agenttesla | bf6ad1760dc3f1659cff14199873f3e01cadb5ca5c7f18dafda2fbd21772e1d2

Analysis

max time kernel
314s
max time network
387s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Desktop.7z
Size

60.8MB
MD5

6a2343b4aaad49e4c8d89e48c70d9946
SHA1

e4cef18359a97a4f11beaa83fb86b4f5b8de9266
SHA256

bf6ad1760dc3f1659cff14199873f3e01cadb5ca5c7f18dafda2fbd21772e1d2
SHA512

5df6ba3e488c2e00746928d8a825653ae8418f0a484f22fd6aa3fcb9ea9980415c27dbc615a83d85a0b11fe64ad1977750a6cd21006535f089d2567c6a85c682
SSDEEP

1572864:PSJss94cgFhuxzGFPSqMFhstNWl+eZSmd7fiqcXhU:Pa3TIBF8zl+i3if2

Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\XWorm V5.3 Optimized Bin\Guna.UI2.dll	family_agenttesla
behavioral1/memory/2140-369-0x000000001DBA0000-0x000000001DD94000-memory.dmp	family_agenttesla

Executes dropped EXE 2 IoCs

Processes:

XWorm V5.3.exeXWormLoader 5.2 x64.exe

pid process

2140 XWorm V5.3.exe
2092 XWormLoader 5.2 x64.exe
Loads dropped DLL 27 IoCs

Processes:

XWorm V5.3.exe

pid process

1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
2140 XWorm V5.3.exe
1208
1208
1208
1208
1208
1208
1208
1208
388
1208

pid	process
2140	XWorm V5.3.exe
2092	XWormLoader 5.2 x64.exe

pid	process
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
1208
2140	XWorm V5.3.exe
1208
1208
1208
1208
1208
1208
1208
1208
388
1208

Obfuscated with Agile.Net obfuscator 3 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\XWorm V5.3 Optimized Bin\XWorm V5.3.exe	agile_net
C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\XWorm V5.3 Optimized Bin\XWorm V5.3.exe	agile_net
behavioral1/memory/2140-358-0x00000000011B0000-0x0000000001F8E000-memory.dmp	agile_net

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

XWorm V5.3.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWorm V5.3.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWorm V5.3.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWorm V5.3.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D4DFF321-C0CC-11EE-8F35-76D8C56D161B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c1930000000000200000000001066000000010000200000007369b495a4eb6f0ce092d46758689d570aa8053500fd967cbedf2c6ce5525a3c000000000e8000000002000020000000f57a9a24315311f50f9c3dbc167137f1cb38b9fc1e5aa89c417683409bdcafd52000000032f15be2e7f48d54fda4fa4daf7ff6b5a00a123f5abdf20ce42782d8065be4744000000018c85b3ea64774f5977a84d26a23b5636bef826f41f3cea1f322cb1af87cdeb0722808ef140672d0dea32c55ceae673bcee68ffd2c5356178f5c9e6d8ad5f31f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0d3029fd954da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000f8b1beebabadd575babb13abe1b98191aa26a1f50e333d7dac186583ec18c8c6000000000e8000000002000020000000420483adf8171faeef48b63bf6c5f701da4ee000ed35f76ac81159646c71091190000000e02119b067a810866bd6d19043ac745d43b72d57b6fb2cff4bb583f368792814ac51f6a08f1b0a7ab45abef090d37fb5651189ff35d866639746b1881a0ca877e1850499f64c72b5e0ce491ef89beb59309fcec89b9fbe19eade028ec59be48ec77a16b1ca5318c5d0ca5d2583554f587aa97ab723f57ea0f7a867d3c7e0fb061db7b4dd2f68ae2abff7384e2d3d0af4400000009d1fd6f6770d1e57828b3178765d48fcb115f9fa505e9b97491208396f62d8b52ca3b40321970e7f7bd566d91ae946dfbab2bcfed11fc3a3bc093b985889d272	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1516 chrome.exe
1516 chrome.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

Processes:

7zFM.exe7zG.exe7zG.exeXWorm V5.3.exechrome.exe

description	pid	process
Token: SeRestorePrivilege	2724	7zFM.exe
Token: 35	2724	7zFM.exe
Token: SeSecurityPrivilege	2724	7zFM.exe
Token: SeRestorePrivilege	268	7zG.exe
Token: 35	268	7zG.exe
Token: SeSecurityPrivilege	268	7zG.exe
Token: SeSecurityPrivilege	268	7zG.exe
Token: SeRestorePrivilege	1800	7zG.exe
Token: 35	1800	7zG.exe
Token: SeSecurityPrivilege	1800	7zG.exe
Token: SeSecurityPrivilege	1800	7zG.exe
Token: SeDebugPrivilege	2140	XWorm V5.3.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

