xworm | 2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

Analysis

max time kernel
127s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
07/02/2023, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-RAT-V2.1-builder.exe
Size

2.6MB
MD5

026ed3d2d6ae234fa25c06f4e4a82f28
SHA1

a90c6b359468d66e3b51628e7bc8a2b2b34e75e0
SHA256

2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a
SHA512

97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674
SSDEEP

49152:QI5goCONGLDYGbixsnNMJlHazd4wMpzAnhO8IksDJzlmXbOr/L6qYXt1:QAfG/RDeJlVzAnQX4bJp

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

distance-key.at.ply.gg:14483

Mutex

RES3YGCrrtkjJua8

Attributes

install_file
USB.exe

aes.plain

Signatures

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	XWorm-RAT-V2.1-builder.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XWorm.exe	XWorm.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XWorm.exe	XWorm.exe

Executes dropped EXE 64 IoCs

pid	Process
4128	XWorm.exe
384	XWorm-RAT-V2.1-builder.exe
2248	XWorm.exe
2928	XWorm-RAT-V2.1-builder.exe
3808	XWorm.exe
1528	XWorm-RAT-V2.1-builder.exe
3988	XWorm.exe
3360	XWorm-RAT-V2.1-builder.exe
4432	XWorm.exe
2812	XWorm-RAT-V2.1-builder.exe
4680	XWorm.exe
3992	XWorm-RAT-V2.1-builder.exe
3380	XWorm-RAT-V2.1-builder.exe
3640	XWorm-RAT-V2.1-builder.exe
880	XWorm.exe
4552	XWorm-RAT-V2.1-builder.exe
540	XWorm.exe
4236	XWorm-RAT-V2.1-builder.exe
4696	XWorm.exe
4404	XWorm-RAT-V2.1-builder.exe
3500	XWorm.exe
2296	XWorm-RAT-V2.1-builder.exe
4584	XWorm.exe
5072	XWorm-RAT-V2.1-builder.exe
1620	XWorm.exe
3440	XWorm-RAT-V2.1-builder.exe
4996	XWorm-RAT-V2.1-builder.exe
4444	XWorm-RAT-V2.1-builder.exe
3252	XWorm.exe
4932	XWorm-RAT-V2.1-builder.exe
4408	XWorm.exe
4260	XWorm-RAT-V2.1-builder.exe
2216	XWorm.exe
3360	XWorm-RAT-V2.1-builder.exe
1136	XWorm.exe
1856	XWorm-RAT-V2.1-builder.exe
2880	XWorm.exe
2832	XWorm-RAT-V2.1-builder.exe
4140	XWorm.exe
4600	XWorm-RAT-V2.1-builder.exe
4336	XWorm.exe
2188	XWorm.exe
3544	XWorm.exe
4292	XWorm-RAT-V2.1-builder.exe
936	XWorm.exe
1140	XWorm-RAT-V2.1-builder.exe
780	XWorm.exe
2024	XWorm-RAT-V2.1-builder.exe
2700	XWorm.exe
1620	XWorm.exe
3464	XWorm.exe
4240	XWorm-RAT-V2.1-builder.exe
3808	XWorm.exe
2740	XWorm-RAT-V2.1-builder.exe
2244	XWorm.exe
1692	XWorm-RAT-V2.1-builder.exe
3752	XWorm.exe
4996	XWorm.exe
1148	XWorm-RAT-V2.1-builder.exe
4628	XWorm-RAT-V2.1-builder.exe
1904	XWorm.exe
4620	XWorm-RAT-V2.1-builder.exe
1260	XWorm-RAT-V2.1-builder.exe
764	XWorm-RAT-V2.1-builder.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XWorm = "C:\\Users\\Admin\\AppData\\Roaming\\XWorm.exe"	XWorm.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
8	ip-api.com
68	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
3140	schtasks.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeDebugPrivilege	4128	XWorm.exe
Token: SeDebugPrivilege	3988	XWorm.exe
Token: SeDebugPrivilege	4680	XWorm.exe
Token: SeDebugPrivilege	3380	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	540	XWorm.exe
Token: SeDebugPrivilege	3500	XWorm.exe
Token: SeDebugPrivilege	4996	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	2216	XWorm.exe
Token: SeDebugPrivilege	4140	XWorm.exe
Token: SeDebugPrivilege	3544	XWorm.exe
Token: SeDebugPrivilege	780	XWorm.exe
