Analysis Overview
SHA256
9b56ee6ee5bb27b038df82d0ef4f03246e0449515f3b6cfb47155ca5d80d0a5a
Threat Level: Known bad
The file Xworm-V6.1 (2).rar was found to be: Known bad.
Malicious Activity Summary
Xworm family
AgentTesla
StormKitty payload
Detect Xworm Payload
Stormkitty family
Xworm
Contains code to disable Windows Defender
AgentTesla payload
Agenttesla family
AgentTesla payload
Checks computer location settings
Uses the VBS compiler for execution
Executes dropped EXE
Looks up external IP address via web service
Drops file in Windows directory
Detected phishing page
Enumerates physical storage devices
Unsigned PE
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Office document contains embedded OLE objects
Suspicious use of WriteProcessMemory
Modifies registry class
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-11 05:40
Signatures
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Agenttesla family
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Office document contains embedded OLE objects
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-11 05:40
Reported
2024-08-11 05:47
Platform
win10-20240404-en
Max time kernel
400s
Max time network
390s
Command Line
Signatures
AgentTesla
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe | N/A |
Executes dropped EXE
Uses the VBS compiler for execution
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | wtfismyip.com | N/A | N/A |
| N/A | wtfismyip.com | N/A | N/A |
| N/A | wtfismyip.com | N/A | N/A |
Detected phishing page
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = dde762dfb1ebda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a654bcedb1ebda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b96074e8b1ebda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 6000310000000000af58758e100058776f726d2d56362e310000460009000400efbe0b593d2d0b593d2d2e0000009ba601000000060000000000000000000000000000007bb76f00580077006f0072006d002d00560036002e00310000001a000000 | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 6a003100000000000b593d2d100058574f524d2d7e312e31283200004e0009000400efbe0b593d2d0b593d2d2e000000b1060000000007000000000000000000000000000000eda91d01580077006f0072006d002d00560036002e003100200028003200290000001c000000 | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\MRUListEx = ffffffff | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 88eeeed9b1ebda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c7bdf6d2b1ebda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4c312bd3b1ebda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.0.699374710\1363141364" -parentBuildID 20221007134813 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97a7e979-e7cf-4650-977a-8b04858a6030} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 1812 175fa1f0258 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.1.1881037696\712297192" -parentBuildID 20221007134813 -prefsHandle 2176 -prefMapHandle 2172 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cbd51e3-f157-4395-88a3-f4252e6a4b14} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 2188 175e7d71958 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.2.915475758\2010983428" -childID 1 -isForBrowser -prefsHandle 2740 -prefMapHandle 2808 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0566771b-16e6-43dc-9238-9829af13c6e8} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 2756 175fe3d5b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.3.2126506727\1469312275" -childID 2 -isForBrowser -prefsHandle 3128 -prefMapHandle 3092 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44dd4525-86eb-4aa2-a09a-e4ac6d14d36c} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 3480 175e7d61358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.4.828385453\1700972337" -childID 3 -isForBrowser -prefsHandle 4876 -prefMapHandle 4912 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cec452dd-fc59-40d7-8bdb-e7111f632e75} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 5016 175fe374058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.5.28587344\30751066" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 4836 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35dc99c5-6ed2-4a85-9dbc-a1bb9b36434c} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 5060 175fe375b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.6.230686515\1812163949" -childID 5 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efd08986-0015-4c9f-85c6-6866b4f9cbf6} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 