Overview

overview

10

Static

static

10

XWorm 5.6 Cracked.zip

windows7-x64

1

XWorm 5.6 Cracked.zip

windows10-2004-x64

10

Analysis

  • max time kernel
    273s
  • max time network
    205s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 21:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm 5.6 Cracked.zip

  • Size

    24.2MB

  • MD5

    353c221103efd60bd38f1625a21c80d7

  • SHA1

    414e3eb44d636a628b455a4d8b2997cb06564f14

  • SHA256

    e0be40f12d3b6dfee674688d514287be2dbedbd114ec37356b610e25996ac9a4

  • SHA512

    2d94d46d43afaa43b7515f06455525008601c77cdf5663e3f28220917d2c8b7a9ca0423a521edac56fb51e45dd6264168db101018ed4e83ccc0d46a123cdd7f1

  • SSDEEP

    393216:wyazqFXFeuBc9Q+FpI3zDuG9YCMeg7kjuABAKbybbF6s5eNYJkY29QEH4k:wyVFXDBYQw23fkkjGKOj5eXPQEYk

Score
10/10
agentteslastormkittyxwormdiscoveryevasionkeyloggerratspywarestealertrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

906ejDukAvTzi6Aj

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Contains code to disable Windows Defender 2 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Xworm Payload 3 IoCs
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • AgentTesla payload 2 IoCs
  • Disables Task Manager via registry modification
    evasion
  • Executes dropped EXE 2 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\XWorm 5.6 Cracked.zip"
    1⤵
      PID:4120
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4072
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap24930:92:7zEvent12716
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2112
      • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\[email protected]
        "C:\Users\Admin\Desktop\XWorm 5.6 Cracked\[email protected]"
        1⤵
        • Executes dropped EXE
        • Enumerates system info in registry
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1708
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Toxicvirusmain
          2⤵
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:3028
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac0c146f8,0x7ffac0c14708,0x7ffac0c14718
            3⤵
              PID:1356
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
              3⤵
                PID:1380
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
                3⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4448
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
                3⤵
                  PID:2252
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                  3⤵
                    PID:1144
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
                    3⤵
                      PID:452
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
                      3⤵
                        PID:4864
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
                        3⤵
                          PID:2668
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5108
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                          3⤵
                            PID:3220
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
                            3⤵
                              PID:5024
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                              3⤵
                                PID:60
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13445799831130899273,15549629409799892207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
                                3⤵
                                  PID:4412
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
                                "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\typ1kpx3\typ1kpx3.cmdline"
                                2⤵
                                  PID:3540
                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9A6C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBB91AC2E165E4157A29941E7632DFEE1.TMP"
                                    3⤵
                                      PID:2608
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2080
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3080
                                    • C:\Windows\system32\wbem\WmiApSrv.exe
                                      C:\Windows\system32\wbem\WmiApSrv.exe
                                      1⤵
                                        PID:1980
                                      • C:\Windows\system32\taskmgr.exe
                                        "C:\Windows\system32\taskmgr.exe" /4
                                        1⤵
                                        • Checks SCSI registry key(s)
                                        • Checks processor information in registry
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        PID:5116
                                        • C:\Windows\system32\resmon.exe
                                          "C:\Windows\system32\resmon.exe"
                                          2⤵
                                            PID:3500
                                            • C:\Windows\System32\perfmon.exe
                                              "C:\Windows\System32\perfmon.exe" /res
                                              3⤵
                                              • Checks processor information in registry
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious behavior: GetForegroundWindowSpam
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:2080
                                        • C:\Users\Admin\Desktop\XClient.exe
                                          "C:\Users\Admin\Desktop\XClient.exe"
                                          1⤵
                                          • Executes dropped EXE
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:1508
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpB41A.tmp.bat""
                                            2⤵
                                              PID:3500
                                              • C:\Windows\system32\timeout.exe
                                                timeout 3
                                                3⤵
                                                • Delays execution with timeout.exe
                                                PID:4088

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            ee3b30a1359db628dcaf6b053a049740

                                            SHA1

                                            35bb7a4d99bce5d4ff9e080b6078dd8d9ca9cb1d

                                            SHA256

                                            3d145dcba409bab26909c6090fe80bb55a0c030d226f26bb4e04b1bd495f5212

                                            SHA512

                                            6825eef8c8fc940d1e21c31e8643f969386fc5c5f467b6ae4a6709dd09f35632bfa2b87f3bc828a8dc6d70533dc7fbfcef6772e2b73586286680f4b567d92c7c