Token: SeDebugPrivilege	2244	XWorm.exe
Token: SeDebugPrivilege	5064	XWorm.exe
Token: SeDebugPrivilege	2688	XWorm.exe
Token: SeDebugPrivilege	4440	XWorm.exe
Token: SeDebugPrivilege	3200	XWorm.exe
Token: SeDebugPrivilege	1620	XWorm.exe
Token: SeDebugPrivilege	2928	XWorm.exe
Token: SeDebugPrivilege	2016	XWorm.exe
Token: SeDebugPrivilege	3988	XWorm.exe
Token: SeDebugPrivilege	2084	XWorm.exe
Token: SeDebugPrivilege	1224	XWorm.exe
Token: SeDebugPrivilege	4424	XWorm.exe
Token: SeDebugPrivilege	3464	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	2360	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	5032	XWorm.exe
Token: SeDebugPrivilege	2188	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	3456	XWorm.exe
Token: SeDebugPrivilege	4236	XWorm.exe
Token: SeDebugPrivilege	4208	XWorm.exe
Token: SeDebugPrivilege	4704	XWorm.exe
Token: SeDebugPrivilege	4156	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	2092	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	4444	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	3172	XWorm.exe
Token: SeDebugPrivilege	4364	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	2916	XWorm.exe
Token: SeDebugPrivilege	4536	XWorm.exe
Token: SeDebugPrivilege	3068	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	944	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	4020	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	1280	XWorm.exe
Token: SeDebugPrivilege	756	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	4404	XWorm.exe
Token: SeDebugPrivilege	4048	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	1680	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	4176	XWorm.exe
Token: SeDebugPrivilege	2960	XWorm.exe
Token: SeDebugPrivilege	4788	XWorm.exe
Token: SeDebugPrivilege	1760	XWorm.exe
Token: SeDebugPrivilege	3456	XWorm.exe
Token: SeDebugPrivilege	4588	XWorm.exe
Token: SeDebugPrivilege	4256	XWorm.exe
Token: SeDebugPrivilege	1996	XWorm-RAT-V2.1-builder.exe
Token: SeDebugPrivilege	220	XWorm.exe
Token: SeDebugPrivilege	2028	XWorm.exe
Token: SeDebugPrivilege	2132	XWorm.exe
Token: SeDebugPrivilege	4868	XWorm.exe
Token: SeDebugPrivilege	1396	XWorm.exe
Token: SeDebugPrivilege	4284	XWorm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 4128	4644	XWorm-RAT-V2.1-builder.exe	82
PID 4644 wrote to memory of 4128	4644	XWorm-RAT-V2.1-builder.exe	82
PID 4644 wrote to memory of 384	4644	XWorm-RAT-V2.1-builder.exe	83
PID 4644 wrote to memory of 384	4644	XWorm-RAT-V2.1-builder.exe	83
PID 4644 wrote to memory of 384	4644	XWorm-RAT-V2.1-builder.exe	83
PID 384 wrote to memory of 2248	384	XWorm-RAT-V2.1-builder.exe	84
PID 384 wrote to memory of 2248	384	XWorm-RAT-V2.1-builder.exe	84
PID 384 wrote to memory of 2928	384	XWorm-RAT-V2.1-builder.exe	85
PID 384 wrote to memory of 2928	384	XWorm-RAT-V2.1-builder.exe	85
PID 384 wrote to memory of 2928	384	XWorm-RAT-V2.1-builder.exe	85
PID 2928 wrote to memory of 3808	2928	XWorm-RAT-V2.1-builder.exe	86
PID 2928 wrote to memory of 3808	2928	XWorm-RAT-V2.1-builder.exe	86
PID 2928 wrote to memory of 1528	2928	XWorm-RAT-V2.1-builder.exe	87
PID 2928 wrote to memory of 1528	2928	XWorm-RAT-V2.1-builder.exe	87
PID 2928 wrote to memory of 1528	2928	XWorm-RAT-V2.1-builder.exe	87
PID 1528 wrote to memory of 3988	1528	XWorm-RAT-V2.1-builder.exe	88
