is a remote access trojan (RAT) sold as a malware-as-a-service. It possesses an extensive hacking toolset and is capable of gathering private information and files from the infected computer, hijacking MetaMask and Telegram accounts, and tracking user activity. XWorm is typically delivered to victims' computers through multi-stage attacks that start with phishing emails.

Malware Trends Tracker     >>>
Analysis date: December 27, 2023, 13:56:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
xworm
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

CF5CDCFBFC10272C3DE836925B71D332

SHA1:

CED8D1E851764A9241E1CDB8ADEF02128DF11E4F

SHA256:

8613E5155EBCADABC00E16F23E94A5DFC522911CF15586F5DE7D041EAAE2DD3A

SSDEEP:

98304:pqpLD/airmULKBiZYielMuHrhL0MOdxzc8TYpQsi5/cDSjj1N5CXKEaDZbfp0tvm:p5spg1r7pCXLJeUYVzxGrfyIenw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • XWORM has been detected (YARA)

      • XWormLoader 5.2 x32.exe (PID: 2192)

  • SUSPICIOUS

    • Reads the Internet Settings

      • XWormLoader 5.2 x32.exe (PID: 2192)

  • INFO

    • Manual execution by a user

      • XWormLoader 5.2 x32.exe (PID: 2192)
      • cmd.exe (PID: 3352)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2040)
      • XWormLoader 5.2 x32.exe (PID: 2192)

    • Reads the computer name

      • XWormLoader 5.2 x32.exe (PID: 2192)

    • Creates files in the program directory

      • XWormLoader 5.2 x32.exe (PID: 2192)

    • Reads the machine GUID from the registry

      • XWormLoader 5.2 x32.exe (PID: 2192)

    • Checks supported languages

      • XWormLoader 5.2 x32.exe (PID: 2192)

    • Create files in a temporary directory

      • XWormLoader 5.2 x32.exe (PID: 2192)

    • Application launched itself

      • msedge.exe (PID: 3144)
      • msedge.exe (PID: 2428)
      • msedge.exe (PID: 3292)
      • msedge.exe (PID: 1056)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2023:11:05 21:09:24
ZipCRC: 0x70417008
ZipCompressedSize: 9346844
ZipUncompressedSize: 12782080
ZipFileName: XWorm V5.2.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
77
Monitored processes
33
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs #XWORM xwormloader 5.2 x32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs cmd.exe lodctr.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
908"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1320,i,15890831882801420550,12748445643740408199,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1056"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderToolsC:\Program Files\Microsoft\Edge\Application\msedge.exeXWormLoader 5.2 x32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1528"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6491f598,0x6491f5a8,0x6491f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1588"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3884 --field-trial-handle=1320,i,15890831882801420550,12748445643740408199,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1860"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1288 --field-trial-handle=1320,i,15890831882801420550,12748445643740408199,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2040"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\XWorm V5.2.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2080"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6491f598,0x6491f5a8,0x6491f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2132"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4372 --field-trial-handle=1320,i,15890831882801420550,12748445643740408199,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2192"C:\Users\admin\Desktop\New folder\XWormLoader 5.2 x32.exe" C:\Users\admin\Desktop\New folder\XWormLoader 5.2 x32.exe
explorer.exe
User:
admin
Company:
@ReverseEngineeringLab
Integrity Level:
MEDIUM
Description:
XWormLoader
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\new folder\xwormloader 5.2 x32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2428"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderToolsC:\Program Files\Microsoft\Edge\Application\msedge.exe
XWormLoader 5.2 x32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
4 316
Read events
4 023
Write events
120
Delete events
173

Modification events

(PID) Process:(2040) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2040) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2040) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2040) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2040) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(2040) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2040) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2040) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2040) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2192) XWormLoader 5.2 x32.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
23
Suspicious files
88
Text files
51
Unknown types
1