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            16d2cc2d8a8347e405d36323b4e6ea99

                                            SHA1

                                            ea695aa245d20b1e1141f4c18ee5e56f810614b4

                                            SHA256

                                            5455c3741232efafea8e3b155a0fecb660800e2e0f19cd2d720281f7cdcbbc23

                                            SHA512

                                            85d9d1319d4b4f8442e2fbd22951d7a2836f6456f18062508a5d22031d829a23a1a4453283f2194312ec444eef57fe09ca393c5c1536efabb7495fd301433343

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            72B

                                            MD5

                                            dfff0a26f95506368b092a6f35c3642f

                                            SHA1

                                            b16346a77283d5fc2e4b44b9060cb8eddba1f78e

                                            SHA256

                                            31ddac52bae3c2848c77490524e18322d99ec44d7a661da9c3f46af94519b763

                                            SHA512

                                            7490a6aeaf36c277c7ded46f76ca75d29f5a59d91a8dfac2ec8cda5781d1a4bff6be30b1bbb6f8e4d8e35ce809c3e2a60004cff4a7e39354305409d3f9207c20

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            442B

                                            MD5

                                            cb1779f9579889335053fe0b9185a9a3

                                            SHA1

                                            2eaf719b36a3d434ca78a7ed7925acf2bbdd712e

                                            SHA256

                                            30fc99f012a338aa6d3cd38f8cb9c33fbe82e579f87ed8c434b6c519bedcf551

                                            SHA512

                                            8fbac3eaf90dbecb5a54549afd61df3f29dc7f88ada6c83dc3be5123a950e9055f3abb19f44dcda2dcab040a72303e6caac1eeeb249a6f1fabbc6eed65edc92b

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            9ba76eb172f72cd582411a6a94dabfc2

                                            SHA1

                                            892b1db09eacc549e93da5eb0b4365a99e8910cf

                                            SHA256

                                            297bb001bd7d8942a5f3d3664ef4ccd212a71c94ca945a67054e1c61454035d4

                                            SHA512

                                            7ca03d5c131e035c9f3143eaf8bb3d5b03b9f46344d5f1ed0ea606a32dd26be53d76abad06ed72602b11b7d7033d9a8b47f0c6388a2a8556e6336f1e2af79113

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            a404151fb2b1d4c1c1dbe81a28d108ad

                                            SHA1

                                            466f8d3e943fd3b5a17242db29a42293bdf5b6ef

                                            SHA256

                                            10cf1b6623caae52421b4bfcadf50161dc14746d68b5e8cce895a5fd3b70033c

                                            SHA512

                                            39f6109f03b0ad727c251cb1e111acc3af15dc93616043e0b7f4cd8a812bbcd8297460c3a9f616fa60d4d6d77d891b2ce67acd5dff55f66d006a793f516d5786

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            0fb637312ed69e87c0281c3dd8a57b2c

                                            SHA1

                                            36358a897bffa00723e2507442bb1a16921b551a

                                            SHA256

                                            3b44a403f9b2ca7a36cf941075266004935e8494c09d5bc1c2381d8a9f2a7966

                                            SHA512

                                            5623cd0b5843e19117337a567b7720057167fa45172fe1a3aec6a840570142b2a1d5338baa37d714db2ea2cde4908cfde52d815d86df09422dfc3d60b95b2ea3

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            6752a1d65b201c13b62ea44016eb221f

                                            SHA1

                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                            SHA256

                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                            SHA512

                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            10KB

                                            MD5

                                            ac6858666550d50e2f6155b786abf29b

                                            SHA1

                                            7a66d69fe3f4e36150312cb68085fcc5b37abc3e

                                            SHA256

                                            ada27ccdfa87f69056d9bf1d8bd3152316953c3358b726dedbbee80c599de667

                                            SHA512

                                            4636d1f8f101da824e1295dae649ed41da97931e08816d84a0a806919023bd6de15e980d943d899f1d6e07ce9969da3cefcdb27a6670ebbb7bd8f27f8e8dd0d4

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            10KB

                                            MD5

                                            f9c5ee0e8bfba8610d5cb8e38a3bc18d

                                            SHA1

                                            b332d9f3cccffedf3952b97005868adb89c9dbf9

                                            SHA256

                                            d3446aa3bd6b63fc875baf7ea6d504d17aaef36465bdb835aa50698e999de63e

                                            SHA512

                                            02d82e8c0445c32a287d195b1b7adfe99e8a09472aa7e7c059f649f38961f806682400dca9412af15591d853733a79b89816fa8c2ee4293c6ccec87f34467fe9