PID 1528 wrote to memory of 3988	1528	XWorm-RAT-V2.1-builder.exe	88
PID 1528 wrote to memory of 3360	1528	XWorm-RAT-V2.1-builder.exe	120
PID 1528 wrote to memory of 3360	1528	XWorm-RAT-V2.1-builder.exe	120
PID 1528 wrote to memory of 3360	1528	XWorm-RAT-V2.1-builder.exe	120
PID 3360 wrote to memory of 4432	3360	XWorm-RAT-V2.1-builder.exe	90
PID 3360 wrote to memory of 4432	3360	XWorm-RAT-V2.1-builder.exe	90
PID 3360 wrote to memory of 2812	3360	XWorm-RAT-V2.1-builder.exe	91
PID 3360 wrote to memory of 2812	3360	XWorm-RAT-V2.1-builder.exe	91
PID 3360 wrote to memory of 2812	3360	XWorm-RAT-V2.1-builder.exe	91
PID 2812 wrote to memory of 4680	2812	XWorm-RAT-V2.1-builder.exe	92
PID 2812 wrote to memory of 4680	2812	XWorm-RAT-V2.1-builder.exe	92
PID 2812 wrote to memory of 3992	2812	XWorm-RAT-V2.1-builder.exe	93
PID 2812 wrote to memory of 3992	2812	XWorm-RAT-V2.1-builder.exe	93
PID 2812 wrote to memory of 3992	2812	XWorm-RAT-V2.1-builder.exe	93
PID 3992 wrote to memory of 3380	3992	XWorm-RAT-V2.1-builder.exe	164
PID 3992 wrote to memory of 3380	3992	XWorm-RAT-V2.1-builder.exe	164
PID 3992 wrote to memory of 3640	3992	XWorm-RAT-V2.1-builder.exe	95
PID 3992 wrote to memory of 3640	3992	XWorm-RAT-V2.1-builder.exe	95
PID 3992 wrote to memory of 3640	3992	XWorm-RAT-V2.1-builder.exe	95
PID 3640 wrote to memory of 880	3640	XWorm-RAT-V2.1-builder.exe	96
PID 3640 wrote to memory of 880	3640	XWorm-RAT-V2.1-builder.exe	96
PID 3640 wrote to memory of 4552	3640	XWorm-RAT-V2.1-builder.exe	97
PID 3640 wrote to memory of 4552	3640	XWorm-RAT-V2.1-builder.exe	97
PID 3640 wrote to memory of 4552	3640	XWorm-RAT-V2.1-builder.exe	97
PID 4552 wrote to memory of 540	4552	XWorm-RAT-V2.1-builder.exe	98
PID 4552 wrote to memory of 540	4552	XWorm-RAT-V2.1-builder.exe	98
PID 4552 wrote to memory of 4236	4552	XWorm-RAT-V2.1-builder.exe	99
PID 4552 wrote to memory of 4236	4552	XWorm-RAT-V2.1-builder.exe	99
PID 4552 wrote to memory of 4236	4552	XWorm-RAT-V2.1-builder.exe	99
PID 4236 wrote to memory of 4696	4236	XWorm-RAT-V2.1-builder.exe	100
PID 4236 wrote to memory of 4696	4236	XWorm-RAT-V2.1-builder.exe	100
PID 4236 wrote to memory of 4404	4236	XWorm-RAT-V2.1-builder.exe	101
PID 4236 wrote to memory of 4404	4236	XWorm-RAT-V2.1-builder.exe	101
PID 4236 wrote to memory of 4404	4236	XWorm-RAT-V2.1-builder.exe	101
PID 4404 wrote to memory of 3500	4404	XWorm-RAT-V2.1-builder.exe	104
PID 4404 wrote to memory of 3500	4404	XWorm-RAT-V2.1-builder.exe	104
PID 4404 wrote to memory of 2296	4404	XWorm-RAT-V2.1-builder.exe	105
PID 4404 wrote to memory of 2296	4404	XWorm-RAT-V2.1-builder.exe	105
PID 4404 wrote to memory of 2296	4404	XWorm-RAT-V2.1-builder.exe	105
PID 2296 wrote to memory of 4584	2296	XWorm-RAT-V2.1-builder.exe	106
PID 2296 wrote to memory of 4584	2296	XWorm-RAT-V2.1-builder.exe	106
PID 2296 wrote to memory of 5072	2296	XWorm-RAT-V2.1-builder.exe	196
PID 2296 wrote to memory of 5072	2296	XWorm-RAT-V2.1-builder.exe	196
PID 2296 wrote to memory of 5072	2296	XWorm-RAT-V2.1-builder.exe	196
PID 5072 wrote to memory of 1620	5072	XWorm-RAT-V2.1-builder.exe	167
PID 5072 wrote to memory of 1620	5072	XWorm-RAT-V2.1-builder.exe	167
PID 5072 wrote to memory of 3440	5072	XWorm-RAT-V2.1-builder.exe	110
PID 5072 wrote to memory of 3440	5072	XWorm-RAT-V2.1-builder.exe	110