Dropped files

PID
Process
Filename
Type
2040WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2040.37686\Background.pngimage
MD5:C93EE3ABEFF4AC24936471F80B36EC7A
SHA256:2F691CAFF7E1980CFB069D2608B6470B3A06CDB90467CE47820E8602115A0C5B
2040WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2040.37686\XWorm V5.2.exe.configxml
MD5:66F09A3993DCAE94ACFE39D45B553F58
SHA256:7EA08548C23BD7FD7C75CA720AC5A0E8CA94CB51D06CD45EBF5F412E4BBDD7D7
2040WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2040.37686\FastColoredTextBox.dllexecutable
MD5:B746707265772B362C0BA18D8D630061
SHA256:3701B19CCDAC79B880B197756A972027E2AC609EBED36753BD989367EA4EF519
2040WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2040.37686\XWormLoader 5.2 x32.exe.configxml
MD5:15C8C4BA1AA574C0C00FD45BB9CCE1AB
SHA256:F82338E8E9C746B5D95CD2CCC7BF94DD5DE2B9B8982FFFDDF2118E475DE50E15
2040WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2040.37686\Guna.UI2.dllexecutable
MD5:BCC0FE2B28EDD2DA651388F84599059B
SHA256:C6264665A882E73EB2262A74FEA2C29B1921A9AF33180126325FB67A851310EF
2040WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2040.37686\Fixer.battext
MD5:2DABC46CE85AAFF29F22CD74EC074F86
SHA256:A11703FD47D16020FA099A95BB4E46247D32CF8821DC1826E77A971CDD3C4C55
2040WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2040.37686\XWormLoader 5.2 x64.exeexecutable
MD5:E6A20535B636D6402164A8E2D871EF6D
SHA256:B461C985B53DE4F6921D83925B3C2A62DE3BBC5B8F9C02EECD27926F0197FAE2
2040WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2040.37686\MonoMod.Core.dllexecutable
MD5:B808181453B17F3FC1AB153BF11BE197
SHA256:DA00CDFAB411F8F535F17258981EC51D1AF9B0BFCEE3A360CBD0CB6F692DBCDD
2040WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2040.37686\GeoIP.datbinary
MD5:8EF41798DF108CE9BD41382C9721B1C9
SHA256:BC07FF22D4EE0B6FAFCC12482ECF2981C172A672194C647CEDF9B4D215AD9740
2040WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2040.37686\GMap.NET.Core.dllexecutable
MD5:819352EA9E832D24FC4CEBB2757A462B
SHA256:58C755FCFC65CDDEA561023D736E8991F0AD69DA5E1378DEA59E98C5DB901B86
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
26
DNS requests
23
Threats
1

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
828
svchost.exe
239.255.255.250:3702
whitelisted
1264
svchost.exe
239.255.255.250:1900
whitelisted
2428
msedge.exe
239.255.255.250:1900
whitelisted
2792
msedge.exe
149.154.167.99:443
t.me
Telegram Messenger Inc
GB
unknown
2792
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2792
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2792
msedge.exe
51.104.176.40:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
t.me
  • 149.154.167.99
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
nav-edge.smartscreen.microsoft.com
  • 51.104.176.40
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
telegram.org
  • 149.154.167.99
whitelisted
cdn4.cdn-telegram.org
  • 34.111.35.152
unknown
www.bing.com
  • 104.126.37.184
  • 104.126.37.170
  • 104.126.37.131
  • 104.126.37.186
  • 104.126.37.185
  • 104.126.37.176
  • 104.126.37.171
  • 104.126.37.178
  • 104.126.37.129
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 152.199.21.175
whitelisted
self.events.data.microsoft.com
  • 20.42.73.28
whitelisted

Threats

PID
Process
Class
Message
2792
msedge.exe
Misc activity
ET INFO Observed Telegram Domain (t .me in TLS SNI)
Process
Message
msedge.exe
[1227/135654.230:ERROR:exception_handler_server.cc(527)] ConnectNamedPipe: The pipe is being closed. (0xE8)
msedge.exe
[1227/135657.374:ERROR:exception_handler_server.cc(527)] ConnectNamedPipe: The pipe is being closed. (0xE8)
msedge.exe
[1227/135701.436:ERROR:exception_handler_server.cc(527)] ConnectNamedPipe: The pipe is being closed. (0xE8)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
XWorm V5.2.zip