agenttesla | bf6ad1760dc3f1659cff14199873f3e01cadb5ca5c7f18dafda2fbd21772e1d2

Analysis

max time kernel
267s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Desktop.7z
Size

60.8MB
MD5

6a2343b4aaad49e4c8d89e48c70d9946
SHA1

e4cef18359a97a4f11beaa83fb86b4f5b8de9266
SHA256

bf6ad1760dc3f1659cff14199873f3e01cadb5ca5c7f18dafda2fbd21772e1d2
SHA512

5df6ba3e488c2e00746928d8a825653ae8418f0a484f22fd6aa3fcb9ea9980415c27dbc615a83d85a0b11fe64ad1977750a6cd21006535f089d2567c6a85c682
SSDEEP

1572864:PSJss94cgFhuxzGFPSqMFhstNWl+eZSmd7fiqcXhU:Pa3TIBF8zl+i3if2

Score

10^/10

agenttesla xenarmor xworm agilenet collection keylogger password rat recovery spyware stealer trojan upx

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:7000

Mutex

zTitgPDo475hDOA4

Attributes

install_file
USB.exe

aes.plain

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

Detect Xworm Payload 3 IoCs

resource	yara_rule
behavioral3/files/0x0003000000000707-269.dat	family_xworm
behavioral3/files/0x0003000000000733-279.dat	family_xworm
behavioral3/memory/3192-281-0x00000000006A0000-0x00000000006AE000-memory.dmp	family_xworm

XenArmor Suite
XenArmor is as suite of password recovery tools for various application.
recovery password xenarmor
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

AgentTesla payload 2 IoCs

resource	yara_rule
behavioral3/memory/2720-243-0x000001E2FE390000-0x000001E2FE584000-memory.dmp	family_agenttesla
behavioral3/files/0x000600000002322c-242.dat	family_agenttesla

ACProtect 1.3x - 1.4x DLL software 5 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral3/files/0x0003000000000735-380.dat	acprotect
behavioral3/files/0x000400000000071b-375.dat	acprotect
behavioral3/files/0x0004000000000719-370.dat	acprotect
behavioral3/files/0x0005000000000717-365.dat	acprotect
behavioral3/files/0x0004000000000711-360.dat	acprotect

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation	XClient.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 7 IoCs

pid	Process
2720	XWormLoader 5.2 x64.exe
3192	XClient.exe
3212	XWormLoader 5.2 x64.exe
1444	XWormLoader 5.2 x64.exe
1624	XClient.exe
864	XWormLoader 5.2 x64.exe
3612	All-In-One.exe

Loads dropped DLL 5 IoCs

pid	Process
2720	XWormLoader 5.2 x64.exe
3212	XWormLoader 5.2 x64.exe
1444	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
3612	All-In-One.exe

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral3/files/0x0006000000023261-229.dat	agile_net
behavioral3/memory/2720-230-0x000001E2FE820000-0x000001E2FF5FE000-memory.dmp	agile_net

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/0x0003000000000735-380.dat	upx
behavioral3/files/0x000400000000071b-375.dat	upx
behavioral3/files/0x0004000000000719-370.dat	upx
behavioral3/files/0x0005000000000717-365.dat	upx
behavioral3/files/0x0004000000000711-360.dat	upx

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	All-In-One.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	XClient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	XClient.exe

Enumerates system info in registry 2 TTPs 16 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWormLoader 5.2 x64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XClient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	XClient.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWormLoader 5.2 x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWormLoader 5.2 x64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWormLoader 5.2 x64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWormLoader 5.2 x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	XClient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWormLoader 5.2 x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWormLoader 5.2 x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWormLoader 5.2 x64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWormLoader 5.2 x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWormLoader 5.2 x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWormLoader 5.2 x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	XClient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWormLoader 5.2 x64.exe

Modifies registry class 40 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings	cmd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\NodeSlot = "3"	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 72003100000000004158483510004044454154487e3100005a0009000400efbe41584835415848352e00000004320200000007000000000000000000000000000000601f96004000440065006100740068004400650061006c006500720053006f00660074007700610072006500000018000000	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 7e003100000000003c589b55100058574f524d567e312e334f500000620009000400efbe41584835415849352e00000007320200000006000000000000000000000000000000e6901801580057006f0072006d002000560035002e00330020004f007000740069006d0069007a00650064002000420069006e0000001c000000	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = ffffffff	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	XWormLoader 5.2 x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	XWormLoader 5.2 x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	XWormLoader 5.2 x64.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
3612	All-In-One.exe
3612	All-In-One.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3120	7zFM.exe
2720	XWormLoader 5.2 x64.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeRestorePrivilege	3120	7zFM.exe
Token: 35	3120	7zFM.exe
Token: SeSecurityPrivilege	3120	7zFM.exe
Token: SeRestorePrivilege	5084	7zG.exe
Token: 35	5084	7zG.exe
Token: SeSecurityPrivilege	5084	7zG.exe
Token: SeSecurityPrivilege	5084	7zG.exe
Token: SeManageVolumePrivilege	3968	svchost.exe
Token: SeDebugPrivilege	2720	XWormLoader 5.2 x64.exe
Token: 33	4616	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4616	AUDIODG.EXE
Token: SeDebugPrivilege	3212	XWormLoader 5.2 x64.exe
Token: SeDebugPrivilege	3192	XClient.exe
Token: SeDebugPrivilege	1444	XWormLoader 5.2 x64.exe
Token: SeDebugPrivilege	864	XWormLoader 5.2 x64.exe
Token: SeDebugPrivilege	1624	XClient.exe
Token: SeDebugPrivilege	3612	All-In-One.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3120	7zFM.exe
3120	7zFM.exe
5084	7zG.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
864	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe
2720	XWormLoader 5.2 x64.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2720	XWormLoader 5.2 x64.exe
3612	All-In-One.exe
3612	All-In-One.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 3120	2408	cmd.exe	39
PID 2408 wrote to memory of 3120	2408	cmd.exe	39
PID 2720 wrote to memory of 2952	2720	XWormLoader 5.2 x64.exe	108
PID 2720 wrote to memory of 2952	2720	XWormLoader 5.2 x64.exe	108
PID 2952 wrote to memory of 3920	2952	vbc.exe	109
PID 2952 wrote to memory of 3920	2952	vbc.exe	109
PID 3192 wrote to memory of 4780	3192	XClient.exe	119
PID 3192 wrote to memory of 4780	3192	XClient.exe	119
PID 4780 wrote to memory of 3612	4780	cmd.exe	121
PID 4780 wrote to memory of 3612	4780	cmd.exe	121
PID 4780 wrote to memory of 3612	4780	cmd.exe	121