C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Users\Admin\AppData\Local\Temp\XWorm.exe
  "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4128
- C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
  "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:384
- - C:\Users\Admin\AppData\Local\Temp\XWorm.exe
    "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
    3⤵
    - Executes dropped EXE
    PID:2248
- - C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
    "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\XWorm.exe
      "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
      4⤵
      Executes dropped EXE
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
      "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        5⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        6⤵
        Executes dropped EXE
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        9⤵
        Executes dropped EXE
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        11⤵
        Executes dropped EXE
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        13⤵
        Executes dropped EXE
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        13⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        14⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        14⤵
        Executes dropped EXE
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        15⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        15⤵
        Executes dropped EXE
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        16⤵
        Executes dropped EXE
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        16⤵
        Executes dropped EXE
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        17⤵
        Executes dropped EXE
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        17⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        19⤵
        Executes dropped EXE
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        19⤵
        Executes dropped EXE
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        20⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        21⤵
        Executes dropped EXE
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        22⤵
        Executes dropped EXE
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        22⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        23⤵
        Executes dropped EXE
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        24⤵
        Executes dropped EXE
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        24⤵
        Executes dropped EXE
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        25⤵
        Executes dropped EXE
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        26⤵
        Executes dropped EXE
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        26⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        27⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        27⤵
        Executes dropped EXE
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        28⤵
        Executes dropped EXE
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        28⤵
        Executes dropped EXE
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        29⤵
        Executes dropped EXE
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        31⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        31⤵
        Executes dropped EXE
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        32⤵
        Executes dropped EXE
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        32⤵
        Executes dropped EXE
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        30⤵
        Executes dropped EXE
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        20⤵
        Executes dropped EXE
        