Processes:

7zFM.exe7zG.exe7zG.exeiexplore.exechrome.exe

pid	process
2724	7zFM.exe
2724	7zFM.exe
268	7zG.exe
1800	7zG.exe
1028	iexplore.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1028 iexplore.exe
1028 iexplore.exe
1500 IEXPLORE.EXE
1500 IEXPLORE.EXE
1500 IEXPLORE.EXE
1500 IEXPLORE.EXE

pid	process
1028	iexplore.exe
1028	iexplore.exe
1500	IEXPLORE.EXE
1500	IEXPLORE.EXE
1500	IEXPLORE.EXE
1500	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exeXWormLoader 5.2 x64.exeiexplore.exechrome.exe

description	pid	process	target process
PID 2712 wrote to memory of 2724	2712	cmd.exe	7zFM.exe
PID 2712 wrote to memory of 2724	2712	cmd.exe	7zFM.exe
PID 2712 wrote to memory of 2724	2712	cmd.exe	7zFM.exe
PID 2092 wrote to memory of 1028	2092	XWormLoader 5.2 x64.exe	iexplore.exe
PID 2092 wrote to memory of 1028	2092	XWormLoader 5.2 x64.exe	iexplore.exe
PID 2092 wrote to memory of 1028	2092	XWormLoader 5.2 x64.exe	iexplore.exe
PID 1028 wrote to memory of 1500	1028	iexplore.exe	IEXPLORE.EXE
PID 1028 wrote to memory of 1500	1028	iexplore.exe	IEXPLORE.EXE
PID 1028 wrote to memory of 1500	1028	iexplore.exe	IEXPLORE.EXE
PID 1028 wrote to memory of 1500	1028	iexplore.exe	IEXPLORE.EXE
PID 1516 wrote to memory of 832	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 832	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 832	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2100	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 1040	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 1040	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 1040	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2744	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2744	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2744	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2744	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2744	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2744	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2744	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2744	1516	chrome.exe	chrome.exe
PID 1516 wrote to memory of 2744	1516	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Desktop.7z
1⤵
- Suspicious use of WriteProcessMemory
PID:2712

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Desktop.7z"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2724

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\@DeathDealerSoftware\" -spe -an -ai#7zMap19253:96:7zEvent23823
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:268

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\" -spe -an -ai#7zMap4681:90:7zEvent28155
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1800

C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe"
1⤵
PID:2732

C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\XWorm V5.3 Optimized Bin\XWorm V5.3.exe
"C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\XWorm V5.3 Optimized Bin\XWorm V5.3.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:2140

C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2092

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=XWormLoader 5.2 x64.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1028

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1028 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6569758,0x7fef6569768,0x7fef6569778
2⤵
PID:832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:2
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:8
2⤵
PID:1040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:8
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:1
2⤵
PID:1052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1548 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:1
2⤵
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1452 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:2
2⤵
PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3164 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:1
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3392 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:8
2⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3412 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:8
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3624 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:8
2⤵
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:8
2⤵
PID:980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3408 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:1
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3788 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:1
2⤵
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2592 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:1
2⤵
PID:2556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3780 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:1
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1288,i,8770621147769558008,16976055626024141514,131072 /prefetch:8
2⤵
PID:2540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1032

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9e1470ca1aa50b6bbe8763acb94db944

SHA1
a32077e4a308cbbd64098c72d3994cad0479e966

SHA256
55eb50a191e05eef1673ffce13e4f19860fc4f0f78ec165bdd785dd500d6a038

SHA512
36375db3c7ed0d06dd6f44e19b6c321b773e1c752efd8d802a37ec3efc4cd24b42ad35d72618957c10858239851f0674801cc522ab378e746e03fc8787e61405

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c193b21938800996b15f8bfd30a8c7a6

SHA1
e830d0add5dfc46de1f8328847690fba81b54ee7

SHA256
c09096e2adca083d4f0546d9bc3a3d56ebea81980a44db6d1c91edd74b5e94da

SHA512
43bddbc49aff7c68e61ac2a6522eeb475875d1a985b943e4ea00e9773c938a2d9cb75417908380e98bf3a060aadb485a4ee010ab03b102f1c8a6dc2b3c6435d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d14168cf565c6daea9f06b97d5526bad

SHA1
80793206110fb1c30a04086fcd8ba36eaf15c7bd

SHA256
3546e662eacc3134e20864ea5079f5627b0a49d0f8c95b9cdc5c55a1c8ed7d03

SHA512
a409c9db7cfb62927cbf515decec62b82e214bcead440e5127a87ea6f78098969527b089a0560f6883b86e1de0746c609171827d4f2a2cb5be49e2931e5cd6d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
92f40a4d5f455e171312f4bf8c2f3fca