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Desktop.7z
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Desktop.7z"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3120

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\@DeathDealerSoftware\" -spe -an -ai#7zMap23348:96:7zEvent8461
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5084

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5040

C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\55f0dtxe\55f0dtxe.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2952
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES263.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc14B6483273C49ECB5382824F948180.TMP"
    3⤵
    PID:3920

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4136

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b8 0x40c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4616

C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XClient.exe
"C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XClient.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c Cd %temp% && All-In-One.exe OutPut.json
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4780
- - C:\Users\Admin\AppData\Local\Temp\All-In-One.exe
    All-In-One.exe OutPut.json
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Accesses Microsoft Outlook accounts
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3612

C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:3212

C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:1444

C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XClient.exe
"C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XClient.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1624

C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:864

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\ClientsFolder\62582AD42F1A0456CF06\Recovery\All-In-One_02-01-2024 06;45;25;518.txt
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWormLoader 5.2 x64.exe.log

Filesize
1KB

MD5
601373babf3e5b06dc0bcf79bcb408a2

SHA1
340b409a6774e67dc2d36b7d18f2faf41a315400

SHA256
6cf467dfa053cc07d9f68da0f6452c56a5ce06240c05fbac0ecb4950916eaa02

SHA512
e2bffcb60612017ee60329ca4ba4ae22ec2d97352631d7df5506d36af58561e7480dd54eea84ac23816e08e00a739fe9a17733ea31adfc87b50f249cafa3b335

Download Submit
C:\Users\Admin\AppData\Local\Temp\55f0dtxe\55f0dtxe.0.vb

Filesize
78KB

MD5
8aa039128d237420f8808f691ee14ced

SHA1
1e488fb9c2acd4858121c158c772743c5cd71cc9

SHA256
34335c89fb940ab164044cae0a3e298a98fbb31f6c314222b747d80e59fd6a0c

SHA512
c27ebe2b333417087b5e440348fe696cb0c361553e5098972da6e95b9c340ee0d8c52a581bbb1edc10758d6cf41f5a3646291385f6b656c98f42df8c67b94b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\55f0dtxe\55f0dtxe.cmdline

Filesize
336B

MD5
d4c593d04d814b4b7cf2add4654b190d

SHA1
3ffb7549e81b42f52e45c08538f7e43636f3d4e1

SHA256
162e4c2eedf5dfca65f06ca7e530063796bebae2f5b00b3da6e29dad539e85f3

SHA512
b2c8eee3d2a42ca27c852c4d01980850e2ca6c32ca72aa92b69342bbb3a6dc0e6050df00bfa4e0b9c83a360ae762bce6c00ca439390bdccb192c8d49a0483f80

Download Submit
C:\Users\Admin\AppData\Local\Temp\All-In-One.exe

Filesize
1.8MB

MD5
803e31955c84c88f1db9611d0478d002

SHA1
ebbe79e5158ef9ae74f00c9787939757853519b4

SHA256
c3ce4fdece8a11b74f9708cbea6f2cdbf1f5b4be110a5837df8e95f546c065fa

SHA512
a4c719fff58eca74daeba517350ae68ac2087357addb184e76cf37513cdc5d6c3bd6baa13e2375f9dbed1b59d379d944bd59dc1eda5c358efc9b0f8d1cf0cc2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\All-In-One.exe

Filesize
1.0MB

MD5
c99f68e2e879b4f012e29f6aa6cb38d6

SHA1
6159abe4c32ce695a431ca9ec8c09868938df764

SHA256
eb7a924d046c7763dfb8535ca6a25f5271867078c1a05e58146d0e79a0a8bb26

SHA512
0f6aa3a901d5187349db6770204082c2532e3b8d0298914506766adb336562e3ec461677701d8516cccc07af0e57ccf59f48eb6c09e9810d3a0181f55abd788c

Download Submit
C:\Users\Admin\AppData\Local\Temp\All-In-One.exe

Filesize
950KB

MD5
4207cfa52e30b06fb4b98b53f17bdb9e

SHA1
8fa063dbfbdc9cf4dbed91f5da20e8bb5690f40a

SHA256
f58b9ee03b4e025f7a109b3311df6e22862b9a1cf6d528c2321481b2c56208f5

SHA512
1f5ebd928eb4f5b5743029906ce249d8c90b8a622c137e649738a655e92e5b149ac58198e4b7a27dea3463b54a66eafc27f45222ae299498ccdeb89195943552

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-conio-l1-1-0_not.dll

Filesize
18KB

MD5
6ea692f862bdeb446e649e4b2893e36f

SHA1
84fceae03d28ff1907048acee7eae7e45baaf2bd

SHA256
9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2

SHA512
9661c135f50000e0018b3e5c119515cfe977b2f5f88b0f5715e29df10517b196c81694d074398c99a572a971ec843b3676d6a831714ab632645ed25959d5e3e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-convert-l1-1-0.dll

Filesize
21KB

MD5
72e28c902cd947f9a3425b19ac5a64bd

SHA1
9b97f7a43d43cb0f1b87fc75fef7d9eeea11e6f7

SHA256
3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1

SHA512
58ab6fedce2f8ee0970894273886cb20b10d92979b21cda97ae0c41d0676cc0cd90691c58b223bce5f338e0718d1716e6ce59a106901fe9706f85c3acf7855ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
ac290dad7cb4ca2d93516580452eda1c