        PID:2880

C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
1⤵
PID:764
- C:\Users\Admin\AppData\Local\Temp\XWorm.exe
  "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
  2⤵
  PID:1216
- C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
  "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
  2⤵
  - Executes dropped EXE
  PID:2832
- - C:\Users\Admin\AppData\Local\Temp\XWorm.exe
    "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5064
- - C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
    "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
    3⤵
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\XWorm.exe
      "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
      "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
      4⤵
      Checks computer location settings
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        6⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        10⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        11⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        11⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        12⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        12⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        13⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        13⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        14⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        14⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        15⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        15⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        16⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        16⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        17⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        17⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        18⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        18⤵
        Checks computer location settings
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        19⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        19⤵
        Checks computer location settings
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        20⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        20⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        21⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        21⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        22⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        22⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        23⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        24⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        24⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        25⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        25⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        26⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        26⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        27⤵
        Executes dropped EXE
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        27⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        28⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        28⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        29⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        29⤵
        Checks computer location settings
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        30⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        30⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        31⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        31⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        32⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        33⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        33⤵
        Checks computer location settings
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        34⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        34⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        35⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        35⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        36⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        36⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        37⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        37⤵
        Checks computer location settings
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        38⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        38⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        39⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        39⤵
        Checks computer location settings
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        40⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        40⤵
        Checks computer location settings
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        41⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        41⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        42⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        42⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        43⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        43⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        44⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        44⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        45⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        45⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        46⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        46⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        47⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        47⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        48⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        48⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        49⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        49⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        50⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        50⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        51⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        51⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        52⤵
        Executes dropped EXE
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        52⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        53⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        53⤵
        Executes dropped EXE
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        54⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        54⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        55⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        55⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        56⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        56⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        57⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        57⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        58⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        58⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        59⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        59⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        60⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        60⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        61⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        61⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        62⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        62⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        63⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        64⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        64⤵
        Executes dropped EXE
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        65⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        65⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        66⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        66⤵
        Checks computer location settings
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        67⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        67⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        68⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        68⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        69⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        69⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        70⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        70⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        71⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        71⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        72⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        72⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        73⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        73⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        74⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        74⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        75⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        75⤵
        Checks computer location settings
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        76⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        76⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        77⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        77⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        78⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        78⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        79⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        79⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        80⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        80⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        81⤵
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        81⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        82⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        82⤵
        Checks computer location settings
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        83⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        83⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        84⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        84⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        85⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        85⤵
        Checks computer location settings
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        86⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        86⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        87⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        87⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        88⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        88⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        89⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        89⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        90⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        90⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        91⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        91⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        92⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        92⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        93⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        93⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        94⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        94⤵
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        95⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        95⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        96⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        96⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        97⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        97⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        98⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        98⤵
        Checks computer location settings
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        99⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        99⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        100⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        100⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        101⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        101⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        102⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        102⤵
        Checks computer location settings
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        103⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        103⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        104⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        104⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        105⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        105⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        106⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        106⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        107⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        107⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        108⤵
        Drops startup file
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:4284
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 1 /tn "XWorm" /tr "C:\Users\Admin\AppData\Roaming\XWorm.exe"
        109⤵
        Creates scheduled task(s)
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        108⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        109⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        109⤵
        Checks computer location settings
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        110⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        110⤵
        Checks computer location settings
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        111⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        111⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        112⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        112⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        113⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        113⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        114⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        114⤵
        Checks computer location settings
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        115⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        115⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        116⤵
        Checks computer location settings
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        116⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        117⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        117⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        118⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        118⤵
        Checks computer location settings
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        119⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        119⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        120⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        120⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        121⤵
        Checks computer location settings
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        121⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        122⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        122⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        123⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        123⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        124⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        124⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        125⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        125⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        126⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        126⤵
        Checks computer location settings
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        127⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        127⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        128⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        128⤵
        Checks computer location settings
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        129⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        129⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        130⤵
        Checks computer location settings
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        130⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        131⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        131⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        132⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        132⤵
        Checks computer location settings
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        133⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        133⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        134⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        134⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        135⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        135⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        136⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        136⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        137⤵
        Checks computer location settings
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        137⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        138⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        138⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        139⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        139⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        140⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        140⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        141⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        141⤵
        Checks computer location settings
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        142⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        142⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        143⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        143⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        144⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        144⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        145⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        145⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        146⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        146⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        147⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        147⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        148⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        148⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        149⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        149⤵
        Checks computer location settings
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        150⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        150⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        151⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        151⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        152⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        152⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        153⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        153⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        154⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        154⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        155⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        155⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        156⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        156⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        157⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        157⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        158⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        158⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        159⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        159⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        160⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        160⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        161⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        161⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        162⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        162⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        163⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        163⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        164⤵
        Checks computer location settings
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        164⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        165⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        165⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        166⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        166⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        167⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        167⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        168⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        168⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        169⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        169⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        170⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        170⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        171⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        171⤵
        Checks computer location settings
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        172⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        172⤵
        Checks computer location settings
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        173⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        173⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        174⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        174⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        175⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        175⤵
        Checks computer location settings
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        176⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        176⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        177⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        177⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        178⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        178⤵
        Checks computer location settings
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        179⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        179⤵
        Checks computer location settings
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        180⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        180⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        181⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        181⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        182⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        182⤵
        Checks computer location settings
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        183⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        183⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        184⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        184⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        185⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        185⤵
        Checks computer location settings
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        186⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        186⤵
        Checks computer location settings
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        187⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        187⤵
        Checks computer location settings
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        188⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        188⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        189⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        189⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        190⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        190⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        191⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        191⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        192⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        192⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        193⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        193⤵
        Checks computer location settings
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        194⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        194⤵
        Checks computer location settings
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        195⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        195⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        196⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        196⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        197⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        197⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        198⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        198⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        199⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        199⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        200⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        200⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        201⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        201⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        202⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        202⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        203⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        203⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        204⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        204⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        205⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        205⤵
        Checks computer location settings
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        206⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        206⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        207⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        207⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        208⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        208⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        209⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        209⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        210⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        210⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        211⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        211⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        212⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        212⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        213⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        213⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        214⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        214⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        215⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        215⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        216⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        216⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        217⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        217⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        218⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        218⤵
        Checks computer location settings
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        219⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        219⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        220⤵
        Checks computer location settings
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        220⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        221⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        221⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        222⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        222⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        223⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        223⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        224⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        224⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        225⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        225⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        226⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        226⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        227⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        227⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        228⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        228⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        229⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        229⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        230⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        230⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        231⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        232⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        232⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        233⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        233⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        234⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        234⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        235⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        235⤵
        Checks computer location settings
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        236⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        236⤵
        Checks computer location settings
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        237⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        237⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        238⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        238⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        239⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        239⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        240⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        240⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        241⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        241⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        242⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        242⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        243⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        243⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        244⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        244⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        245⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        245⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        246⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        246⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        247⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        247⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        248⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        248⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        249⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        249⤵
        Checks computer location settings
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        250⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        250⤵
        Checks computer location settings
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        251⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        251⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        252⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        252⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        253⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        253⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        254⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        254⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        255⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        255⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        256⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        256⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        257⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        257⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        258⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        258⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        259⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        259⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        260⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        260⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        261⤵
        Checks computer location settings
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        261⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        262⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        262⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        263⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        263⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        264⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        264⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        265⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        265⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        266⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        266⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        267⤵
        Checks computer location settings
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        267⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        268⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        268⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        269⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        269⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        270⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        270⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        271⤵
        Checks computer location settings
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        271⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        272⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        272⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        273⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        273⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        274⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        274⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        275⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        275⤵
        Checks computer location settings
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        276⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        276⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        277⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        277⤵
        Checks computer location settings
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        278⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        278⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        279⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        279⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        280⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        280⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        281⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        281⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        282⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        282⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        283⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        283⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        284⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        284⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        285⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        285⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        286⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        286⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        287⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        287⤵
        Checks computer location settings
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        288⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        288⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        289⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        289⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        290⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        290⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        291⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        291⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        292⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        292⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        293⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        293⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        294⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        294⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        295⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        295⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        296⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        296⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        297⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        297⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        298⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        298⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        299⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        299⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        300⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        300⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        301⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        301⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        302⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        302⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        303⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        303⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        304⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        304⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        305⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        305⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        306⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        306⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        307⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        307⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        308⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        309⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        309⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        310⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        310⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        311⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        311⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        312⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        312⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        313⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        313⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        314⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        314⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        315⤵
        Checks computer location settings
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        315⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        316⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        316⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        317⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        317⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        318⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        318⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        319⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        319⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        320⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        320⤵
        