SHA1
8731ff254f8b8a27d42871314f7ba15c4aba8391

SHA256
fc9d420f6ae2c5ff4997fae197f48b989c86d52ed2a08f2a1858322d93f59299

SHA512
816e3fc8dc08432ca93862bcd2dd357dc70f2c283f9513a789c5b8a0b02d3e67e494306ae6564e118b10f0aebae16969eb7cd53e0920a7f8ed000cb333c270f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
11e550c08bb542f2495eac5e006717b5

SHA1
7e4757eee83a6c05c955d8e20415ae6da6e05249

SHA256
1408359a907370f2350b946a45de9e1ba7258a9ff8c7a538f260404c29dc0a2a

SHA512
e030104d7bdc93026ffa9b2d20ac40c1ac27e0907e2730711fd69171b5a757887e89eefcb0d379b2884ac3cf6875b28e09f5c76c9c185eab536583e27417be01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e9fdff893a05519c27fe5387a3554ac2

SHA1
a3e5742ae7c6c023b218c9a47f29a749a5308377

SHA256
30d3e8b71cffab66e675772765884848a10896799d8fd71207677803b1bc50c1

SHA512
06c31d962d4bf8842251b1942eaa0da0e0be6755b8b5893aab49dd94007187d8a7309d6f04b0bf93a453db7ee889340a1679ac7615f2683ffdd5d3ff16e30f50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dd6b32b7fc03386493d03b3a949dca64

SHA1
76a3c2e4cb42bf49038e32740c99ba40645d10ff

SHA256
0615aec3dc47a22be0504ecc285f4c3f1a2251fcaafb3f4185f7f79d0fcf1ca9

SHA512
9ad7e653c3801ac018f6d96fead0e50b043f4f7cf2efc361635efe68f9dee268d48c225dff5537a27e2cbcc358290760dec0b5f50d823770429927654783c6da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2721f4e1628f6ea0a54d87da7ace39a2

SHA1
2fa1b1e4bda5613169c32469f72cbb6f76858be4

SHA256
c315d763d9562ae6c72d49c9d6ccfd1a1b9e1d793d7236d697b5cc296d13aaf2

SHA512
05a91d5bbc1223bbc2e9b7cdcd9ab896971e00741bd8a00be11d911e4f3b2359e25f5cc37ea2f22bb110e238359f045479d779652ec4ce412f3468338a1cfd41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1e56ea05fd712e25961bf972c5b2cacc

SHA1
69b7bc1bdc4ec575391dbf2a90b73d1420fbc279

SHA256
d9cbb51d6d9155a72f6bc06804d107e5b6536730c7a2d1b659b3105d524ec2dd

SHA512
ba8ddea6d4f5c7770dd24ab54c4934f9ba4ba06478280dabc5be28649e43119392c5bc19b2757eda0048fec05badf64320bfc7e06072163c52a08f1481c41748

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0c05edd47e108ceb3fb3e8e8607f3776

SHA1
783d13d177ceb831cc1f8cb523b90340ff7e3776

SHA256
a3ebc2f8343424da189f0e4fb0fc678069b080ca2ba8484d9d4a86ab1a586db1

SHA512
f750521ee903f3896f4e5b0fec1ed6ee6d8b66bec37ac417a990221f3c89be2f46a2e6610a1b5e05099e3b5e1185ea07f708a0730c91ac5b2d99561b649cc320

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dbbfe4d5de29c47559112a8b288aa1eb

SHA1
4a00b9922e61341ae578388ec7da235deb419c5a

SHA256
504cde6a9a916251f7a2f49c3822206ad599fbea0cacb56b0e898d323877c8fd

SHA512
f6cf51820f37315dcfd2b84d73e3f0c14389e0014bbf3e9589b3db4e480d89efc575876c66b463e06c33cce18610875cb3df459800bdd916fa3b33f6a4c17c14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0a95c5d0191b015f25581b796c162221

SHA1
eefaff176f4e641ad7a5e4845efaaa6f77601b7e

SHA256
a9715abbfeef4656a6b136f8ddce49c4f85c4a0c9ceeca4071a94f384b5ab86e

SHA512
2577ac83a59bff4b1b02a55371e8dba7f35251e25bacaafa02e497707305a9e9d9fa87c483233b230e9ee71d9a7f304d514b44ec48a07356b6c5cf8ff171d887

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
56fb7e34af0e83b16e786fce4949a464

SHA1
2cf26b2af7e44232fc0e7c04dcb7207f7c69174b

SHA256
6340350522d41c390a7ef6208b695b5b08bc1d06043ccd495ac047940ae19bc3

SHA512
807a3e1f95bc8ac3a0fedb98aca8460b576746658fba826dc1786408e7cfbb97a9d31525b93733c1b6d2128224048e45c7377dcb32dd2c54ee6f9a9f115a98b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6bd65c7e6414e19928bde7e0034abbf7