SHA1
fa949453557d0049d723f9615e4f390010520eda

SHA256
c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382

SHA512
b5e2b9f5a9dd8a482169c7fc05f018ad8fe6ae27cb6540e67679272698bfca24b2ca5a377fa61897f328b3deac10237cafbd73bc965bf9055765923aba9478f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
19KB

MD5
aec2268601470050e62cb8066dd41a59

SHA1
363ed259905442c4e3b89901bfd8a43b96bf25e4

SHA256
7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2

SHA512
0c14d160bfa3ac52c35ff2f2813b85f8212c5f3afbcfe71a60ccc2b9e61e51736f0bf37ca1f9975b28968790ea62ed5924fae4654182f67114bd20d8466c4b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-heap-l1-1-0.dll

Filesize
18KB

MD5
93d3da06bf894f4fa21007bee06b5e7d

SHA1
1e47230a7ebcfaf643087a1929a385e0d554ad15

SHA256
f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d

SHA512
72bd6d46a464de74a8dac4c346c52d068116910587b1c7b97978df888925216958ce77be1ae049c3dccf5bf3fffb21bc41a0ac329622bc9bbc190df63abb25c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
a2f2258c32e3ba9abf9e9e38ef7da8c9

SHA1
116846ca871114b7c54148ab2d968f364da6142f

SHA256
565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33

SHA512
e98cbc8d958e604effa614a3964b3d66b6fc646bdca9aa679ea5e4eb92ec0497b91485a40742f3471f4ff10de83122331699edc56a50f06ae86f21fad70953fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
8b0ba750e7b15300482ce6c961a932f0

SHA1
71a2f5d76d23e48cef8f258eaad63e586cfc0e19

SHA256
bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed

SHA512
fb646cdcdb462a347ed843312418f037f3212b2481f3897a16c22446824149ee96eb4a4b47a903ca27b1f4d7a352605d4930df73092c380e3d4d77ce4e972c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
25KB

MD5
35fc66bd813d0f126883e695664e7b83

SHA1
2fd63c18cc5dc4defc7ea82f421050e668f68548

SHA256
66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735

SHA512
65f8397de5c48d3df8ad79baf46c1d3a0761f727e918ae63612ea37d96adf16cc76d70d454a599f37f9ba9b4e2e38ebc845df4c74fc1e1131720fd0dcb881431

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
41a348f9bedc8681fb30fa78e45edb24

SHA1
66e76c0574a549f293323dd6f863a8a5b54f3f9b

SHA256
c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b

SHA512
8c2cb53ccf9719de87ee65ed2e1947e266ec7e8343246def6429c6df0dc514079f5171acd1aa637276256c607f1063144494b992d4635b01e09ddea6f5eef204

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
23KB

MD5
fefb98394cb9ef4368da798deab00e21

SHA1
316d86926b558c9f3f6133739c1a8477b9e60740

SHA256
b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7

SHA512
57476fe9b546e4cafb1ef4fd1cbd757385ba2d445d1785987afb46298acbe4b05266a0c4325868bc4245c2f41e7e2553585bfb5c70910e687f57dac6a8e911e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-string-l1-1-0.dll

Filesize
22KB

MD5
404604cd100a1e60dfdaf6ecf5ba14c0

SHA1
58469835ab4b916927b3cabf54aee4f380ff6748

SHA256
73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c

SHA512
da024ccb50d4a2a5355b7712ba896df850cee57aa4ada33aad0bae6960bcd1e5e3cee9488371ab6e19a2073508fbb3f0b257382713a31bc0947a4bf1f7a20be4

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
849f2c3ebf1fcba33d16153692d5810f

SHA1
1f8eda52d31512ebfdd546be60990b95c8e28bfb

SHA256
69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d

SHA512
44dc4200a653363c9a1cb2bdd3da5f371f7d1fb644d1ce2ff5fe57d939b35130ac8ae27a3f07b82b3428233f07f974628027b0e6b6f70f7b2a8d259be95222f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
b52a0ca52c9c207874639b62b6082242

SHA1
6fb845d6a82102ff74bd35f42a2844d8c450413b

SHA256
a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0

SHA512
18834d89376d703bd461edf7738eb723ad8d54cb92acc9b6f10cbb55d63db22c2a0f2f3067fe2cc6feb775db397030606608ff791a46bf048016a1333028d0a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\freebl3.dll

Filesize
324KB

MD5
04a2ba08eb17206b7426cb941f39250b

SHA1
731ac2b533724d9f540759d84b3e36910278edba

SHA256
8e5110ce03826f680f30013985be49ebd8fc672de113fc1d9a566eced149b8c4

SHA512
e6e90b4becf472b2e8f716dbb962cd7de61676fcce342c735fccdc01268b5a221139bc9be0e0c9722e9978aefaae79c10bc49c43392aa05dd12244b3147aeffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\mozglue.dll

Filesize
135KB

MD5
591533ca4655646981f759d95f75ae3d

SHA1
b4a02f18e505a1273f7090a9d246bc953a2cb792

SHA256
4434f4223d24fb6e2f5840dd6c1eedef2875e11abe24e4b0e9bc1507f8f6fd47

SHA512
915b124ad595ee78feab8f3c9be7e80155445e58ed4c88b89665df5fb7e0a04e973374a01f97bb67aaa733a8ce2e91a9f92605ec96251906e0fb2750a719b579

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\msvcp140.dll

Filesize
429KB

MD5
109f0f02fd37c84bfc7508d4227d7ed5

SHA1
ef7420141bb15ac334d3964082361a460bfdb975

SHA256
334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4

SHA512
46eb62b65817365c249b48863d894b4669e20fcb3992e747cd5c9fdd57968e1b2cf7418d1c9340a89865eadda362b8db51947eb4427412eb83b35994f932fd39

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\nss3.dll

Filesize
1.2MB

MD5
fc57d044bfd635997415c5f655b5fffa

SHA1
1b5162443d985648ef64e4aab42089ad4c25f856

SHA256
17f8c55eba797bbc80c8c32ca1a3a7588415984386be56f4b4cdefd4176fb4c3

SHA512
f5a944230000730bc0aad10e6607e3389d9d82a0a4ab1b72a19d32e94e8572789d46fb4acd75ad48f17e2bbc27389d432086696f2ccc899850ff9177d6823efb