        PID:100
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        321⤵
        Checks computer location settings
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        321⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        322⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        322⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        323⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        323⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        324⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        324⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        325⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        325⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        326⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        326⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        327⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        327⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        328⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        328⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        329⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        329⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        330⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        330⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        331⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        331⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        332⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        332⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        333⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        333⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        334⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        334⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        335⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        335⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        336⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        336⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        337⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        337⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        338⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        338⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        339⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        339⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        340⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        340⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        341⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        341⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        342⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        342⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        343⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        343⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        344⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        344⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        345⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        345⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        346⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        346⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        347⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        347⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        348⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        348⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        349⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        349⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        350⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        350⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        351⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        351⤵
        Checks computer location settings
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        352⤵
        Checks computer location settings
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        352⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        353⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        353⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        354⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        354⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        355⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        355⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        356⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        356⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        357⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        357⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        358⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        358⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        359⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        359⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        360⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        360⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        361⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        361⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        362⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        362⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        363⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        363⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        364⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        364⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        365⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        365⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        366⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        366⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        367⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        367⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        368⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        368⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        369⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        369⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        370⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        370⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        371⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        371⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        372⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        372⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        373⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        373⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        374⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        374⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        375⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        375⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        376⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        376⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        377⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe"
        377⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        308⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        231⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        63⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\XWorm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
        32⤵
        