SHA1
74e3a30330726ae6a946cc7100dec94ca6f22bff

SHA256
4c7c422812acc4a2b94f39da2a7c653088657080df27787d70e679cbe4ce292a

SHA512
276849d59ef8b45526fa0b93ca69271a1361f1bc9cf74dec54715ad71007ac2b67eef01b927d61bfe8303b6d5919507d2b6ed102e8b22827fffda469fd6861e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d92ea177e23c57857d2f919c1c2e1947

SHA1
477495d189e28df5c3e3b9bf9e4de23d2d47c26c

SHA256
ca0301bf12dde1ad8161e80328359c264963e17e58c3a4d67dcede9843483fdc

SHA512
a98f1c34bf764caa55bb4da835fb2dacefe1ce2f86688999be902d82c80bd169b56cbfe721267965c2445730ad1f4d0bdbf5ff5b7ab77b13c4edded633eff35c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
70af1c345fb0246dbabb2b521f2dc266

SHA1
aca255c3d33ee7eaacb1e7329de0f7096b189247

SHA256
53ea4c19c4b54dfd75219053ee25469bc4def93bad237c1b9254ae5474287690

SHA512
a610196589c349e789e51e79864588651aedfbb39e285a621f40c4bcc9442cb47f1873b850b1058c65e5db88ca5ba9e6243decbc6daa3ffaac1332f876109430

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c3e143d380da01f9af0027e4bf6d9407

SHA1
c4b2f85684b07c5e4b303ad2d9a82a2bf7335456

SHA256
4a350490f1965832921224f3fbeb0486b67961a5452a6566fbd5c1d1a472e99a

SHA512
21617f420af85ed2dfc2eecde1192c3327c41af02df98c842e502fe2d3bd593a3353f99a5bf1dca3b3de2ee65ceca7fe9fea25c5c64be1deb0e77c8b620db71c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0498590a744bfa37a702335ed0aee357

SHA1
826e81f567c9ebc52b9917acdc3ab15eeb091e6a

SHA256
cfb6163924f789d94b7663522aef14b147b334ba518ac1cee3c088174d3794eb

SHA512
0d055e6e4f69230bad1c5e393abe89c495d3d0f5c310d97b6bf6c8ecf7abd6e63e0ea1da59ac80fb3682e4ffd75b73f26a5b75f0f0b1e8041fa79dfcf7a5154d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b7ab64b16648b50bb20f6f3e4668ab99

SHA1
1b242753834e6413093a3d5fd35a024e0cafddac

SHA256
ff73fdc5bf6e0043d8d1520c633384121104bcb332cb69df187086bf40fceb6a

SHA512
925994ab6a0949f907750b7bf2875f1b0f5344d3da4de357f38744009d0b834bdc77c84e14f5eecaf92afcfcb8ef452b5f80e3d8e4f9d0f0226ed663e8358343

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e0b86c312303b98ff11c0d38a0b696e6

SHA1
31b15d863b0d2c01595db6f1fab2a6ddef656e12

SHA256
73a69f82b143a2d2a19dd414f56a59a6085fae9899c863daabbe78ebe7a5753b

SHA512
9cb94de0654bd777a27c582e2605ceacaa86f0b9e2bebc288ddb15474aef9393d64af5231b6151d0c8e9f617e0f23a688ab163cd8ed0d710db8f1f2211ae926b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c18364dfa555dc41bd1855e6d8821b41

SHA1
f929d5ac1920a895be1e2b7ee38297a457af32c0

SHA256
6922b9f33f28a0d677aa22e012121fef7640c0125dcba523ffb3bbc345acc0cf

SHA512
d6390ddf797a7c039798818d2036ff4e355bab6c330e13963a55ce8e3fb10e85927981e125bd3cc9d65c67fb9ca4a59cf25c9e08c2c3f6ca1a6147815ddb53c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4d9200549c68e4fcacc592c9c0e121ee

SHA1
44c0343650b915e9973f90175f78e9c0a5c1c1a5

SHA256
6ee0ef03241cad44daf5828202fd1b8ad644c004ec2e17540f7902e4cae07e9e

SHA512
d6c639a48e3ed3507d0980d113dc36a9e738bbfc9bcd0475598de8ca55794f6635fa9c3ec8626de19a32b370b17a02ab674d830cd18be177ddb5110a649aa41b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0ddfebed0c11de10b2d5227ce46f1ec2