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\softokn3.dll

Filesize
140KB

MD5
1b304dad157edc24e397629c0b688a3e

SHA1
ae151af384675125dfbdc96147094cff7179b7da

SHA256
8f0c9ac7134773d11d402e49daa90958fe00205e83a7389f7a58da03892d20cb

SHA512
2dc625dbdf2aae4ade600cca688eb5280200e8d7c2dfc359590435afe0926b3a7446cc56a66023ee834366132a68ae68da51a5079e4f107201e2050f5c5512ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\vcruntime140.dll

Filesize
81KB

MD5
7587bf9cb4147022cd5681b015183046

SHA1
f2106306a8f6f0da5afb7fc765cfa0757ad5a628

SHA256
c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d

SHA512
0b63e4979846ceba1b1ed8470432ea6aa18cca66b5f5322d17b14bc0dfa4b2ee09ca300a016e16a01db5123e4e022820698f46d9bad1078bd24675b4b181e91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\nspr4.dll

Filesize
72KB

MD5
72414dfb0b112c664d2c8d1215674e09

SHA1
50a1e61309741e92fe3931d8eb606f8ada582c0a

SHA256
69e73fea2210adc2ae0837ac98b46980a09fe91c07f181a28fda195e2b9e6b71

SHA512
41428624573b4a191b33657ed9ad760b500c5640f3d62b758869a17857edc68f90bc10d7a5e720029519c0d49b5ca0fa8579743e80b200ef331e41efde1dc8c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\nss3.dll

Filesize
172KB

MD5
7ddbd64d87c94fd0b5914688093dd5c2

SHA1
d49d1f79efae8a5f58e6f713e43360117589efeb

SHA256
769703fb1ba6c95fb6c889e8a9baaea309e62d0f3ca444d01cc6b495c0f722d1

SHA512
60eaad58c3c4894f1673723eb28ddb42b681ff7aafe7a29ff8bf87a2da6595c16d1f8449096accdb89bd6cda6454eb90470e71dde7c5bd16abd0f80e115cfa2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\plc4.dll

Filesize
8KB

MD5
c73ec58b42e66443fafc03f3a84dcef9

SHA1
5e91f467fe853da2c437f887162bccc6fd9d9dbe

SHA256
2dc0171b83c406db6ec9389b438828246b282862d2b8bdf2f5b75aec932a69f7

SHA512
6318e831d8f38525e2e49b5a1661440cd8b1f3d2afc6813bb862c21d88d213c4675a8ec2a413b14fbdca896c63b65a7da6ec9595893b352ade8979e7e86a7fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\plds4.dll

Filesize
6KB

MD5
ee44d5d780521816c906568a8798ed2f

SHA1
2da1b06d5de378cbfc7f2614a0f280f59f2b1224

SHA256
50b2735318233d6c87b6efccccc23a0e3216d2870c67f2f193cc1c83c7c879fc

SHA512
634a1cd2baaef29b4fe7c7583c04406bb2ea3a3c93294b31f621652844541e7c549da1a31619f657207327604c261976e15845571ee1efe5416f1b021d361da8

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\softokn3.dll

Filesize
155KB

MD5
e846285b19405b11c8f19c1ed0a57292

SHA1
2c20cf37394be48770cd6d396878a3ca70066fd0

SHA256
251f0094b6b6537df3d3ce7c2663726616f06cfb9b6de90efabd67de2179a477

SHA512
b622ff07ae2f77e886a93987a9a922e80032e9041ed41503f0e38abb8c344eb922d154ade29e52454d0a1ad31596c4085f4bd942e4412af9f0698183acd75db7

Download Submit
C:\Users\Admin\AppData\Local\Temp\License.XenArmor

Filesize
104B

MD5
774a9a7b72f7ed97905076523bdfe603

SHA1
946355308d2224694e0957f4ebf6cdba58327370

SHA256
76e56835b1ac5d7a8409b7333826a2353401cf67f3bd95c733adc6aa8d9fec81

SHA512
c5c77c6827c72901494b3a368593cb9a990451664b082761294a845c0cd9441d37e5e9ac0e82155cb4d97f29507ffc8e26d6ff74009666c3075578aa18b28675

Download Submit
C:\Users\Admin\AppData\Local\Temp\OutPut.json

Filesize
1KB

MD5
f6ce70d5466fe074a3b419543ff95d8b

SHA1
915d6dc9ca2686d63979e77adc43d71c9678e534

SHA256
6a509971a9cc11490946cb7b33864da43cd3af9f25673c130fc3bab5c365ff29

SHA512
93e83de5d0a96cd71dcfb8f9ab3b32ed2afaa388a77ac450dd7fdca11dcf2ff0d59db54107c936859d6df3b6d28630b2e9907e0b546e8b27336b684bcbed84f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES263.tmp

Filesize
1KB

MD5
d0ce067a230ad90ec3ebc13b68eb4aeb

SHA1
6ed5ed1602e9faa6a030839b0ed15bd07fe0e7b0

SHA256
1395294a1d1cefa89bda38737b871a034ff09a7d9d3b41a42bc720aa69717617

SHA512
8371ccc3f98beee399d3f603273acaee54147f3d432b765e610c1645168497d8a1378f10172b61ba68f0ef440488060d0dfb9026f3df5f5bf89d4e7d91a9354c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RFZzY\RFZzY.dll

Filesize
112KB

MD5
2f1a50031dcf5c87d92e8b2491fdcea6

SHA1
71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

SHA256
47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

SHA512
1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\XenManager.dll

Filesize
2.0MB

MD5
27bc446066546dba09a0cddd522c3e00

SHA1
2c2e41331125cfea21a966f1aa8edfcee413d804

SHA256
f5f0c2360894b9a8cbe9ea859190c4cad94395303d9ac6ac49f9a3f7b710f1cf

SHA512
20a2f8ed17d332ad388840b17c90c0016c4ac62ad5d18454b0cb9f3cd39ed9a9605ae2e92ef3ec17d0c66797edbc1e2d51e05f6fb46df711d56905edeb722e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\XenManager.dll