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            10KB

                                            MD5

                                            3d040985a4cf60d489099ddb6d9075bf

                                            SHA1

                                            e50755ab9667434d0a7c4eaf180d592fe67ef5cb

                                            SHA256

                                            ce89a7e0e4b790a38e18d38e9437d48c6d6462c6a3ebafa31fc834d7b1857b02

                                            SHA512

                                            30914f7a89a3dd924377b1af9e8dcce072ed7850835b6a4e96a1be5865228383cab5f019bc3a4077ab63a55abd74e7a9ff4471a5f96284702c1980be7de35f91

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Temp\RES9A6C.tmp
                                            Filesize

                                            1KB

                                            MD5

                                            d317a218bd1cd7d52df550b94be9326b

                                            SHA1

                                            c33bc3a8f585b7c97abf5207b0c7fd8a6302b5ea

                                            SHA256

                                            21163259abc7feb80392c40914edd1e42e0281d47ee48da7329484cdca63989d

                                            SHA512

                                            9a5833a628415617b7249eed4174d953fd7fc253a0e7991eac99663662e3c29eb4af29953bad3b17d7bee634536ccf20136a97d9434c5d44c83cb2ed6e609b53

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Temp\tmpB41A.tmp.bat
                                            Filesize

                                            148B

                                            MD5

                                            de8cb2363285a7db4c0eff025996e01c

                                            SHA1

                                            7294bbd9003088f06c9935ac05099196d72f5abe

                                            SHA256

                                            116cabb47e036e903260a9cc9f87fc6bc79fdc788cae514829cb28f4b4206523

                                            SHA512

                                            49156fd256ae5eea671bbacf93a07ab88d3fdd56814b242b24a5b63d30375883c04856f962de626abfd6c14f833d68cc15dbf2b95411409f1d394ac4577e9aaf

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Temp\typ1kpx3\typ1kpx3.0.vb
                                            Filesize

                                            78KB

                                            MD5

                                            a718552e086093caeb998031fdaff375

                                            SHA1

                                            300d313ad087038e25b6ee83b72fa84243ae8735

                                            SHA256

                                            1602b7d79426ef57769f0420e8514902326305bc15cde3187ca6760248db2ec3

                                            SHA512

                                            b8f76e86af582c587323123aae52cb7b7ba3a9fdf20128c920350a69e1da590466e6daf41b4d9da555fbe6f57098fc949225fe5961b47c64919de9b98d4d8ca3

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Temp\typ1kpx3\typ1kpx3.cmdline
                                            Filesize

                                            290B

                                            MD5

                                            81474a5b5b0089dfb2a1e5e6dd38780f

                                            SHA1

                                            2a4f05a94a9a169237ae69ed2c8ac3ab212167d8

                                            SHA256

                                            8cca77bf1c351fe7ded829b59c3a58ed114dec879955b8fa1496fe75ac2d31e3

                                            SHA512

                                            7c43994f93b0f4e3e3b0ae9ff0d9b77efbbad7f35150797fb92e3691b74724d3f70e4a62350a13e7f9ccce69d30984a2c4d5500ce396675c63dbba26884a711c

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Temp\vbcBB91AC2E165E4157A29941E7632DFEE1.TMP
                                            Filesize

                                            1KB

                                            MD5

                                            d40c58bd46211e4ffcbfbdfac7c2bb69

                                            SHA1

                                            c5cf88224acc284a4e81bd612369f0e39f3ac604

                                            SHA256

                                            01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

                                            SHA512

                                            48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XClient.exe
                                            Filesize

                                            32KB

                                            MD5

                                            bd75b84eff6961bab1228460db0b6092

                                            SHA1

                                            39fd34d895994ec64bdb7ca3d28d9b5fc535ddf9

                                            SHA256

                                            30bf73607b9c411c0fe5e002d9f2eb60057d6ae084f8650d32c5660acdf418a7

                                            SHA512

                                            5d69d7101387cceee42c8a8ec5e82f88eb95d06a5d34f5e4c3d255d6e853b2738a2f78cd08b2ff1f5667d54d4136e7925e6dedfec961387e130eb57e7630f458

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\GMap.NET.Core.dll
                                            Filesize

                                            2.9MB

                                            MD5

                                            819352ea9e832d24fc4cebb2757a462b

                                            SHA1

                                            aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

                                            SHA256

                                            58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

                                            SHA512

                                            6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\GMap.NET.WindowsForms.dll
                                            Filesize