SHA1
59b4aa1d1cf4185dfb436676290bbb9fe34e29d4

SHA256
497e1d66da4a93e80717eb03f4377ed41f1f910d51ce1c9ed847401838b1e547

SHA512
d2642930ef84ce52ba095ed17d0be60a93fd33370072d2b06bf0717a670f42a0c643421394a9f95d9ed96916b558de6de154c6984bc479e2469f02aa94c2efd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8598b78e29a3677f831b57dc6c57c189

SHA1
a621c4c0e560660bc7906869be7cab16fafd44eb

SHA256
f4b08b0db911ab1ff9d296cdc2c238f34dc932dc4ec8504b5573b291138e2d00

SHA512
f66c52356b618ff83c0c739f2f9925394b17be369db92e50be1fcbc96deea13cc173d362f68bb45fef5e17767066b60a98120c4b0a3e349e85920c1cfa087830

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9139cbf87b37e874e2945e4dadeb28c1

SHA1
0e88003fbfd74840340f9ceb6cc5ff4a1c190af8

SHA256
fcd8ff7982f056f9629df5065875e33d0d34d3daa9e5377e58ffd74a033ae141

SHA512
6315137073302ffcc5715fc1b3339ad9db19c18eef4496e8145f1e08ecf31eefff74ef80563567ec5fcef93fbb52ebe09a3ed87000ca772887978095a6bb34eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c0add7df8d80e485e70e050d234d6020

SHA1
186ac3c880d0e0053f69962d391968b119c28671

SHA256
982c41c4cd76bd8062daed37b5ad38a888ce2032024c8b9d5ba13a75e84ebb9a

SHA512
4ed9da606557d3f5f2c4ac9d9d84fe33234b78ce0f6a4046e2f251f0ec86c38d51f63f649e480c334aff86212f7ef008f029f9c4cf534a9f5245c8e96f8c98d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
bcfb2889a6345f7b74d2716b9a0ae847

SHA1
35a470a75a7d0478e853845c7a0646c4dcaac426

SHA256
ff6c820ed4560d94ddd5c6712cbd5db870bedfdda2be7d9a87d8cb056de5ac36

SHA512
c9b6923fb87df07c8803edb8ccf51c5e3e1614a09564a430e5ab38dd114da3afe09bcf45e62b1d6aaecf005a66e379ae9ecaa30ee9114534b46c0970ba450673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6261b5111c97a6a189ae75336548137f

SHA1
c7ed350d55cf44c1bd78495b50673ce94c03f86c

SHA256
12ac4dc7436b211c303c56955c4b7f43345b5929c81b87b1ef8e223a1c809381

SHA512
76743bb9b224173f537e9f16c760417562eb2fb6bbf55efd0c5b34f3e9a944ecf42d0a9470ae66d8a6b947f14db4aa566f807205c20dfce8f41003831c7cc91a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d6a8ed0d8b172eb82b63e9699133d111

SHA1
d2d0e969c55fae0df249c1861e35b9d2ed799801

SHA256
3290c855be1e9c4bfc9c8fce6b1df673820b10c5fe582be3d4b19038f4cd1e67

SHA512
66c370f72e7dee8127579d7ec9fe155aa52989019badd108d89714ed69d80a332b67c4b853920507e6c98d8028ff0849fa8d938dece1d54b8ecd7143fa4e8c55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a786cdcc71068158560cbadac272b35f

SHA1
306d350a4af28b0102f45d9e77646b339254a94c

SHA256
cdd3e895e501874ec12f8bf0fc154dc3b7f809178bccf46e1c1658c08a187616

SHA512
cc87ba0eb06eadc7ffcc9dc5a4c4ab685fff8414e1ef20829a8516c363969c17cdb02f68809527f89c03c923ef9c50ce3785f95844e08338d943cf85f1293d56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c0073bff4e73c30ab99541a4077dc228

SHA1
1c8494a1c82221e26cd6f9c0436af98270888d33

SHA256
b5dea94ca65a10cb858cad6c621d358074be9fcae7c3a24a2a54e27f460b69d0

SHA512
4dc40fec37a769bd3c2b6fbffb33516d32a36f84c40720ce62207c2ce7a005cc6e8192c9c746f3ed9bee8035c98fb6abbb94d8f56f226cbac93afadc417e3306

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
82a6266a3d123daf414ed953732b8ef7

SHA1
ab46010af78a1c7616d886c002feb989a95cdaa9

SHA256
4b30ce6ec470fc440294ecb025fc87a3236531d56e1db61569c27fb4085c2de3

SHA512
b2a67689848b6977dbd8bd8168699148043124823df6a780769852594ea775cddad8deb95312cd472c1a1e8818f0642dcc41701df6b7322bd464ed43ebbf3828

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
69057ce57ebc8e8f9936fb9b3f8b32ff