Filesize
667KB

MD5
adb077355fba183ed471ef64f4d45ca8

SHA1
04ceb0dd2db77c266cafe51ddd69c50b18e2948a

SHA256
0c3385b75021487ef3584360fef09d2c8c4d815e7d93629cbdd0fb900e5c9cae

SHA512
19c56bcf734e600d0f160ddae301e339860acf1198c6adadb981c2f99058c8bbe07c21a2fe8b7cb2e4b4f808472eb2f5acf93de34fb7aaca411deb8377e88355

Download Submit
C:\Users\Admin\AppData\Local\Temp\XenManager.dll

Filesize
479KB

MD5
0f1132ab5572c93473f088ab45c7577a

SHA1
fdb9c2cc4ad12041a9fb0c358267788d2d2d5802

SHA256
6eaf322655e0616ba04f49b763d36c4602377571065e99201946713f6f2f6d18

SHA512
8961b30449c0ef960a5021402a0f28c6ba6d9cdcf7bf232fade11ef8b814fffe26e8b3ead2d831126b4943371e3cde863be2cd3364e3fd5cb4adcbca28356205

Download Submit
C:\Users\Admin\AppData\Local\Temp\settings.db

Filesize
20KB

MD5
56b941f65d270f2bf397be196fcf4406

SHA1
244f2e964da92f7ef7f809e5ce0b3191aeab084a

SHA256
00c020ba1cce022364976f164c575993cb3b811c61b5b4e05a8a0c3d1b560c0c

SHA512
52ad8c7ed497a5b8eed565b3abcbf544841f3c8c9ec3ca8f686846a2afd15ac4ac8b16abf1cb14aeca1a2fb31f3086ad17206ec4af28e77bae600dca15e8deab

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbc14B6483273C49ECB5382824F948180.TMP

Filesize
1KB

MD5
d40c58bd46211e4ffcbfbdfac7c2bb69

SHA1
c5cf88224acc284a4e81bd612369f0e39f3ac604

SHA256
01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

SHA512
48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware.7z

Filesize
1.3MB

MD5
2df5a3976750c132ae4f314d7f16d6b0

SHA1
0aee0543450f99ba0f6bf2ad1d78336e2922d521

SHA256
29febf6d756b48b2f5746ba865050e04d21048ef0db40d73bff5a481ad6a1cce

SHA512
0ac50b1093a63bb129d00d40c1d3d7bab67038b7fafdfdcf867a4e801f34ddce81d13f53bd294a2a09d0822b662e0481eecd881b547ba77f24b1532ab532db02

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\GMap.NET.Core.dll

Filesize
2.9MB

MD5
819352ea9e832d24fc4cebb2757a462b

SHA1
aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

SHA256
58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

SHA512
6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\GMap.NET.WindowsForms.dll

Filesize
147KB

MD5
32a8742009ffdfd68b46fe8fd4794386

SHA1
de18190d77ae094b03d357abfa4a465058cd54e3

SHA256
741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

SHA512
22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Guna.UI2.dll

Filesize
141KB

MD5
2daae23de0f1ba90ce9ca1707066bdf0

SHA1
5da2e9e7dc4182e5b3381ef2b048925835487fa1

SHA256
93bf3208b6a26133912b384e4e1be20d72965e5c06b8fd9db004ec0ee26a8b57

SHA512
e87ef18274f0df249725ec0d01f0c66705316dfd4f7d80b61fc4ae82e928df825064a063ebcb08a30632216a4d65f60039cf78eb01a31f4d0755aa81f54a5ed4

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Mono.Cecil.dll

Filesize
350KB

MD5
de69bb29d6a9dfb615a90df3580d63b1

SHA1
74446b4dcc146ce61e5216bf7efac186adf7849b

SHA256
f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

SHA512
6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\MonoMod.Backports.dll

Filesize
68KB

MD5
1074b987e92cb01c9c9dc164a1a81b27

SHA1
e4a523909cf8995d22719ffc7074a1315e42d9aa

SHA256
ca03ccdc469fddf15d6624070dd444aeacb16048ab60eca5f98f111b216e98f5

SHA512
29f6baacd7af078bdabb89706a0d1b74c55d676cb35bdc0922ffad7fa67b0eacbe9ec5e6ec3d1aa818dd5be37deec5d02a075a02ecb83bd00528752a065e7404

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\MonoMod.Core.dll

Filesize
216KB

MD5
b808181453b17f3fc1ab153bf11be197

SHA1
bce86080b7eb76783940d1ff277e2b46f231efe9

SHA256
da00cdfab411f8f535f17258981ec51d1af9b0bfcee3a360cbd0cb6f692dbcdd

SHA512
a2d941c6e69972f99707ade5c5325eb50b0ec4c5abf6a189eb11a46606fed8076be44c839d83cf310b67e66471e0ea3f6597857a8e2c7e2a7ad6de60c314f7d3

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\MonoMod.ILHelpers.dll

Filesize
6KB

MD5
6512e89e0cb92514ef24be43f0bf4500

SHA1
a039c51f89656d9d5c584f063b2b675a9ff44b8e

SHA256
1411e4858412ded195f0e65544a4ec8e8249118b76375050a35c076940826cd0

SHA512
9ffb2ff050cce82dbfbbb0e85ab5f976fcd81086b3d8695502c5221c23d14080f0e494a33e0092b4feb2eda12e2130a2f02df3125733c2f5ec31356e92dea00b

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\MonoMod.Utils.dll

Filesize
319KB

MD5
79f1c4c312fdbb9258c2cdde3772271f

SHA1
a143434883e4ef2c0190407602b030f5c4fdf96f

SHA256
f22a4fa1e8b1b70286ecf07effb15d2184454fa88325ce4c0f31ffadb4bef50a

SHA512
b28ed3c063ae3a15cd52e625a860bbb65f6cd38ccad458657a163cd927c74ebf498fb12f1e578e869bcea00c6cd3f47ede10866e34a48c133c5ac26b902ae5d9