5268 176007aa858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Xworm-V6.1 (2).rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Xworm-V6.1 (2).rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.0.358599101\1586824614" -parentBuildID 20221007134813 -prefsHandle 1604 -prefMapHandle 1596 -prefsLen 20871 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {029356b8-29de-4c64-aebb-947b229fe79c} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 1684 1e7fc7fa758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.1.224146316\766108488" -parentBuildID 20221007134813 -prefsHandle 1972 -prefMapHandle 1968 -prefsLen 20916 -prefMapSize 233536 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20f19680-b1e4-4b73-b364-5bd8ea4f992e} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2000 1e7ea5e4158 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.2.1180647356\1310620826" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2688 -prefsLen 22157 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0677b6fb-84bd-46a3-9954-56c8741e1f2d} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2984 1e7820a1d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.3.1447564505\872638837" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26555 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb24d9e4-a33f-4b21-9757-699db5f9f67a} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 3496 1e7832c6558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.4.1359183490\74585623" -childID 3 -isForBrowser -prefsHandle 4776 -prefMapHandle 4256 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d42e5f0-19fd-4aea-ae49-e4252f2f9684} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 4780 1e784bae558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.5.565240439\1126957423" -childID 4 -isForBrowser -prefsHandle 4920 -prefMapHandle 4924 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aeb40698-e1b6-40e1-a68e-003c8d70bc30} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 4912 1e785aae258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.6.1602806857\1610602431" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f93c1dd7-72ff-46c6-a3e4-81ff008d0967} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 5104 1e785aae858 tab
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Xworm-V6.1 (2)\" -ad -an -ai#7zMap10601:90:7zEvent18538
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe
"C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c4
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2fcghgdq\2fcghgdq.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7805.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc96FF779DB2CB4CFD9C4D37BB4AA055DD.TMP"
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe
"C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe"
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe
"C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe"
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe
"C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.110.239.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49757 | tcp | |
| N/A | 127.0.0.1:49763 | tcp | |
| N/A | 127.0.0.1:49960 | tcp | |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49972 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | fbi.bet | udp |
| US | 185.199.109.153:443 | fbi.bet | tcp |
| US | 185.199.109.153:443 | fbi.bet | tcp |
| US | 8.8.8.8:53 | 153.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fonts.cdnfonts.com | udp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | tcp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 124.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 185.199.109.153:443 | fbi.bet | tcp |
| US | 185.199.109.153:443 | fbi.bet | tcp |
| US | 8.8.8.8:53 | wtfismyip.com | udp |
| FI | 65.108.75.112:443 | wtfismyip.com | tcp |
| FI | 65.108.75.112:443 | wtfismyip.com | tcp |
| US | 8.8.8.8:53 | 112.75.108.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | we-are-jammin.xyz | udp |
| US | 104.21.30.128:443 | we-are-jammin.xyz | tcp |
| US | 104.21.30.128:443 | we-are-jammin.xyz | tcp |
| US | 8.8.8.8:53 | 128.30.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 23.200.147.72:443 | assets.msn.com | tcp |
| GB | 23.200.147.72:443 | assets.msn.com | tcp |
| GB | 23.200.147.72:443 | assets.msn.com | tcp |