SHA1
edcf78489bd72cbd49b54a598425796029fb526b

SHA256
5038f3af6f78aeebac0a36527599fe115c07776f8b8c46912cc03263ac0e55d4

SHA512
2c3aa18a2038b59907eac154badd4ba02ac01f2e6eb66179e0915bf419c1aa47dea05ca6367ddc8444c0aa7c181bec78f5739a1f20ca13ee0e31674342f5e2e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4a2a4f2cfa99132558107ac119a65bc8

SHA1
19b0b483b386f2751bb14c0b654bf8b35fc4a127

SHA256
e3309e423cf222cf7586f96bcb2d347f4b7905126ffe628b09228a4485a05cd2

SHA512
6f578ffc90bcfebb98b3c962425f56b13eb1745aaae71f8ce06d00e43977566fa04a63039b9074166182f7d8dfee86ac712913596a481478c234b92a581d1793

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
330984aabce67cec8e67d4877ac1cfa0

SHA1
4936d97824a2f48cf3354d824a8089bbeeb358af

SHA256
b624d6feebc900970dcc2fad30a62c41b4a717454e061f9a2f71a18896f43db4

SHA512
7d4699ebb387dba28c582a09bf950007a7ae08afbc39e0ef844f9b52f924efab6ed4c96b2477b54afe2080e68b938ff41ac6694a8d8bfd7d5a6e36944c24b3fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
13bf01d4c4a8fabcf9e36bb548ab2138

SHA1
2826aac2f4148dee2268873cc735ddb27bebd57b

SHA256
bf129da4e5602edc903bc56398c919ce88081b54778ccf8702b3436128226d56

SHA512
6d7e9948f7adce54d4c18f5f8786f28a5a234f551397fe34cc2ac995b028e80d192cfb78f2e304984b3f3273d0cb4e86afdb46258132c735abde0ac11ca630c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d809f6ed5a25080037479179f0971f2c

SHA1
b780fc68586099f0a3e408ab274851d5fa112b89

SHA256
1e88bf982d2dd00719a4d4f60dbc4a5c99ca54d1e8fed87a816b2e1e529f30e4

SHA512
20ae8517315122dddcad24210811bd06e3eb0517587e8f920b28ce26bc04c7c179ab1f8a4dfcd8ba59e3fb23e3255f0c1a2d66401d51e2de938d24adfb78e6be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f22c64c60d19076a6adc428eab77291f

SHA1
4c2633a16c857623d341c6a3b251751132c6c3cc

SHA256
b8c6df2b6f941f210ef1cb10ed5ccd6a69df10f888d18f0e72282e4af8c695ea

SHA512
5deb3facadcb2b65062a8a6e71249812e8bffd869ee9c0ff70d98f04fe7bb6d706a5d0bd7c04672026487e25de4b7a40ebc9719e4b4f395fbf842283cf98ee44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d695798f0db1830a8811dc036fb800e3

SHA1
3ee1d32aa50673829e122a3814b2a964196e55e9

SHA256
0860314b5e84ee297fbc386379ca0296dba210298372a928b60f32955e53b306

SHA512
acbeece51bbc7b9f63cff76e8c696a1ae28e0ac21db9e9d898d1ebb5a18d2da67b439c6a7141d3474b4642ebc67bf0fa4fdc1c99031ac2659b980a0cd44a2d55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0a98256bd02385ae85c8be5661aa2add

SHA1
970cb8b31d6cfe4bcf76ef7aacea6eadeb82c721

SHA256
c6c317275f1a40f1f8273810801d75152971fa5a855663e8f181d92784c2079d

SHA512
a1d400b4754e382487b4c08d59d6a69e5a11d2331b1a2e5754ace60ad6a113ff475844b55a0b69c59ec1b664f5996f8be6f930ee33ce68b57c6528648eb120f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
55773f2353bd63dcc851168e47f31b68

SHA1
8a208e805ada34303dc901253412cc1856f3d8a1

SHA256
9c9dc109f176a8d082f3d00fdc8baccad3feb5c27121d1b58024204df44f7231

SHA512
d1ad7af4e5a2115e94b561cd2887d1e89a06b93f680cc220348865c5a4c1496341a708a8d358b9226c9f2a4e963fe82c8e7b12fd56015ef16b592317e811f3e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
915421375038bbd0a3f8f31a7e6af397

SHA1
7d4d8dd3fd04b9383cba31bcbffa26c78df0df56

SHA256
4b98c0f2408938aee71e5df90e5af9c7a6c43fdddc290a6c77c3e93da56b1a84

SHA512
5b367885d260ef8e2ee5a2222edfee76f6b722af257156013d324624206038fd7f0299c701150ab0438fe76bd7d5f30e56b0ef997953fc2fe890d9ac7e9211f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a42c4c03560ca99444c7a62c534a6420