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\NAudio.dll

Filesize
502KB

MD5
3b87d1363a45ce9368e9baec32c69466

SHA1
70a9f4df01d17060ec17df9528fca7026cc42935

SHA256
81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451

SHA512
1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\ActiveWindows.dll

Filesize
14KB

MD5
5387af40ea982dee1bbb2f7e73567a7f

SHA1
3fca1ee729d17b7027e5f5be71d620cd1e2d38c0

SHA256
496066318072fddf12e050d7104e055fb11422411710964c5f5b840910097d47

SHA512
09494b451c31198a8e3b36ef3dacb58f0d738294d09ee1a9446357c27308a17211cad2e79d0d9010dd63d40f598e206acd0080bfe976eae35960e1682d5f7afd

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\All-In-One.dll

Filesize
4.8MB

MD5
3b0f07340712e81b0b14af24e73c0268

SHA1
2b85188945cde10376f22e77b98b091a07f9d26f

SHA256
50d19e520d854b4bd84decd3bb352f149a1529408eb7f01ded86bde5eaec9aed

SHA512
76d91a8d8b94c986d615ac6a12314059f31da2e501bb92d582968f487612ed7080c074a181065a64799979bb3987bd1e3698fbb647dd942a827249159655d2a6

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\Chat.dll

Filesize
18KB

MD5
4b94fc08b95156d4b9475b215cda92b4

SHA1
3f2eda3ab4a3a21e1470aaeb28473c219921250c

SHA256
2f6207e9f6e8fa28a82e5f9e1a384fa762b1344522ec6feb15e20751c91f52e6

SHA512
cd1a58f6b4be9a1ae4c8cb3e088709d74614d9566e20c876a409e501f5af25a09520c7dff0c10116e5f7e1a6deb99ced1bed45ebcba629748e925a51805da7c6

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\Clipboard.dll

Filesize
14KB

MD5
04f98015d20f7d4881b8c8c8a27d0f98

SHA1
9183169b98f73ee697df0d65c3d0d3fd8fcc03d8

SHA256
3851f8b0d7ee5cc44909ca275f19b0dc0c6fbe571de1eb95f912c71a2b3db1a0

SHA512
0ba6567f754f4ee514ce2076e935769e7b1851c823d8bec280b5b3160d07794809676d282616eadc2e622611d0ae325f1a87beba7ddcdde00a4ac88a0329d67a

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\Cmstp-Bypass.dll

Filesize
11KB

MD5
cf15259e22b58a0dfd1156ab71cbd690

SHA1
3614f4e469d28d6e65471099e2d45c8e28a7a49e

SHA256
fa420fd3d1a5a2bb813ef8e6063480099f19091e8fa1b3389004c1ac559e806b

SHA512
7302a424ed62ec20be85282ff545a4ca9e1aecfe20c45630b294c1ae72732465d8298537ee923d9e288ae0c48328e52ad8a1a503e549f8f8737fabe2e6e9ad38

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\FileManager.dll

Filesize
679KB

MD5
a7103c32512241abef49e11aabec554c

SHA1
b2ca76a6f3541a3a27713e5f6b7f70ec6fc7cb60

SHA256
307b0e613e8e7b61c64287790ab42f5c4e7c2d199d783e987c1a6a8eaa8c17f1

SHA512
b8e5de01df5bb25133e8a1d6fa23bc04b6a462ad77ff70f920d119041a322e368ad4a7d5d1d99de518d3ba53133ad000976e2f710159ecdffbb30021e18a0d9d

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\FileSeacher.dll

Filesize
478KB

MD5
a1213775f91e5df436ea77795c34abb7

SHA1
c1d925587b500ea21e3f952ae5558678a5c4ba56

SHA256
d39dc7b128cf80028c6707db1c2a70b9d857b2415779d4f9c8ce6378129b671d

SHA512
377c89c44d13b3912a04fda986594001a6e3b9a9c0e0544e7d81b1f48d9b7f60b6c809a08061c8926005adaa1db2fc7a9f9c916b6e7cc438ee27657de682007c

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\HBrowser.dll

Filesize
25KB

MD5
79f13be3582c42df73033819d093e1f8

SHA1
45c25633bfd0ab3c4f95b7137eb9671b911ea595

SHA256
f38e74a4bee2cf29d710d7c58eb83e548d92604621a8fb076bdc1e79714b9938

SHA512
e6e4331d26f35ac52d3524da0c6cdbb4bb36af54b57c61bce564bfec8663245bc7e5ff192c44a3c731e9ce7b83fdff40f274347a5241f6322833a92df944adb5

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\HRDP.dll

Filesize
1.7MB

MD5
e22910ace59c1207f6b2dd48e3a828c3

SHA1
3e00b75ae8fa1cb6e45eb45403908191a36b7e31

SHA256
41770e6bbc7f32b46237e6d2388ebf62b8f4dac40a19f024cead38f040ba139f

SHA512
dcc966489ad094d97a4689eddb13398445964e48543c832dea138f7eb1c5ec71984f12c6a789225e940f47d138fd9cd886c8e1693c30d92b054e3f7f2a401ad4

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\HVNC.dll

Filesize
59KB

MD5
00185e83cb7d4ae3be2d6c6b6a593c09

SHA1
a5ee25f87e2269968ea36447c4715545908931f9

SHA256
d747520cfbf096033d9dbdb684d84bc349555c4b33850b2e3763d22248595a84

SHA512
be9686be7c8d2ca12aec27cd14ec7c25b9f8b6be69cb70a95a1b19e5ef683e5e57b0a559bb8433df7eb0d009ec4ce77b436c12189a259e73880069fa5fa25bea