| GB | 23.200.147.72:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 72.147.200.23.in-addr.arpa | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| GB | 51.104.15.252:443 | browser.events.data.msn.com | tcp |
| GB | 51.104.15.252:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0bb226be-e3c3-4cd1-a00e-7a849dfbb57e
| MD5 | 31fa0f8c262b9bc278352cde064bab6b |
| SHA1 | 2d344832a2f2cf9e3ebae250c464ebf8224830df |
| SHA256 | 138dc3f67d57c6933a5a663ba73dbe06cf0437e336897c1b874f85426ebd5218 |
| SHA512 | f6073ead9d1c7166ed585f85805fe2790761c868fd5f13ff9e48885c6a6c069aaca80a0e2a2a0d244fc2fe99ad8b8d280a96be0fa54afef9446af1dde5a1c81d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\e0d7e624-1bc9-44e9-beb5-d40c1b6f4ccc
| MD5 | 5e813422995c67bbb715c65f80b11309 |
| SHA1 | 5a4a6d10ed4f931888a4c10ed8acd150db6677ba |
| SHA256 | a96adcf758fd3eeea88f3cc8e5532c41e278b4b1cf183c32b510575584574fd7 |
| SHA512 | 556867c1a88d185a008869b7d8cf505f759e3b629defba98fdd14902b286b2272b5fc3903979ce4ccbbdd13dffe7f9c390e29cbf3644a7dce0bb71e3176393e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | c4ae33d4bece39bf306664de990d3703 |
| SHA1 | 9520317afaf22d1953c2ba324f2db0d3d658a0ca |
| SHA256 | 1acdb7950d996b7c209284c47aaaf87afa5002f1cda13d2d89be3d8c83d030b1 |
| SHA512 | fa79bf08a7eeb6e3a8677e64d97e2fad12340fe580db11aefdeb49b670354fc1d8cfc5d7036f9f7b6acb236976867b72e05ddb49fc0f08db16965e81425142d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 5227db9712d17ce11a5369309ce710b4 |
| SHA1 | 6a9153997dc82f44622967a8ed1af1c2f3de8440 |
| SHA256 | 4fd2777a43aa5b3e369dbd1ce74d5f8bb95e4050328589f47665bccd6054ae11 |
| SHA512 | 7b79a79eaa7c6617356a535c1031cba7c8051a6c4ee209f82490d4b52bedc49b82067fffd05467343228bb182538d639f2acc6390eb3b8c004953a4c011c87bd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 61f27113a01497654397c913084f63ed |
| SHA1 | 55a34e8393a4e09365334deb7840c36e49f46259 |
| SHA256 | 79cfa357bb886f696f97e3a8204b7e1dd81ef6adaba2ef702f0253d0d7e99df2 |
| SHA512 | 85a04fd09d561daf65916bc5e735cbf164da5cdfaf9afa08aaa52d2253d2797ed53350c09983afb50fe7ee34bdc0d6ee8d365966c3930cfbc7c7cd630f447e20 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 81139010103892440a6eef00e6ac75d0 |
| SHA1 | 026493d3edc6948b337c5a9d71361b45c6ade981 |
| SHA256 | 7996513e59b1cd087dce813298810d3329ce7b4505e4148dd6b520134c25c769 |
| SHA512 | 2b28a591dbc3475ce931aa955f98584abfec32ddbedcb3648f2887aa814fd500b43c5fede067be36b6bf6b289f71f7dbedd90c2b43bd810d4e517eded823e742 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
| MD5 | 7c7ef9154a8ea65944c4cebc3dab32f8 |
| SHA1 | ac33f20b94adfde8070de40fcd8e4e55edb418f7 |
| SHA256 | 77d0bc54e5c597cd0a19f200590d99384199dfd83b6c6341d7145a290546fd87 |
| SHA512 | e3a3937c84e29957296157bd22a2e172f322aa1187482b816a8b4ad1d7161c9f5b8659698cf5797827c88549f4e41cf8bf3fbf2da9b8207bcfe706defb4ed0db |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 3cb6d4c98623564a0ecb1f7674a447da |
| SHA1 | cd250957a78b88d18d49c38db9396414b8e191d9 |
| SHA256 | 4ca045c47ac6a1612f1c5b35f8d15f87703b91eadbe53dae0d5c1ceb1a5fba06 |
| SHA512 | eebe87b751454c07f683c79bc947511e6388409410c8a89c88342dd11bffcbafef274930df8fde167f44f7cad75e952aba351c8a52920af90e029d6b3f8be4f5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache-child.bin
| MD5 | 44943d04ff14a340764d9509ea0c14ed |
| SHA1 | 7c675c58ef7e0cae211d5b358eecb54b0a69e5ad |
| SHA256 | 623b61bf26625bd4ef954af12a2abd4346cb445c1d0575c3c07372d3dea0c79b |
| SHA512 | 1f057516218161aa9585856801c9ef17abed36c4c3259c34878166c0e32851afaf4434a47e1a55949b4c2333e41f2a2d83e7c9df4745df6cadae9a5a32906377 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache.bin
| MD5 | b4b641f3fc224f72e30684f1706b4296 |
| SHA1 | 696301bd46086dac38038f78dce37e95705a6156 |
| SHA256 | f05eb165a35e70b985361d4ae3e4f03e51364bb9434408b70e9f7f2379d19380 |
| SHA512 | 57c84dd39794ae1217cce93f6c0bbfbdf0a307551770e67d5a8173f40b922c211358e9012b373296d1f61723caf857c03e24cd109b931c018688601b723c8850 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json
| MD5 | 58e240288763218d12bf235d34e5aee2 |
| SHA1 | 89135494b57f590011c09668dec3b90d2c5ee9ae |
| SHA256 | 615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176 |
| SHA512 | caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin
| MD5 | 9d7c843fc418b4a2e329494e63567df0 |
| SHA1 | 9e19150cedb827e8ab9f884d774b3e2d1a0be85c |
| SHA256 | 0d92c4402c14b8c80efee2ff7dbc4f938d61c3b36dde976b68458d57fd2ae8cb |
| SHA512 | 8a65a94314effbd048cd8e9310b366eaf94208a5d95566619d98fba2b7c4ab5b6ddd72321ae13d9999f82ff438cc6902eb72adce1210c6877a1445fe678ddf67 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 72ba299b2333ae39fe4d074a541ce263 |