SHA1
8224a6f091ec2ef7c3cb8926ec66d0c8861703bc

SHA256
354545bdcbe3cb4bba8f234681875f88baf3bd0d8145da2c523e50f2c8ab12d0

SHA512
ad4bd19a572069773440f8d5a5bcdd8d27f3fde7514b2035432392f3b8039a839853dac7f334affb519a2122a8e21f447720700f5996d0d3269c59a8fce49ccd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2b13b12c4ab6a8c50c9b60b805ec23e9

SHA1
5ebe4c31ff384978b0542a183605f95ad70044f6

SHA256
ce3a935b102daafffaad96171cf18687d1126aa76407652c106e3b73fe4375d8

SHA512
7964e94c7ef7421a2d0136752de3e6d2d71dd4a1118df368b3ad87984a01014436d9acfcc31a230b48e0c293d646c26052493002a7b0c0bc67329b4430748e36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
18b8624fd2aeec3294f33f1aacc52ed0

SHA1
6023ed46ce73cd58d159a3933581cc72b0ba4b13

SHA256
a35ab86dc779293baffc8bc720f45761efd0d3338becd0a635a85e01d66d377b

SHA512
7df88b6d46f24183ea040ccc9607197d0ceffaeecfec4283b78ce80601a011d60de26faf06ee680b0a17ab48e08c83e410f6590035b05553799c3ecac0d59852

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4bd4660c23f042bd1c4d5c3f92d4b98b

SHA1
2a9c916430036c413aed7c0f8d25bfe50a7fdd0b

SHA256
63330264ce85986ce412c24be9c72b502bee9e64645d9a12846c3404e86636e4

SHA512
dbe8eb7ceac794f8be3e3c48bc2108d8ae608f73be419b1fcad89394f627b979dd328c958a092932e0d11945be788f0e31be688003a6dd6e75e3997504ad24de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
778d2a2fa117f9d25f646e66eb9e67f8

SHA1
159f691bff0f67d1f355728ff022da436a942d55

SHA256
a0b886b4c366744fac17c980464b10649d738b6e2836196143b7deaa38bb67ee

SHA512
e2c6ed0f2afe5051d75ee968489a6552924c3b23050decf01580530bf7212df9bdb25f0c2757edb16a70d7adc24442e9403df08cbd623637e6048bba7808ce25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
eb5f283f8266d96d06e39d16d7896500

SHA1
08a465a9eb733326334a2318971d2d0f55265d1e

SHA256
2c9f56f65f5a680d4843624c20a932696862e931ff282cbf62784591672d01cb

SHA512
7f05b2ae6da896c6d2c6b947433da7161143466b66f21a3aa6977a3cc17b413f40cfd59718b719294632c97354f1ff89748a36015dbcabad273ebeda1b83420d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
3cb3c3ba7dc1834214b87684d9bb4f8f

SHA1
2315bb4d56f98eebbaac7a9efcb748fa256e4ff8

SHA256
4d3ed6e83265a676fb9ab490c562dc20ee27200f245446b4766bb19d2762b9a9

SHA512
a2b0213985b74b5741bcaa2f61e9892533b2912a41e5c620218d08d4390e07834e81b8096f4e6a55f157db4f16363234f83e40f9364f8d06af84104f36bf2113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
9ff1c14b8c85fd77b858a789a62ebd56

SHA1
468bafb3b4fd9811d87c62646cf997c324be3d04

SHA256
f3724b480b28b40d61cd0b5b073dd296275426501e3f09a769532bb2f6c9bf4e

SHA512
4d26951115b132ee0f59a4f676e52df4f63a66dd85db072f349e6c9861a3609acff1f286c005c547fc081cd7e95811a01ff64dc0eeebc9b4d2b74b567aa4f16c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d03b46b7-8581-452a-980d-5753c119f9fd.tmp
Filesize
5KB

MD5
6fe7a07843ef32cb3fc89a2625fdf5ab

SHA1
fa1d9ff99d8cfe8d93c5330cb9c5171a6b1d17fb

SHA256
335946f6d0cdb27c4b3b01537fccec2f101866354072268581c0dd5d8a6631e2

SHA512
272188cda3f9dbc32480b60e858be9c48f4335ac324df98085344281895fe53012d091ad4ae661e00ae96129688fbab469563fae6bb09211f607a3492b9ff716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD5D8.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD5FA.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF07ADE70EC05E58D3.TMP
Filesize
16KB

MD5
f62c97d63e6e0f8fa8ddf7a0e5b18b41

SHA1
4db7164dd154a4f63203f14e8e086928d73bb9d0

SHA256
a59cf8241aeacbe23638dd7266aef0b566366434f6b5b711728bdd17aff7f746

SHA512
2b06cf59c1f47cc0473e544fdb8cb2d36128b594b55dc2ea55fc1e09a11710630481a1a805b31d37133cd096b1b890d4f855a170449a61f6aa03b8e9abefe4f4

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware.7z
Filesize
29.5MB

MD5
187b25b9e02c2b5d01a70d9d1855dd7c

SHA1
d0c7d39012ad0507239a3b060ea42cc13b22eb65

SHA256
f26803b764a54a90852b7fd274d5ced7a8a58f1715d3ab4b96900ad4f9dd0410

SHA512
bea5cec59d0ebee26a71c78dc38da47a25ea7932d119868caf82b5e4bbbcecd8969abea80ad41b65352f264ced33c457a041c0d9f321c272a8f913802ee254ed

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Icons\icon (15).ico
Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe.config
Filesize
187B

MD5
15c8c4ba1aa574c0c00fd45bb9cce1ab

SHA1
0dad65a3d4e9080fa29c42aa485c6102d2fa8bc8

SHA256
f82338e8e9c746b5d95cd2ccc7bf94dd5de2b9b8982fffddf2118e475de50e15

SHA512
52baac63399340427b94bfdeb7a42186d5359ce439c3d775497f347089edfbf72a6637b23bb008ab55b8d4dd3b79a7b2eb7c7ef922ea23d0716d5c3536b359d4

Download Submit
C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7.zip
Filesize
20.8MB

MD5
0c63dcab8e3b8c546bc3df32744ac564

SHA1
9da3d9778b3d77ad46ea3843952d7c52f95a6364

SHA256
c0e7165816815e55c398af0e1f653c2d426a5e11c86b64136194ae8896d4f521

SHA512
7fd8ad4dbbe813eaeee5c2bd3fd6c28e746bfd3a61f745d06f08de218f223d440495268c74203dc94594c920aa50d3df4865095d86149e1036dd8476be641278

Download Submit
C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\XWorm V5.3 Optimized Bin\Guna.UI2.dll
Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\XWorm V5.3 Optimized Bin\XWorm V5.3.exe
Filesize
8.1MB

MD5
f13f9b1fc0624f438058a4f973f79f62

SHA1
f3fca3d2e1251337ec8c138458ec7247e934afac

SHA256
214b45a67ce6e2663a81df0c40be99305bc8381ba42826afb3766cca4a71d375

SHA512
f4bc2fb6502848ac3ea39869a9b53181aa5aa28e7daaa6682914fb15403d97b5f697993c22e9a792f0ffa9cae2866f04c17626bed414f32e68d290f20757d713

Download Submit
C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\XWorm V5.3 Optimized Bin\XWorm V5.3.exe
Filesize
7.3MB

MD5
e8876d5a341cb1f814c30d7915ab2d0f

SHA1
134a016c1201973b736d965571333d9f0452ab02

SHA256
2bc0b4203d6c43b32dce58c65b1678ffbeb2699798cefeb7f1d055a599312628

SHA512
d1ef4fb7568f1fc81dafba4716e01efb01d46a21256d4b2ac1e75eeec54c445ce6553be4c27fcb14fbbcaebd3f8974a5427c63620704f65b22c85fd1ef45343e

Download Submit
C:\Users\Admin\Desktop\sQeB9gFj0rMbKCp7\XWorm V5.3 Optimized Bin\XWorm V5.3.exe.config
Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
\??\pipe\crashpad_1516_DGTEOODOMKQAWXPG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\RFZzY\RFZzY.dll
Filesize
112KB

MD5
2f1a50031dcf5c87d92e8b2491fdcea6

SHA1
71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

SHA256
47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

SHA512
1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

Download Submit
\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe
Filesize
109KB

MD5
e6a20535b636d6402164a8e2d871ef6d

SHA1
981cb1fd9361ca58f8985104e00132d1836a8736

SHA256
b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2

SHA512
35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

Download Submit
memory/2140-383-0x000000001CE30000-0x000000001CEB0000-memory.dmp

Filesize
512KB

Download
memory/2140-358-0x00000000011B0000-0x0000000001F8E000-memory.dmp

Filesize
13.9MB

Download
memory/2140-359-0x000007FEF5820000-0x000007FEF620C000-memory.dmp

Filesize
9.9MB

Download
memory/2140-366-0x000000001CE30000-0x000000001CEB0000-memory.dmp

Filesize
512KB

Download
memory/2140-367-0x000000001CEB0000-0x000000001DA9C000-memory.dmp

Filesize
11.9MB

Download
memory/2140-369-0x000000001DBA0000-0x000000001DD94000-memory.dmp

Filesize
2.0MB

Download
memory/2140-374-0x000000001CE30000-0x000000001CEB0000-memory.dmp

Filesize
512KB

Download
memory/2140-384-0x000007FEF5820000-0x000007FEF620C000-memory.dmp

Filesize
9.9MB

Download