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\HVNCMemory.dll

Filesize
40KB

MD5
c6c82e028f324ae74a06b87083c3060a

SHA1
c3f1e9db7c4df64fa0a9c6738d0808eb89909e00

SHA256
604feb4b3d6504984f1b5d26c7fe666b0203139b24142d38d6ca8592a07d165b

SHA512
58705e91e16920c236ae8c0ab1c4d5edf3824cdf8fda4d6b7d55c96b506dc9893eba2864751693304e4dcf5d1e3992958ab1db48b227c94150adb00ade753088

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\HiddenApps.dll

Filesize
45KB

MD5
c5efa70a04a026b9a2fa97b1ea43e840

SHA1
aab2de0ab74c12e04256ff2b113b062dc93179e6

SHA256
f9ef7709f34e944d99ca5bef6af1524d7cf3889894084b7ae61e9202f267a728

SHA512
1348d4ebd3ac5b56eb32820ee14f9aee20a43b7dc3d06dd7fd62c8f227b12a27d0c0376c7d858e78315cd92d17e588bc2e37648c04d146530db706e8b3c4ff1d

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Plugins\Informations.dll

Filesize
22KB

MD5
43f97998b054cb248d3ef542f3d2a35c

SHA1
5910d4bef19e86f2e2bcafac5ef05f35919b90c1

SHA256
79644e42a221cfd23fb739cfff8ac733eae42bff5193be1027776658c7b8af01

SHA512
8a9186897a94e5f5e07f65e8f7f37053e0f8d6f50dd4df1552e043ec69ebf992dc8221a3e1cfafed7a52cdfa1b4f3a00056634387859e4ee9dd9db80e7b9052a

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\RVGLib.dll

Filesize
129KB

MD5
1271d0a58d455b247594dc2166c64edc

SHA1
6f085e23af0107220d9c250b6084343e7d4660f0

SHA256
a253dc53534a6ec9b6daa23ec56c912747750322993b8aa49966ee23b9c87e64

SHA512
98580be198cd601e1df01d22c458b0a2e5eabda08c82912e8b5150aeea9b209910684ca471a080ec1181dc98b403ceb7feeead2e0b454662e91e89ba94f02acf

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\SimpleObfuscator.dll

Filesize
1.4MB

MD5
9043d712208178c33ba8e942834ce457

SHA1
e0fa5c730bf127a33348f5d2a5673260ae3719d1

SHA256
b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

SHA512
dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\Sounds\Intro.wav

Filesize
238KB

MD5
ad3b4fae17bcabc254df49f5e76b87a6

SHA1
1683ff029eebaffdc7a4827827da7bb361c8747e

SHA256
e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

SHA512
3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XClient.exe

Filesize
33KB

MD5
cb108fd7446d67d46babd4ab60ca4135

SHA1
08b9cc68e1b680a2aba8ff5ad1cea14a8f8d5e1c

SHA256
603cd07d2278e47200dfa9bffaa05b478694b00f44d2c594a394af2e6ce3daa8

SHA512
2d9984303bf7e54bd50db95eae626e0e2b04655faaf31180909540e22bf94698987f7b45d4777a4115fb53ee61d2ed313feba0bc1fa2a931f71283943160d183

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWorm V5.2.exe

Filesize
2.1MB

MD5
8ac0f9c09ab1f17c0ad6762050b9e548

SHA1
d91a35ce33e81ecb2b60bb3cc268e886f130e0cb

SHA256
373de9566091ddbec08a0645e04ac1235ab247ad94f7d2ac807dd881aa40d59f

SHA512
02d1b13aff84cd101004c5b08069ab8d2f61c9be110b3bdd009de2cf64e0895d191c5ca6b3959dc242e665b5dbbd9f78c7d4d4700cb556a8846ff373b28f1a1a

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWorm V5.2.exe.Config

Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe

Filesize
109KB

MD5
e6a20535b636d6402164a8e2d871ef6d

SHA1
981cb1fd9361ca58f8985104e00132d1836a8736

SHA256
b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2

SHA512
35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

Download Submit
C:\Users\Admin\Desktop\@DeathDealerSoftware\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe.config

Filesize
187B

MD5
15c8c4ba1aa574c0c00fd45bb9cce1ab

SHA1
0dad65a3d4e9080fa29c42aa485c6102d2fa8bc8

SHA256
f82338e8e9c746b5d95cd2ccc7bf94dd5de2b9b8982fffddf2118e475de50e15

SHA512
52baac63399340427b94bfdeb7a42186d5359ce439c3d775497f347089edfbf72a6637b23bb008ab55b8d4dd3b79a7b2eb7c7ef922ea23d0716d5c3536b359d4