| SHA1 | fa02a39b9d5e90abd7e0f1004a37dfe249151cec |
| SHA256 | 8014902170c42c713d403b841d60f6d438f7187845581e160d9e47c10e52bb92 |
| SHA512 | ac2a66c86b373669d8a826bec1d0db897a1d3f4674903bc0cb74b581c028a1bec5b458ec0841b36c5e96274024cd057f436d44feb2a0d63b2330a78229e7c791 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 7f868e557b098795d645df9ea302427f |
| SHA1 | 001f3306144559b4049a8ab139b4139f51e59c0e |
| SHA256 | b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5 |
| SHA512 | 56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json
| MD5 | 6b77a9f779399e95d1cee931a2c8f8ff |
| SHA1 | 826efd4feb0d50fcce5696111af7c811b81adcd9 |
| SHA256 | 3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3 |
| SHA512 | ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 12650282c356d817de53601eda2dba90 |
| SHA1 | 84b5c98b48b57fec9cb62a02032a0632d9833737 |
| SHA256 | 9629936f108e43316e94fd9d3db254617b470fe906fcb035b7fb65128f51e1ad |
| SHA512 | fca51e297e7ec5388f683a8f198c1199693cd0fe1f4cf0a5c39d1b6bda79de2672065cb4bcbc5b97af1cca2c960ac91d18bffa5e71cf81ceb8ec36006f4ddd55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt
| MD5 | e5e6a9fffdf9c2cc7927d267f1d1d122 |
| SHA1 | 6b33a1ebd0ff1c9ad858204067b5e0434e805647 |
| SHA256 | 584aa150b3aa8472fa852411f5abc7b36c31121e1da89394233324f8183251c8 |
| SHA512 | a8c4deb50a00a2ec4ac2889ffe0d243bd0f70dd75d23e4f91cb67424569377838f715370d4e4592302af7592d1b7fd88fe1fa092af68398abf3bd14bd837b612 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite
| MD5 | ca0e5583ff83524b577a629c5aee8a3d |
| SHA1 | 4acdc025d0622e9dcdb6880880d31e2df31aa963 |
| SHA256 | 971a45cc22cd4055ada97ebe5ce533a0eaea95745ec88e9bae4bb18320d975cf |
| SHA512 | 0128ceb07fa09c0bf5b08e31056ff384ba6d3a6272eab752b55e9f4c87193f8ecb3c66f9ce6c400e3f617a008ada347ef494cbddb1778d11d45037e48030b83e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 8e2751e18cf9bb2f2f3a33a5b198a624 |
| SHA1 | 24fb59882387afc88aaad2c152acd94c428b5600 |
| SHA256 | 91c38db5b443c80e130fc182d795c5faa27562ccb6492843e34561baa487ae5a |
| SHA512 | 041fce1d1daaa01931508181c04fb868a2542d70577788463f19666f5ff1c8f4afd82622d77b7c1d91e018a4a6aba327b48025629d7490a1714fd8e46c5b952b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\287f1fdd-00ea-403b-815b-53c4638d3606
| MD5 | 81b23d799a79555eea7144ade28f285a |
| SHA1 | 45dbe089e4064f613aaa0e9a1df0b1a0f8ab2c55 |
| SHA256 | 236629869c96adfcc0a2a249d5c134adefba9f168bce950c19af472ec79c2df8 |
| SHA512 | d74ace31b4083365457e00055cd7e12514a41ec30369ae1a39a7c31833d4b079cac373a2355c72a54e91be1e8eaf1a87cc8318853114936586163686592e0502 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | f43579aebb72d45c6fc30ce5ac27f24a |
| SHA1 | 3e79f9ac52bde7030190af4f02c4dcb25b7b8ec0 |
| SHA256 | 87875cdd9a6e2e9171f3db8d2f9a52a937f0210765e1be397aceeab624557057 |
| SHA512 | f98dc330100b48a343463cd76ce319137571ffbc35126307a592ab4cd025de9cbff147f86b0de5dfd5d7e506e08218330421a70af6798b6bf09c36a89e006a1d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\protections.sqlite
| MD5 | 49397db0486dc59d607907a086f40c9b |
| SHA1 | 08742ce9db9569062def08e99eea8470702feb7d |
| SHA256 | 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4 |
| SHA512 | fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 16f91e4bd2a4c3c8ec9249269cc7d90b |
| SHA1 | 07aa4730451dfe76cc777291105cfdf62042b990 |
| SHA256 | 96fa54435aaf60d8fc5d637561c4089bd943ee1863e27c83cd39d5923b2bbcb3 |
| SHA512 | ed69527e68e6262ec379ad53170e3f39df799a2e4761ead96a46369cdf3a4b2d2c56955e658ce323599443c6422657f40723785fc2ad98adbdd203c15e317d05 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt
| MD5 | fb0ae75093f711af75059a8eb4da58f7 |
| SHA1 | 77352e94fd0ab60aeb09bcb7519ef7cc70caee31 |
| SHA256 | a728a9b2c44ef924332d2263efbf66ea596fea99b56b55411d49b0b73e8541c7 |
| SHA512 | b7d20e9c0ff8ca5b4d338d40fadc074906edf2efb5dfa6e1f3b773bc89a1950659df5d8359c4710ff420b9ee6e86c658789407e4db9bdb5655f3d377ec7cc77c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cert9.db
| MD5 | 1d5e9d0a0db83e75f2da87b16d21e1b4 |
| SHA1 | 15db2c37dcf345ce393986f8b20cc86ec0f8513f |
| SHA256 | ae53f059740368de986ccc5bb6369ee35ee2fe72775821bdcf6f8b925a079266 |
| SHA512 | aadf0126501a0f64f7cb1d2e6d42708fe6f85fb15aab7687126b4884e1cf03f25977c2a5590566e1392b361c062d7659fdab42f801a3075c55836c751da05dfa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 2f26059a363e068e21117f70413b91ea |