                                            147KB

                                            MD5

                                            32a8742009ffdfd68b46fe8fd4794386

                                            SHA1

                                            de18190d77ae094b03d357abfa4a465058cd54e3

                                            SHA256

                                            741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

                                            SHA512

                                            22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\GeoIP.dat
                                            Filesize

                                            1.2MB

                                            MD5

                                            8ef41798df108ce9bd41382c9721b1c9

                                            SHA1

                                            1e6227635a12039f4d380531b032bf773f0e6de0

                                            SHA256

                                            bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

                                            SHA512

                                            4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Guna.UI2.dll
                                            Filesize

                                            1.9MB

                                            MD5

                                            bcc0fe2b28edd2da651388f84599059b

                                            SHA1

                                            44d7756708aafa08730ca9dbdc01091790940a4f

                                            SHA256

                                            c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

                                            SHA512

                                            3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Icons\icon (15).ico
                                            Filesize

                                            361KB

                                            MD5

                                            e3143e8c70427a56dac73a808cba0c79

                                            SHA1

                                            63556c7ad9e778d5bd9092f834b5cc751e419d16

                                            SHA256

                                            b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

                                            SHA512

                                            74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\NAudio.dll
                                            Filesize

                                            502KB

                                            MD5

                                            3b87d1363a45ce9368e9baec32c69466

                                            SHA1

                                            70a9f4df01d17060ec17df9528fca7026cc42935

                                            SHA256

                                            81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451

                                            SHA512

                                            1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Newtonsoft.Json.dll
                                            Filesize

                                            695KB

                                            MD5

                                            195ffb7167db3219b217c4fd439eedd6

                                            SHA1

                                            1e76e6099570ede620b76ed47cf8d03a936d49f8

                                            SHA256

                                            e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

                                            SHA512

                                            56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\ActiveWindows.dll
                                            Filesize

                                            14KB

                                            MD5

                                            5a766a4991515011983ceddf7714b70b

                                            SHA1

                                            4eb00ae7fe780fa4fe94cedbf6052983f5fd138b

                                            SHA256

                                            567b9861026a0dbc5947e7515dc7ab3f496153f6b3db57c27238129ec207fc52

                                            SHA512

                                            4bd6b24e236387ff58631207ea42cd09293c3664468e72cd887de3b3b912d3795a22a98dcf4548fb339444337722a81f8877abb22177606d765d78e48ec01fd8

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Chat.dll
                                            Filesize

                                            18KB

                                            MD5

                                            59f75c7ffaccf9878a9d39e224a65adf

                                            SHA1

                                            46b0f61a07e85e3b54b728d9d7142ddc73c9d74b

                                            SHA256

                                            aab20f465955d77d6ec3b5c1c5f64402a925fb565dda5c8e38c296cb7406e492

                                            SHA512

                                            80056163b96ce7a8877874eaae559f75217c0a04b3e3d4c1283fe23badfc95fe4d587fd27127db4be459b8a3adf41900135ea12b0eeb4187adbcf796d9505cb8

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Chromium.dll
                                            Filesize

                                            32KB

                                            MD5

                                            edb2f0d0eb08dcd78b3ddf87a847de01

                                            SHA1

                                            cc23d101f917cad3664f8c1fa0788a89e03a669c

                                            SHA256

                                            b6d8bccdf123ceac6b9642ad3500d4e0b3d30b9c9dd2d29499d38c02bd8f9982

                                            SHA512

                                            8f87da834649a21a908c95a9ea8e2d94726bd9f33d4b7786348f6371dfae983cc2b5b5d4f80a17a60ded17d4eb71771ec25a7c82e4f3a90273c46c8ee3b8f2c3

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Clipboard.dll
                                            Filesize

                                            14KB

                                            MD5

                                            831eb0de839fc13de0abab64fe1e06e7

                                            SHA1

                                            53aad63a8b6fc9e35c814c55be9992abc92a1b54

                                            SHA256

                                            e31a1c2b1baa2aa2c36cabe3da17cd767c8fec4c206bd506e889341e5e0fa959

                                            SHA512

                                            2f61bcf972671d96e036b3c99546cd01e067bef15751a87c00ba6d656decb6b69a628415e5363e650b55610cf9f237585ada7ce51523e6efc0e27d7338966bee

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Cmstp-Bypass.dll
                                            Filesize

                                            11KB

                                            MD5

                                            cf15259e22b58a0dfd1156ab71cbd690

                                            SHA1

                                            3614f4e469d28d6e65471099e2d45c8e28a7a49e

                                            SHA256

                                            fa420fd3d1a5a2bb813ef8e6063480099f19091e8fa1b3389004c1ac559e806b

                                            SHA512

                                            7302a424ed62ec20be85282ff545a4ca9e1aecfe20c45630b294c1ae72732465d8298537ee923d9e288ae0c48328e52ad8a1a503e549f8f8737fabe2e6e9ad38

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\FileManager.dll
                                            Filesize

                                            679KB

                                            MD5

                                            641a8b61cb468359b1346a0891d65b59

                                            SHA1

                                            2cdc49bcd7428fe778a94cdcd19cabf5ece8c9c0

                                            SHA256

                                            b58ed3ebbcd27c7f4b173819528ff4db562b90475a5e304521ed5c564d39fffd

                                            SHA512

                                            042702d34664ea6288e891c9f7aa10a5b4b07317f25f82d6c9fa9ba9b98645c14073d0f66637060b416a30c58dec907d9383530320a318523c51f19ebd0a4fee

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\FilesSearcher.dll
                                            Filesize

                                            478KB

                                            MD5

                                            6f8f1621c16ac0976600146d2217e9d2

                                            SHA1

                                            b6aa233b93aae0a17ee8787576bf0fbc05cedde4

                                            SHA256

                                            e66e1273dc59ee9e05ce3e02f1b760b18dd296a47d92b3ce5b24efb48e5fb21b

                                            SHA512

                                            eb55acdea8648c8cdefee892758d9585ff81502fc7037d5814e1bd01fee0431f4dde0a4b04ccb2b0917e1b11588f2dc9f0bfe750117137a01bbd0c508f43ef6a

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\HBrowser.dll
                                            Filesize

                                            25KB

                                            MD5

                                            f0e921f2f850b7ec094036d20ff9be9b

                                            SHA1

                                            3b2d76d06470580858cc572257491e32d4b021c0

                                            SHA256

                                            75e8ff57fa6d95cf4d8405bffebb2b9b1c55a0abba0fe345f55b8f0e88be6f3c

                                            SHA512

                                            16028ae56cd1d78d5cb63c554155ae02804aac3f15c0d91a771b0dcd5c8df710f39481f6545ca6410b7cd9240ec77090f65e3379dcfe09f161a3dff6aec649f3

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\HRDP.dll
                                            Filesize

                                            1.7MB

                                            MD5

                                            f27b6e8cf5afa8771c679b7a79e11a08

                                            SHA1

                                            6c3fcf45e35aaf6b747f29a06108093c284100da

                                            SHA256

                                            4aa18745a5fddf7ec14adaff3ad1b4df1b910f4b6710bf55eb27fb3942bb67de

                                            SHA512

                                            0d84966bbc9290b04d2148082563675ec023906d58f5ba6861c20542271bf11be196d6ab24e48372f339438204bd5c198297da98a19fddb25a3df727b5aafa33

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\HVNC.dll
                                            Filesize

                                            58KB

                                            MD5

                                            30eb33588670191b4e74a0a05eecf191

                                            SHA1

                                            08760620ef080bb75c253ba80e97322c187a6b9f

                                            SHA256

                                            3a287acb1c89692f2c18596dd4405089ac998bb9cf44dd225e5211923d421e96

                                            SHA512

                                            820cca77096ff2eea8e459a848f7127dc46af2e5f42f43b2b7375be6f4778c1b0e34e4aa5a97f7fbabe0b53dcd351d09c231bb9afedf7bcec60d949918a06b97

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\HVNCMemory.dll
                                            Filesize

                                            39KB

                                            MD5

                                            065f0830d1e36f8f44702b0f567082e8

                                            SHA1

                                            724c33558fcc8ecd86ee56335e8f6eb5bfeac0db

                                            SHA256

                                            285b462e3cd4a5b207315ad33ee6965a8b98ca58abb8d16882e4bc2d758ff1a4

                                            SHA512

                                            bac0148e1b78a8fde242697bff1bbe10a18ffab85fdced062de3dc5017cd77f0d54d8096e273523b8a3910fe17fac111724acffa5bec30e4d81b7b3bd312d545

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\HiddenApps.dll
                                            Filesize

                                            45KB

                                            MD5

                                            ba2141a7aefa1a80e2091bf7c2ca72db

                                            SHA1

                                            9047b546ce9c0ea2c36d24a10eb31516a24a047d

                                            SHA256

                                            6a098f5a7f9328b35d73ee232846b13e2d587d47f473cbc9b3f1d74def7086ea

                                            SHA512

                                            91e43620e5717b699e34e658d6af49bba200dcf91ac0c9a0f237ec44666b57117a13bc8674895b7a9cac5a17b2f91cdc3daa5bcc52c43edbabd19bc1ed63038c

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Informations.dll
                                            Filesize

                                            22KB

                                            MD5

                                            67a884eeb9bd025a1ef69c8964b6d86f

                                            SHA1

                                            97e00d3687703b1d7cc0939e45f8232016d009d9

                                            SHA256

                                            cba453460be46cfa705817abbe181f9bf65dca6b6cea1ad31629aa08dbeaf72b

                                            SHA512

                                            52e852021a1639868e61d2bd1e8f14b9c410c16bfca584bf70ae9e71da78829c1cada87d481e55386eec25646f84bb9f3baee3b5009d56bcbb3be4e06ffa0ae7

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Keylogger.dll
                                            Filesize

                                            17KB

                                            MD5

                                            246f7916c4f21e98f22cb86587acb334

                                            SHA1

                                            b898523ed4db6612c79aad49fbd74f71ecdbd461

                                            SHA256

                                            acfe5c3aa2a3bae3437ead42e90044d7eee972ead25c1f7486bea4a23c201d3a

                                            SHA512

                                            1c256ca9b9857e6d393461b55e53175b7b0d88d8f3566fd457f2b3a4f241cb91c9207d54d8b0867ea0abd3577d127835beb13157c3e5df5c2b2b34b3339bd15d

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Maps.dll
                                            Filesize

                                            15KB

                                            MD5

                                            806c3802bfd7a97db07c99a5c2918198

                                            SHA1

                                            088393a9d96f0491e3e1cf6589f612aa5e1df5f8

                                            SHA256

                                            34b532a4d0560e26b0d5b81407befdc2424aacc9ef56e8b13de8ad0f4b3f1ab6

                                            SHA512

                                            ed164822297accd3717b4d8e3927f0c736c060bb7ec5d99d842498b63f74d0400c396575e9fa664ad36ae8d4285cfd91e225423a0c77a612912d66ea9f63356c

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\MessageBox.dll
                                            Filesize

                                            14KB

                                            MD5

                                            7db8b7e15194fa60ffed768b6cf948c2

                                            SHA1

                                            3de1b56cc550411c58cd1ad7ba845f3269559b5c

                                            SHA256

                                            bc09b671894c9a36f4eca45dd6fbf958a967acea9e85b66c38a319387b90dd29

                                            SHA512

                                            e7f5430b0d46f133dc9616f9eeae8fb42f07a8a4a18b927dd7497de29451086629dfc5e63c0b2a60a4603d8421c6570967c5dbde498bb480aef353b3ed8e18a1

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Microphone.dll
                                            Filesize

                                            540KB

                                            MD5

                                            9c3d90ccf5d47f6eef83542bd08d5aeb

                                            SHA1

                                            0c0aa80c3411f98e8db7a165e39484e8dae424c7

                                            SHA256

                                            612898afdf9120cfef5843f9b136c66ecc3e0bb6f3d1527d0599a11988b7783c

                                            SHA512

                                            0786f802fbd24d4ab79651298a5ba042c275d7d01c6ac2c9b3ca1e4ee952de7676ec8abf68d226b72696e9480bd4d4615077163efbcda7cff6a5f717736cbdfe

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Ngrok-Installer.dll
                                            Filesize

                                            400KB

                                            MD5

                                            3e19341a940638536b4a7891d5b2b777

                                            SHA1

                                            ca6f5b28e2e54f3f86fd9f45a792a868c82e35b5

                                            SHA256

                                            b574aabf02a65aa3b6f7bfff0a574873ce96429d3f708a10f87bc1f6518f14aa

                                            SHA512

                                            06639892ea4a27c8840872b0de450ae1a0dac61e1dcb64523973c629580323b723c0e9074ff2ddf9a67a8a6d45473432ffc4a1736c0ddc74e054ae13b774f3e2

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Options.dll
                                            Filesize

                                            30KB

                                            MD5

                                            97193fc4c016c228ae0535772a01051d

                                            SHA1

                                            f2f6d56d468329b1e9a91a3503376e4a6a4d5541

                                            SHA256

                                            5c34aee5196e0f8615b8d1d9017dd710ea28d2b7ac99295d46046d12eea58d78

                                            SHA512

                                            9f6d7da779e8c9d7307f716d4a4453982bb7f090c35947850f13ec3c9472f058fc11e1120a9641326970b9846d3c691e0c2afd430c12e5e8f30abadb5dcf5ed2

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Pastime.dll
                                            Filesize

                                            17KB

                                            MD5

                                            6430ab4458a703fb97be77d6bea74f5b

                                            SHA1

                                            59786b619243d4e00d82b0a3b7e9deb6c71b283c

                                            SHA256

                                            a46787527ac34cd71d96226ddfc0a06370b61e4ad0267105be2aec8d82e984c1

                                            SHA512

                                            7b6cf7a613671826330e7f8daddc4c7c37b4d191cf4938c1f5b0fb7b467b28a23fb56e412dc82192595cfa9d5b552668ef0aaa938c8ae166029a610b246d3ecc

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Performance.dll
                                            Filesize

                                            16KB

                                            MD5

                                            1841c479da7efd24521579053efcf440

                                            SHA1

                                            0aacfd06c7223b988584a381cb10d6c3f462fc6a

                                            SHA256

                                            043b6a0284468934582819996dbaa70b863ab4caa4f968c81c39a33b2ac81735

                                            SHA512

                                            3005e45728162cc04914e40a3b87a1c6fc7ffde5988d9ff382d388e9de4862899b3390567c6b7d54f0ec02283bf64bcd5529319ca32295c109a7420848fa3487

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\ProcessManager.dll
                                            Filesize

                                            19KB

                                            MD5

                                            3d4ec14005a25a4cb05b1aa679cf22bf

                                            SHA1

                                            6f4a827d94ad020bc23fbd04b7d8ca2995267094

                                            SHA256

                                            7cf1921a5f8429b2b9e8197de195cfae2353fe0d8cb98e563bdf1e782fe2ee4e

                                            SHA512

                                            0ee72d345d5431c7a6ffc71cf5e37938b93fd346e5a4746f5967f1aa2b69c34ca4ba0d0abd867778d8ca60b56f01e2d7fc5e7cf7c5a39a92015d4df2d68e382e

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Programs.dll
                                            Filesize

                                            13KB

                                            MD5

                                            a6734a047b0b57055807a4f33a80d4dd

                                            SHA1

                                            0b3a78b2362b0fd3817770fdc6dd070e3305615c

                                            SHA256

                                            953a8276faa4a18685d09cd9187ed3e409e3cccd7daf34b6097f1eb8d96125a4

                                            SHA512

                                            7292eab25f0e340e78063f32961eff16bb51895ad46cfd09933c0c30e3315129945d111a877a191fc261ad690ad6b02e1f2cabc4ff2fdac962ee272b41dd6dfa

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Ransomware.dll
                                            Filesize

                                            20KB

                                            MD5

                                            ccc9ea43ead4aa754b91e2039fe0ac1c

                                            SHA1

                                            f382635559045ac1aeb1368d74e6b5c6e98e6a48

                                            SHA256

                                            14c2bbccdabb8408395d636b44b99de4b16db2e6bf35181cb71e7be516d83ad9

                                            SHA512

                                            5d05254ba5cd7b1967a84d5b0e6fd23c54766474fb8660a001bf3d21a3f5c8c20fcdb830fb8659a90da96655e6ee818ceefb6afa610cc853b7fba84bb9db4413

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Recovery.dll
                                            Filesize

                                            1.1MB

                                            MD5

                                            776193701a2ed869b5f1b6e71970a0ac

                                            SHA1

                                            2f973458531aaa283cdc835af4e24f5f709cbad1

                                            SHA256

                                            66dbe3b90371fe58caa957e83c1c1f0acce941a36cf140a0f07e64403dd13303

                                            SHA512

                                            a41f981c861e8d40487a9cd0863f9055165427e10580548e972a47ef47cf3e777aab2df70dc6f464cc3077860e86eda7462e9754f9047a1ecc0ed9721663aeb9

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\Regedit.dll
                                            Filesize

                                            15KB

                                            MD5

                                            53a2cfe273c311b64cf5eaca62f8c2fd

                                            SHA1

                                            4ec95ec4777a0c5b4acde57a3490e1c139a8f648

                                            SHA256

                                            2f73dc0f3074848575c0408e02079fd32b7497f8816222ae3ce8c63725a62fe6

                                            SHA512

                                            992b37d92157ae70a106a9835de46a4ac156341208cfe7fb0477dc5fc3bc9ddae71b35e2336fc5c181630bac165267b7229f97be436912dfd9526a020d012948

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\Plugins\RemoteDesktop.dll
                                            Filesize

                                            18KB

                                            MD5

                                            e6367d31cf5d16b1439b86ae6b7b31c3

                                            SHA1

                                            f52f1e73614f2cec66dab6af862bdcb5d4d9cf35

                                            SHA256

                                            cc52384910cee944ddbcc575a8e0177bfa6b16e3032438b207797164d5c94b34

                                            SHA512

                                            8bc78a9b62f4226be146144684dc7fcd085bcf4d3d0558cb662aacc143d1438b7454e8ac70ca83ebeedc2a0fcea38ad8e77a5d926a85254b5a7d420a5605538a

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\SimpleObfuscator.dll
                                            Filesize

                                            1.4MB

                                            MD5

                                            9043d712208178c33ba8e942834ce457

                                            SHA1

                                            e0fa5c730bf127a33348f5d2a5673260ae3719d1

                                            SHA256

                                            b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

                                            SHA512

                                            dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

                                            Download Submit

                                          • C:\Users\Admin\Desktop\XWorm 5.6 Cracked\[email protected]
                                            Filesize

                                            14.6MB

                                            MD5

                                            fc56e4f2fb861658d0834fd2c0d07961

                                            SHA1

                                            5a59412e91fd9f57b34995918c5f4e67d4255173

                                            SHA256

                                            cec4cfcbc261a013a5883f73c16a5f53ed552487de58642b96b129ef6a1da421

                                            SHA512

                                            6be5f93b1e288c5c2b7ab4f12592031e82567ea79609d9017c53573019bca1b66c53b5729ab36a29024db2daa97e8420bc3de43b0a68717ea0e7ba7e7856cb6b

                                            Download Submit

                                          • memory/1508-463-0x00000000004B0000-0x00000000004BE000-memory.dmp

                                            Filesize

                                            56KB

                                            Download

                                          • memory/1508-500-0x00000000025B0000-0x00000000025BC000-memory.dmp

                                            Filesize

                                            48KB

                                            Download

                                          • memory/1508-501-0x0000000002540000-0x000000000254E000-memory.dmp

                                            Filesize

                                            56KB

                                            Download

                                          • memory/1708-242-0x0000020AF49D0000-0x0000020AF4BC4000-memory.dmp

                                            Filesize

                                            2.0MB

                                            Download

                                          • memory/1708-468-0x0000020AF7C20000-0x0000020AF7C4C000-memory.dmp

                                            Filesize

                                            176KB

                                            Download

                                          • memory/1708-470-0x0000020AFE8A0000-0x0000020AFEB82000-memory.dmp

                                            Filesize

                                            2.9MB

                                            Download

                                          • memory/1708-466-0x0000020AF7C80000-0x0000020AF7D02000-memory.dmp

                                            Filesize

                                            520KB

                                            Download

                                          • memory/1708-446-0x0000020AFE470000-0x0000020AFE5D8000-memory.dmp

                                            Filesize

                                            1.4MB

                                            Download

                                          • memory/1708-240-0x0000020AD8C80000-0x0000020AD9B1E000-memory.dmp

                                            Filesize

                                            14.6MB

                                            Download

                                          • memory/1708-472-0x0000020AF7DD0000-0x0000020AF7E82000-memory.dmp

                                            Filesize

                                            712KB

                                            Download

                                          • memory/5116-439-0x0000024761240000-0x0000024761241000-memory.dmp

                                            Filesize

                                            4KB

                                            Download

                                          • memory/5116-441-0x0000024761240000-0x0000024761241000-memory.dmp

                                            Filesize

                                            4KB

                                            Download

                                          • memory/5116-442-0x0000024761240000-0x0000024761241000-memory.dmp

                                            Filesize

                                            4KB

                                            Download

                                          • memory/5116-436-0x0000024761240000-0x0000024761241000-memory.dmp

                                            Filesize

                                            4KB

                                            Download

                                          • memory/5116-430-0x0000024761240000-0x0000024761241000-memory.dmp

                                            Filesize

                                            4KB

                                            Download

                                          • memory/5116-431-0x0000024761240000-0x0000024761241000-memory.dmp

                                            Filesize

                                            4KB

                                            Download

                                          • memory/5116-432-0x0000024761240000-0x0000024761241000-memory.dmp

                                            Filesize

                                            4KB

                                            Download

                                          • memory/5116-440-0x0000024761240000-0x0000024761241000-memory.dmp

                                            Filesize

                                            4KB

                                            Download

                                          • memory/5116-438-0x0000024761240000-0x0000024761241000-memory.dmp

                                            Filesize

                                            4KB

                                            Download

                                          • memory/5116-437-0x0000024761240000-0x0000024761241000-memory.dmp

                                            Filesize

                                            4KB

                                            Download