Download Submit
memory/1444-310-0x00007FFE5DE49000-0x00007FFE5DE4A000-memory.dmp

Filesize
4KB

Download
memory/1444-313-0x00007FFE5B6D4000-0x00007FFE5B6D5000-memory.dmp

Filesize
4KB

Download
memory/1444-312-0x0000026637630000-0x0000026637640000-memory.dmp

Filesize
64KB

Download
memory/1444-311-0x00007FFE5B6BD000-0x00007FFE5B6BE000-memory.dmp

Filesize
4KB

Download
memory/1444-303-0x00007FFE5E590000-0x00007FFE5F051000-memory.dmp

Filesize
10.8MB

Download
memory/1444-304-0x0000026637630000-0x0000026637640000-memory.dmp

Filesize
64KB

Download
memory/1444-305-0x000002661D2B0000-0x000002661D2B6000-memory.dmp

Filesize
24KB

Download
memory/1444-306-0x000002661D2C0000-0x000002661D2C6000-memory.dmp

Filesize
24KB

Download
memory/1444-307-0x00007FFE5D537000-0x00007FFE5D538000-memory.dmp

Filesize
4KB

Download
memory/1444-309-0x00007FFE5DE48000-0x00007FFE5DE49000-memory.dmp

Filesize
4KB

Download
memory/1624-324-0x00007FFE5E590000-0x00007FFE5F051000-memory.dmp

Filesize
10.8MB

Download
memory/2720-241-0x000001E280000000-0x000001E280BEC000-memory.dmp

Filesize
11.9MB

Download
memory/2720-227-0x000001E2FDA00000-0x000001E2FDA3C000-memory.dmp

Filesize
240KB

Download
memory/2720-211-0x0000000000AE0000-0x0000000000B00000-memory.dmp

Filesize
128KB

Download
memory/2720-213-0x000001E2FD760000-0x000001E2FD7A2000-memory.dmp

Filesize
264KB

Download
memory/2720-315-0x000001E2FE1C0000-0x000001E2FE1EC000-memory.dmp

Filesize
176KB

Download
memory/2720-215-0x000001E2FD7B0000-0x000001E2FD7D8000-memory.dmp

Filesize
160KB

Download
memory/2720-218-0x00007FFE5E590000-0x00007FFE5F051000-memory.dmp

Filesize
10.8MB

Download
memory/2720-317-0x000001E3002F0000-0x000001E3005D2000-memory.dmp

Filesize
2.9MB

Download
memory/2720-217-0x000001E2FD740000-0x000001E2FD746000-memory.dmp

Filesize
24KB

Download
memory/2720-319-0x000001E2FE280000-0x000001E2FE302000-memory.dmp

Filesize
520KB

Download
memory/2720-321-0x000001E2FFE00000-0x000001E2FFEB2000-memory.dmp

Filesize
712KB

Download
memory/2720-222-0x000001E2FD9A0000-0x000001E2FD9F6000-memory.dmp

Filesize
344KB

Download
memory/2720-223-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-220-0x000001E2FD940000-0x000001E2FD99E000-memory.dmp

Filesize
376KB

Download
memory/2720-288-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-224-0x000001E2E5000000-0x000001E2E5006000-memory.dmp

Filesize
24KB

Download
memory/2720-225-0x000001E2FD720000-0x000001E2FD726000-memory.dmp

Filesize
24KB

Download
memory/2720-228-0x000001E2FD900000-0x000001E2FD91A000-memory.dmp

Filesize
104KB

Download
memory/2720-230-0x000001E2FE820000-0x000001E2FF5FE000-memory.dmp

Filesize
13.9MB

Download
memory/2720-231-0x00007FFE5D537000-0x00007FFE5D538000-memory.dmp

Filesize
4KB

Download
memory/2720-240-0x00007FFE5DE49000-0x00007FFE5DE4A000-memory.dmp

Filesize
4KB

Download
memory/2720-264-0x000001E2FE590000-0x000001E2FE6F8000-memory.dmp

Filesize
1.4MB

Download
memory/2720-261-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-259-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-257-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-256-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-254-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-253-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-252-0x00007FFE5B6CD000-0x00007FFE5B6CE000-memory.dmp

Filesize
4KB

Download
memory/2720-250-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-249-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-248-0x00007FFE5E590000-0x00007FFE5F051000-memory.dmp

Filesize
10.8MB

Download
memory/2720-245-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-247-0x00007FFE5B6D4000-0x00007FFE5B6D5000-memory.dmp

Filesize
4KB

Download
memory/2720-246-0x000001E2E4FF0000-0x000001E2E5000000-memory.dmp

Filesize
64KB

Download
memory/2720-244-0x00007FFE5B6BD000-0x00007FFE5B6BE000-memory.dmp

Filesize
4KB

Download
memory/2720-243-0x000001E2FE390000-0x000001E2FE584000-memory.dmp

Filesize
2.0MB

Download
memory/2720-239-0x00007FFE5DE48000-0x00007FFE5DE49000-memory.dmp

Filesize
4KB

Download
memory/3192-300-0x00007FFE5E590000-0x00007FFE5F051000-memory.dmp

Filesize
10.8MB

Download
memory/3192-283-0x00007FFE5E590000-0x00007FFE5F051000-memory.dmp

Filesize
10.8MB

Download
memory/3192-299-0x000000001B220000-0x000000001B230000-memory.dmp

Filesize
64KB

Download
memory/3192-281-0x00000000006A0000-0x00000000006AE000-memory.dmp

Filesize
56KB

Download
memory/3212-294-0x00007FFE5B6BD000-0x00007FFE5B6BE000-memory.dmp

Filesize
4KB

Download
memory/3212-298-0x00007FFE5E590000-0x00007FFE5F051000-memory.dmp

Filesize
10.8MB

Download
memory/3212-287-0x00000201F3210000-0x00000201F3216000-memory.dmp

Filesize
24KB

Download
memory/3212-289-0x00007FFE5D537000-0x00007FFE5D538000-memory.dmp

Filesize
4KB

Download
memory/3212-292-0x00007FFE5DE48000-0x00007FFE5DE49000-memory.dmp

Filesize
4KB

Download
memory/3212-293-0x00007FFE5DE49000-0x00007FFE5DE4A000-memory.dmp

Filesize
4KB

Download
memory/3212-285-0x00000201F54A0000-0x00000201F54B0000-memory.dmp

Filesize
64KB

Download
memory/3212-295-0x00000201F54A0000-0x00000201F54B0000-memory.dmp

Filesize
64KB

Download
memory/3212-296-0x00007FFE5B6D4000-0x00007FFE5B6D5000-memory.dmp

Filesize
4KB

Download
memory/3212-286-0x00000201F3200000-0x00000201F3206000-memory.dmp

Filesize
24KB

Download
memory/3212-284-0x00007FFE5E590000-0x00007FFE5F051000-memory.dmp

Filesize
10.8MB

Download
memory/3968-206-0x0000020537B80000-0x0000020537B81000-memory.dmp

Filesize
4KB

Download
memory/3968-207-0x0000020537C90000-0x0000020537C91000-memory.dmp

Filesize
4KB

Download
memory/3968-205-0x0000020537B80000-0x0000020537B81000-memory.dmp

Filesize
4KB

Download
memory/3968-203-0x0000020537B50000-0x0000020537B51000-memory.dmp

Filesize
4KB

Download
memory/3968-187-0x000002052F840000-0x000002052F850000-memory.dmp

Filesize
64KB

Download
memory/3968-171-0x000002052F740000-0x000002052F750000-memory.dmp

Filesize
64KB

Download