| SHA1 | 6ebfee1e2b0b6282b46a1daf93bc5296c61591c6 |
| SHA256 | f58f393924b6ea7228546dee45e6c2d79c8d0463d02d7da8c849dcc2c88315b8 |
| SHA512 | f13fd190f223d11c444952f6ed6df19361c63daa12836441d14959b1537c03f531903519217edd73096aa41340380fb3ad9de432c2289b3be50d1f0a04f157d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
| MD5 | b8c948b47de0d0304c9c0936bc3b732f |
| SHA1 | 1d64870c84af550ed682fef8affb076dd0dfd302 |
| SHA256 | 83f3bcb77e30bdaf1edd0393dd76c9a50468b73fa77b5dc1106e9a9edae99823 |
| SHA512 | ff4057d8ca4e2fa170586fc2db7190dc29dd9ed2421c80db568253e42409258ea8d398309f1bf25f8b15d47c963486bc15891f3e98cd58c1cf4e57279318e004 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ea44b853f4a69df3c001d707973b3aed |
| SHA1 | f90d6af3a024e4ac9aa1f25f3fba91c07c7377a2 |
| SHA256 | 803e7b10c4ecd738ecba681ba7a21b3d6a2c8a2afbfae7a6a04f371207379b3b |
| SHA512 | 9a7ed3af39d443749f22b69198bc47172fc002b5e8262c535d669bd3786e6318479de9ce45963f27b870be7975129a38c52f407b874ec14aaae62bc594600745 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Icons\icon (15).ico
| MD5 | e3143e8c70427a56dac73a808cba0c79 |
| SHA1 | 63556c7ad9e778d5bd9092f834b5cc751e419d16 |
| SHA256 | b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188 |
| SHA512 | 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\ClientsFolder\050ED1609754E9530C78\Recovery\RecoveryData\bookmark.json
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\ClientsFolder\A22BA88618B7B8EC5441\Recovery\DiscordToken_06-05-2024 20;21;25;018.txt
| MD5 | ae9be7f520985e59cfb80d4663c5065d |
| SHA1 | 7d695b6d641252b49cbf04ec49d94dfd41da0cd4 |
| SHA256 | 95168feda8cdee6b6ed3e21da7dc26ea177f29fd163f2e41a6d78f806f8dee54 |
| SHA512 | 12ebc696a34aa612ac9e82eea7aa15c7ba5d8631d6774dc601d69eafabcb4de0d991b1ca93bb50ca65ed9373c1c30dc28fb38182e32c1bf02f7b4a0254667dd3 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\ClientsFolder\CFE8D379188E499C0CC3\Recovery\DiscordToken_06-05-2024 17;07;04;567.txt
| MD5 | 2ab1d1a6594500d74746c496a450687a |
| SHA1 | d9ce634ab48c90f454b78d0976bd2081a4689e17 |
| SHA256 | df010dc46f4d2cf6024c0c24831b9ee7d39439e2a1bb3ace19756d423250ee21 |
| SHA512 | 42b249dd1516cf61e507795a0f375aaae04e0e437f7c72ff1f9ad467145927fb8d387d08372459d2db3e2c5ad8918dfbd19eb16bee2643d3562d30bee093187d |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe
| MD5 | 56ccb739926a725e78a7acf9af52c4bb |
| SHA1 | 5b01b90137871c3c8f0d04f510c4d56b23932cbc |
| SHA256 | 90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405 |
| SHA512 | 2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1 |
memory/1088-875-0x0000028A0D770000-0x0000028A0E658000-memory.dmp
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Guna.UI2.dll
| MD5 | bcc0fe2b28edd2da651388f84599059b |
| SHA1 | 44d7756708aafa08730ca9dbdc01091790940a4f |
| SHA256 | c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef |
| SHA512 | 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8 |
memory/1088-877-0x0000028A28FF0000-0x0000028A291E4000-memory.dmp
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\GeoIP.dat
| MD5 | 8ef41798df108ce9bd41382c9721b1c9 |
| SHA1 | 1e6227635a12039f4d380531b032bf773f0e6de0 |
| SHA256 | bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740 |
| SHA512 | 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Sounds\Intro.wav
| MD5 | fcfade9b14166e1e046c3701906add00 |
| SHA1 | 958a5652f5dfa9b16a02cb403e228301fbe4db75 |
| SHA256 | c8d7efbd251002b109b0b23a0801ee18c290fc8d335e76755688846122d54f85 |
| SHA512 | 679a3612488143accef2672d88cb1cb89ef98394228feacc03499014ecfe86655d7dc39ae5ed59fcecadfa7ef61169f38f9f2aa9fdb091b944f8ba4b231d3c2f |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\SimpleObfuscator.dll
| MD5 | 9043d712208178c33ba8e942834ce457 |
| SHA1 | e0fa5c730bf127a33348f5d2a5673260ae3719d1 |
| SHA256 | b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c |
| SHA512 | dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65 |
memory/1088-883-0x0000028A30490000-0x0000028A305F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2fcghgdq\2fcghgdq.cmdline
| MD5 | ad65fad7f568cce9312ffd6958072f2c |
| SHA1 | 76a80c809d756592ded3048e17fe6774ea7c9aa3 |
| SHA256 | 9f42d8959ff6f3965d8ec58e511db5eba56e9aeda09f93c686219ee5002aa533 |
| SHA512 | 827c3916a801a2cb7f2255640ac405252e0d25f1a8f0b6ee51f36bbba201abcd11de3916e0cabf2dd904b4c9fc18fd32abf7ddb777463382ea16987d6dff5273 |
C:\Users\Admin\AppData\Local\Temp\2fcghgdq\2fcghgdq.0.vb
| MD5 | 82ff82f12242036da676ef3761d421f5 |
| SHA1 | 506645166529b552425072274b3efa1fad79de59 |
| SHA256 | b5e41b371d67d1293a89ac087f5c41ae1a77be8dd929ee754a746e8a7a0c1f43 |
| SHA512 | 0e80687d562929e8f1202412104f64e58f4b19bcf0716c7cf846a66482288f65b2b4e27180cc53d04d2a3f2673b5aeb44285e47bce75d1de8fb818719bbe09d5 |
C:\Users\Admin\AppData\Local\Temp\vbc96FF779DB2CB4CFD9C4D37BB4AA055DD.TMP
| MD5 | d40c58bd46211e4ffcbfbdfac7c2bb69 |
| SHA1 | c5cf88224acc284a4e81bd612369f0e39f3ac604 |
| SHA256 | 01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca |
| SHA512 | 48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68 |
C:\Users\Admin\AppData\Local\Temp\RES7805.tmp
| MD5 | 2def5d3954947f9e26961544a1df2b94 |
| SHA1 | e0cd6d741048839d9468fa4ce3997d60a4961f53 |
| SHA256 | dd546a382bb8e8cc3c6a11ebc30f22b912fd0a56db45b827972e0e850dca37d7 |
| SHA512 | 7c3ade07d75619c158cb7ac09d2eeb9341a19e3fbde14bb02ca836738b7840d7b3debfbd70eeb426c5e8cd9493aa4f67d548bb160cbb00e2f8542d13531c0302 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe
| MD5 | f0960c4e04dbdb9b212abda33e917985 |
| SHA1 | 62ca818893d0433753a42170868cc7daa6c0a5de |
| SHA256 | 8c98cf8b2b2a3f0fb2be1778ad9e055c10e877f5b18a9c689aca07f1fb0e9544 |
| SHA512 | e669525e63e0c2357e73601c6b2c3610caaaca26f6997dd5f0233dc0a221490e1ba70e2057fa09e50165eb23bc8763acf1af5f1b783efc89687b0128d85b166d |
memory/5108-900-0x0000000000FA0000-0x0000000000FAE000-memory.dmp
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\NAudio.dll
| MD5 | 3b87d1363a45ce9368e9baec32c69466 |
| SHA1 | 70a9f4df01d17060ec17df9528fca7026cc42935 |
| SHA256 | 81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451 |
| SHA512 | 1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7 |
memory/1088-904-0x0000028A29DD0000-0x0000028A29E52000-memory.dmp
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\GMap.NET.Core.dll
| MD5 | 819352ea9e832d24fc4cebb2757a462b |
| SHA1 | aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11 |
| SHA256 | 58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86 |
| SHA512 | 6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a |
memory/1088-908-0x0000028A31350000-0x0000028A31632000-memory.dmp
memory/1088-906-0x0000028A29D70000-0x0000028A29D9C000-memory.dmp
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\GMap.NET.WindowsForms.dll
| MD5 | 32a8742009ffdfd68b46fe8fd4794386 |
| SHA1 | de18190d77ae094b03d357abfa4a465058cd54e3 |
| SHA256 | 741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365 |
| SHA512 | 22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b |
memory/1088-910-0x0000028A302B0000-0x0000028A30362000-memory.dmp
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Newtonsoft.Json.dll
| MD5 | 195ffb7167db3219b217c4fd439eedd6 |
| SHA1 | 1e76e6099570ede620b76ed47cf8d03a936d49f8 |
| SHA256 | e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d |
| SHA512 | 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Xworm V6.1.exe.log
| MD5 | 5bfd0dfa1613cdbd4c6fddc4e826a411 |
| SHA1 | 8c78e0cfc21afb9725c60ed24e67bc52a78b71dc |
| SHA256 | e5b56dac178278b60a37584ef6ce260c11d48749203e8be75e009a6db2d07a2b |
| SHA512 | 13fd22864d11c64f7d10e0448d3a55cf15077cb1114d1be789e06aaf6c64e9f31d2c2f4743e41a94583ae99cfd6d458bfa8ee78ef962da8314e157bf73e6ea62 |
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\ActiveWindows.dll
| MD5 | 5a766a4991515011983ceddf7714b70b |
| SHA1 | 4eb00ae7fe780fa4fe94cedbf6052983f5fd138b |
| SHA256 | 567b9861026a0dbc5947e7515dc7ab3f496153f6b3db57c27238129ec207fc52 |
| SHA512 | 4bd6b24e236387ff58631207ea42cd09293c3664468e72cd887de3b3b912d3795a22a98dcf4548fb339444337722a81f8877abb22177606d765d78e48ec01fd8 |
memory/5108-919-0x0000000001600000-0x000000000160A000-memory.dmp
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Stealer.dll
| MD5 | ade4edd66bc695c9465816fa2538d0cb |
| SHA1 | e4351a2531307c848c60b20ffb50bcc04156fdbc |
| SHA256 | 018e06f57725563e4525700edffafb1b062bf5d4b0e9fee498507f0f8200fcdf |
| SHA512 | e2bf3962787366d7a975eb55d2edd1fe35935205febc00f720dc0efff0c62b5df7f0207fd569f692205e8a227c059eea596904995855458e9c02306842e88a6f |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\FileManager.dll
| MD5 | 641a8b61cb468359b1346a0891d65b59 |
| SHA1 | 2cdc49bcd7428fe778a94cdcd19cabf5ece8c9c0 |
| SHA256 | b58ed3ebbcd27c7f4b173819528ff4db562b90475a5e304521ed5c564d39fffd |
| SHA512 | 042702d34664ea6288e891c9f7aa10a5b4b07317f25f82d6c9fa9ba9b98645c14073d0f66637060b416a30c58dec907d9383530320a318523c51f19ebd0a4fee |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Cmstp-Bypass.dll
| MD5 | cf15259e22b58a0dfd1156ab71cbd690 |
| SHA1 | 3614f4e469d28d6e65471099e2d45c8e28a7a49e |
| SHA256 | fa420fd3d1a5a2bb813ef8e6063480099f19091e8fa1b3389004c1ac559e806b |
| SHA512 | 7302a424ed62ec20be85282ff545a4ca9e1aecfe20c45630b294c1ae72732465d8298537ee923d9e288ae0c48328e52ad8a1a503e549f8f8737fabe2e6e9ad38 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Clipboard.dll
| MD5 | 831eb0de839fc13de0abab64fe1e06e7 |
| SHA1 | 53aad63a8b6fc9e35c814c55be9992abc92a1b54 |
| SHA256 | e31a1c2b1baa2aa2c36cabe3da17cd767c8fec4c206bd506e889341e5e0fa959 |
| SHA512 | 2f61bcf972671d96e036b3c99546cd01e067bef15751a87c00ba6d656decb6b69a628415e5363e650b55610cf9f237585ada7ce51523e6efc0e27d7338966bee |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Chromium.dll
| MD5 | edb2f0d0eb08dcd78b3ddf87a847de01 |
| SHA1 | cc23d101f917cad3664f8c1fa0788a89e03a669c |
| SHA256 | b6d8bccdf123ceac6b9642ad3500d4e0b3d30b9c9dd2d29499d38c02bd8f9982 |
| SHA512 | 8f87da834649a21a908c95a9ea8e2d94726bd9f33d4b7786348f6371dfae983cc2b5b5d4f80a17a60ded17d4eb71771ec25a7c82e4f3a90273c46c8ee3b8f2c3 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Chat.dll
| MD5 | 59f75c7ffaccf9878a9d39e224a65adf |
| SHA1 | 46b0f61a07e85e3b54b728d9d7142ddc73c9d74b |
| SHA256 | aab20f465955d77d6ec3b5c1c5f64402a925fb565dda5c8e38c296cb7406e492 |
| SHA512 | 80056163b96ce7a8877874eaae559f75217c0a04b3e3d4c1283fe23badfc95fe4d587fd27127db4be459b8a3adf41900135ea12b0eeb4187adbcf796d9505cb8 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\HBrowser.dll
| MD5 | f0e921f2f850b7ec094036d20ff9be9b |
| SHA1 | 3b2d76d06470580858cc572257491e32d4b021c0 |
| SHA256 | 75e8ff57fa6d95cf4d8405bffebb2b9b1c55a0abba0fe345f55b8f0e88be6f3c |
| SHA512 | 16028ae56cd1d78d5cb63c554155ae02804aac3f15c0d91a771b0dcd5c8df710f39481f6545ca6410b7cd9240ec77090f65e3379dcfe09f161a3dff6aec649f3 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Ngrok-Installer.dll
| MD5 | 3e19341a940638536b4a7891d5b2b777 |
| SHA1 | ca6f5b28e2e54f3f86fd9f45a792a868c82e35b5 |
| SHA256 | b574aabf02a65aa3b6f7bfff0a574873ce96429d3f708a10f87bc1f6518f14aa |
| SHA512 | 06639892ea4a27c8840872b0de450ae1a0dac61e1dcb64523973c629580323b723c0e9074ff2ddf9a67a8a6d45473432ffc4a1736c0ddc74e054ae13b774f3e2 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Microphone.dll
| MD5 | 9c3d90ccf5d47f6eef83542bd08d5aeb |
| SHA1 | 0c0aa80c3411f98e8db7a165e39484e8dae424c7 |
| SHA256 | 612898afdf9120cfef5843f9b136c66ecc3e0bb6f3d1527d0599a11988b7783c |
| SHA512 | 0786f802fbd24d4ab79651298a5ba042c275d7d01c6ac2c9b3ca1e4ee952de7676ec8abf68d226b72696e9480bd4d4615077163efbcda7cff6a5f717736cbdfe |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\MessageBox.dll
| MD5 | 7db8b7e15194fa60ffed768b6cf948c2 |
| SHA1 | 3de1b56cc550411c58cd1ad7ba845f3269559b5c |
| SHA256 | bc09b671894c9a36f4eca45dd6fbf958a967acea9e85b66c38a319387b90dd29 |
| SHA512 | e7f5430b0d46f133dc9616f9eeae8fb42f07a8a4a18b927dd7497de29451086629dfc5e63c0b2a60a4603d8421c6570967c5dbde498bb480aef353b3ed8e18a1 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Maps.dll
| MD5 | 806c3802bfd7a97db07c99a5c2918198 |
| SHA1 | 088393a9d96f0491e3e1cf6589f612aa5e1df5f8 |
| SHA256 | 34b532a4d0560e26b0d5b81407befdc2424aacc9ef56e8b13de8ad0f4b3f1ab6 |
| SHA512 | ed164822297accd3717b4d8e3927f0c736c060bb7ec5d99d842498b63f74d0400c396575e9fa664ad36ae8d4285cfd91e225423a0c77a612912d66ea9f63356c |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Keylogger.dll
| MD5 | 246f7916c4f21e98f22cb86587acb334 |
| SHA1 | b898523ed4db6612c79aad49fbd74f71ecdbd461 |
| SHA256 | acfe5c3aa2a3bae3437ead42e90044d7eee972ead25c1f7486bea4a23c201d3a |
| SHA512 | 1c256ca9b9857e6d393461b55e53175b7b0d88d8f3566fd457f2b3a4f241cb91c9207d54d8b0867ea0abd3577d127835beb13157c3e5df5c2b2b34b3339bd15d |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Informations.dll
| MD5 | 67a884eeb9bd025a1ef69c8964b6d86f |
| SHA1 | 97e00d3687703b1d7cc0939e45f8232016d009d9 |
| SHA256 | cba453460be46cfa705817abbe181f9bf65dca6b6cea1ad31629aa08dbeaf72b |
| SHA512 | 52e852021a1639868e61d2bd1e8f14b9c410c16bfca584bf70ae9e71da78829c1cada87d481e55386eec25646f84bb9f3baee3b5009d56bcbb3be4e06ffa0ae7 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\HVNCMemory.dll
| MD5 | 065f0830d1e36f8f44702b0f567082e8 |
| SHA1 | 724c33558fcc8ecd86ee56335e8f6eb5bfeac0db |
| SHA256 | 285b462e3cd4a5b207315ad33ee6965a8b98ca58abb8d16882e4bc2d758ff1a4 |
| SHA512 | bac0148e1b78a8fde242697bff1bbe10a18ffab85fdced062de3dc5017cd77f0d54d8096e273523b8a3910fe17fac111724acffa5bec30e4d81b7b3bd312d545 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\HVNC.dll
| MD5 | 30eb33588670191b4e74a0a05eecf191 |
| SHA1 | 08760620ef080bb75c253ba80e97322c187a6b9f |
| SHA256 | 3a287acb1c89692f2c18596dd4405089ac998bb9cf44dd225e5211923d421e96 |
| SHA512 | 820cca77096ff2eea8e459a848f7127dc46af2e5f42f43b2b7375be6f4778c1b0e34e4aa5a97f7fbabe0b53dcd351d09c231bb9afedf7bcec60d949918a06b97 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\HRDP.dll
| MD5 | f27b6e8cf5afa8771c679b7a79e11a08 |
| SHA1 | 6c3fcf45e35aaf6b747f29a06108093c284100da |
| SHA256 | 4aa18745a5fddf7ec14adaff3ad1b4df1b910f4b6710bf55eb27fb3942bb67de |
| SHA512 | 0d84966bbc9290b04d2148082563675ec023906d58f5ba6861c20542271bf11be196d6ab24e48372f339438204bd5c198297da98a19fddb25a3df727b5aafa33 |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\HiddenApps.dll
| MD5 | ba2141a7aefa1a80e2091bf7c2ca72db |
| SHA1 | 9047b546ce9c0ea2c36d24a10eb31516a24a047d |
| SHA256 | 6a098f5a7f9328b35d73ee232846b13e2d587d47f473cbc9b3f1d74def7086ea |
| SHA512 | 91e43620e5717b699e34e658d6af49bba200dcf91ac0c9a0f237ec44666b57117a13bc8674895b7a9cac5a17b2f91cdc3daa5bcc52c43edbabd19bc1ed63038c |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\FilesSearcher.dll
| MD5 | 6f8f1621c16ac0976600146d2217e9d2 |
| SHA1 | b6aa233b93aae0a17ee8787576bf0fbc05cedde4 |
| SHA256 | e66e1273dc59ee9e05ce3e02f1b760b18dd296a47d92b3ce5b24efb48e5fb21b |
| SHA512 | eb55acdea8648c8cdefee892758d9585ff81502fc7037d5814e1bd01fee0431f4dde0a4b04ccb2b0917e1b11588f2dc9f0bfe750117137a01bbd0c508f43ef6a |
C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Options.dll
| MD5 | 97193fc4c016c228ae0535772a01051d |
| SHA1 | f2f6d56d468329b1e9a91a3503376e4a6a4d5541 |
| SHA256 | 5c34aee5196e0f8615b8d1d9017dd710ea28d2b7ac99295d46046d12eea58d78 |
| SHA512 | 9f6d7da779e8c9d7307f716d4a4453982bb7f090c35947850f13ec3c9472f058fc11e1120a9641326970b9846d3c691e0c2afd430c12e5e8f30abadb5dcf5ed2 |
memory/5108-941-0x000000001C930000-0x000000001CC80000-memory.dmp
memory/1896-958-0x0000017B3E120000-0x0000017B3E130000-memory.dmp
memory/1896-942-0x0000017B3E020000-0x0000017B3E030000-memory.dmp
memory/1896-977-0x0000017B3B1F0000-0x0000017B3B1F2000-memory.dmp
memory/4392-987-0x0000026B28540000-0x0000026B28640000-memory.dmp
memory/4540-996-0x000001F117400000-0x000001F117420000-memory.dmp
memory/4540-1062-0x000001F11CBC0000-0x000001F11CBC2000-memory.dmp
memory/4540-1064-0x000001F11CBE0000-0x000001F11CBE2000-memory.dmp
memory/4540-1068-0x000001F11D0A0000-0x000001F11D0A2000-memory.dmp
memory/4540-1066-0x000001F11CEE0000-0x000001F11CEE2000-memory.dmp
memory/4540-1080-0x000001F11D420000-0x000001F11D440000-memory.dmp
memory/4540-1185-0x000001F117520000-0x000001F117522000-memory.dmp
memory/4540-1189-0x000001F117B70000-0x000001F117B72000-memory.dmp
memory/4540-1191-0x000001F117B90000-0x000001F117B92000-memory.dmp
memory/4540-1218-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1214-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1213-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1212-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1211-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1210-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1209-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1208-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1207-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1206-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1205-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1204-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1203-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1201-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1217-0x000001F106CF0000-0x000001F106D00000-memory.dmp
memory/4540-1215-0x000001F106CF0000-0x000001F106D00000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AL72F0OC\favicon[1].ico
| MD5 | 84cc977d0eb148166481b01d8418e375 |
| SHA1 | 00e2461bcd67d7ba511db230415000aefbd30d2d |
| SHA256 | bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c |
| SHA512 | f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QB3ZK6X5\favicon[2].png
| MD5 | 9e3fe8db4c9f34d785a3064c7123a480 |
| SHA1 | 0f77f9aa982c19665c642fa9b56b9b20c44983b6 |
| SHA256 | 4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9 |
| SHA512 | 20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1 |
C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
memory/5108-2306-0x00000000017D0000-0x00000000017DE000-memory.dmp