        PID:3388

C:\Users\Admin\AppData\Local\Temp\XWorm.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
1⤵
PID:1260

C:\Users\Admin\AppData\Roaming\XWorm.exe
C:\Users\Admin\AppData\Roaming\XWorm.exe
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWorm.exe.log

Filesize
1KB

MD5
a8a147915e3a996fdbe10b3a3f1e1bb2

SHA1
abc564c1be468d57e700913e7b6cf8f62d421263

SHA256
8b96a8557deea66696837af011843d6a82451ba57c8f9b5a2726a70818d6fc7e

SHA512
17b42f17ef60a9f625703172763f692e5ed2ca93564a97853dfa72bb0ac6305ef3267aea0b205938e3aa8eac10156d9d4f322b30d0329d92d647bcec6372731c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm-RAT-V2.1-builder.exe

Filesize
2.6MB

MD5
026ed3d2d6ae234fa25c06f4e4a82f28

SHA1
a90c6b359468d66e3b51628e7bc8a2b2b34e75e0

SHA256
2bed3c930293ef05d2211aa5987a06c26d0fe5289ae529b1fc1cab7787f5648a

SHA512
97e8b6786bf29e3c06dd98c0654660607ecb983d9e00f0d280de0fffdf2d51457e767e6b1b8fc5c0db7562459a41fedeb4b33a1aee7c96838b5644db5aaa8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
45KB

MD5
d5d8ea28683070dc1cd5deda0a2bb7db

SHA1
f56def9189fa6ad7fc50b5a9934bcfc4a8672537

SHA256
b41a0c9329ea8769797bdcc9baf3b2b6369c702da6267eae7d697930e964f0e1

SHA512
aa295d7abd864ea3028d7b0f0dba8305fc5676ed0a29748682b9b56c124d4e9608e60974dc7fe4f8a1d4991512694c782d177806bbc11f0fcacaaf8185f20f1c

Download Submit
memory/540-195-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/540-187-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/780-274-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/780-304-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/880-180-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/880-177-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/936-265-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/936-267-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1136-240-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1136-238-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1148-314-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1148-318-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1216-316-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1216-321-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1260-315-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1260-320-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1620-215-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1620-211-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1904-312-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/1904-319-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/2216-247-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/2216-228-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/2244-292-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/2244-322-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/2248-148-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/2700-293-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/2700-277-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/2880-239-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/2880-241-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3252-311-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3252-221-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3380-184-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3380-178-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3464-290-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3464-295-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3500-196-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3500-205-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3544-276-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3544-260-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3752-317-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3752-313-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3808-154-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3808-152-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3808-291-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3808-299-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3988-166-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/3988-157-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4128-156-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4128-142-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4128-135-0x0000000000F50000-0x0000000000F62000-memory.dmp

Filesize
72KB

Download
memory/4140-245-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4140-263-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4196-323-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4336-252-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4336-257-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4408-222-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4432-227-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4432-161-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4680-172-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4680-167-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4696-258-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4696-190-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4996-209-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download
memory/4996-231-0x00007FF84FDF0000-0x00007FF8508B1000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads