Malware Analysis Report

2024-10-18 21:31

Sample ID 240811-gcxlxsxckj
Target Xworm-V6.1 (2).rar
SHA256 9b56ee6ee5bb27b038df82d0ef4f03246e0449515f3b6cfb47155ca5d80d0a5a
Tags
agenttesla stormkitty xworm keylogger phishing rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9b56ee6ee5bb27b038df82d0ef4f03246e0449515f3b6cfb47155ca5d80d0a5a

Threat Level: Known bad

The file Xworm-V6.1 (2).rar was found to be: Known bad.

Malicious Activity Summary

agenttesla stormkitty xworm keylogger phishing rat spyware stealer trojan

Xworm family

AgentTesla

StormKitty payload

Detect Xworm Payload

Stormkitty family

Xworm

Contains code to disable Windows Defender

AgentTesla payload

Agenttesla family

AgentTesla payload

Checks computer location settings

Uses the VBS compiler for execution

Executes dropped EXE

Looks up external IP address via web service

Drops file in Windows directory

Detected phishing page

Enumerates physical storage devices

Unsigned PE

Checks processor information in registry

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Office document contains embedded OLE objects

Suspicious use of WriteProcessMemory

Modifies registry class

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-11 05:40

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Office document contains embedded OLE objects

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-11 05:40

Reported

2024-08-11 05:47

Platform

win10-20240404-en

Max time kernel

400s

Max time network

390s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe N/A

Uses the VBS compiler for execution

Looks up external IP address via web service

Description Indicator Process Target
N/A wtfismyip.com N/A N/A
N/A wtfismyip.com N/A N/A
N/A wtfismyip.com N/A N/A

Detected phishing page

phishing

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = dde762dfb1ebda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a654bcedb1ebda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b96074e8b1ebda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 6000310000000000af58758e100058776f726d2d56362e310000460009000400efbe0b593d2d0b593d2d2e0000009ba601000000060000000000000000000000000000007bb76f00580077006f0072006d002d00560036002e00310000001a000000 C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 6a003100000000000b593d2d100058574f524d2d7e312e31283200004e0009000400efbe0b593d2d0b593d2d2e000000b1060000000007000000000000000000000000000000eda91d01580077006f0072006d002d00560036002e003100200028003200290000001c000000 C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\MRUListEx = ffffffff C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 88eeeed9b1ebda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c7bdf6d2b1ebda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4c312bd3b1ebda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2632 wrote to memory of 168 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2632 wrote to memory of 168 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 2904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 2904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 2904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 2904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 2904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 2904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 2904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 2904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 2904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 2904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 2904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 2944 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 2944 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 3836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2904 wrote to memory of 4752 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.0.699374710\1363141364" -parentBuildID 20221007134813 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97a7e979-e7cf-4650-977a-8b04858a6030} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 1812 175fa1f0258 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.1.1881037696\712297192" -parentBuildID 20221007134813 -prefsHandle 2176 -prefMapHandle 2172 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cbd51e3-f157-4395-88a3-f4252e6a4b14} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 2188 175e7d71958 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.2.915475758\2010983428" -childID 1 -isForBrowser -prefsHandle 2740 -prefMapHandle 2808 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0566771b-16e6-43dc-9238-9829af13c6e8} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 2756 175fe3d5b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.3.2126506727\1469312275" -childID 2 -isForBrowser -prefsHandle 3128 -prefMapHandle 3092 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44dd4525-86eb-4aa2-a09a-e4ac6d14d36c} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 3480 175e7d61358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.4.828385453\1700972337" -childID 3 -isForBrowser -prefsHandle 4876 -prefMapHandle 4912 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cec452dd-fc59-40d7-8bdb-e7111f632e75} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 5016 175fe374058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.5.28587344\30751066" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 4836 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35dc99c5-6ed2-4a85-9dbc-a1bb9b36434c} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 5060 175fe375b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2904.6.230686515\1812163949" -childID 5 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efd08986-0015-4c9f-85c6-6866b4f9cbf6} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" 5268 176007aa858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Xworm-V6.1 (2).rar"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Xworm-V6.1 (2).rar"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Xworm-V6.1 (2).rar"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.0.358599101\1586824614" -parentBuildID 20221007134813 -prefsHandle 1604 -prefMapHandle 1596 -prefsLen 20871 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {029356b8-29de-4c64-aebb-947b229fe79c} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 1684 1e7fc7fa758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.1.224146316\766108488" -parentBuildID 20221007134813 -prefsHandle 1972 -prefMapHandle 1968 -prefsLen 20916 -prefMapSize 233536 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20f19680-b1e4-4b73-b364-5bd8ea4f992e} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2000 1e7ea5e4158 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.2.1180647356\1310620826" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2688 -prefsLen 22157 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0677b6fb-84bd-46a3-9954-56c8741e1f2d} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2984 1e7820a1d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.3.1447564505\872638837" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26555 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb24d9e4-a33f-4b21-9757-699db5f9f67a} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 3496 1e7832c6558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.4.1359183490\74585623" -childID 3 -isForBrowser -prefsHandle 4776 -prefMapHandle 4256 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d42e5f0-19fd-4aea-ae49-e4252f2f9684} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 4780 1e784bae558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.5.565240439\1126957423" -childID 4 -isForBrowser -prefsHandle 4920 -prefMapHandle 4924 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aeb40698-e1b6-40e1-a68e-003c8d70bc30} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 4912 1e785aae258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.6.1602806857\1610602431" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f93c1dd7-72ff-46c6-a3e4-81ff008d0967} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 5104 1e785aae858 tab

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Xworm-V6.1 (2)\" -ad -an -ai#7zMap10601:90:7zEvent18538

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe

"C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2c4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2fcghgdq\2fcghgdq.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7805.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc96FF779DB2CB4CFD9C4D37BB4AA055DD.TMP"

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe

"C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe"

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe

"C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe"

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe

"C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 200.110.239.44.in-addr.arpa udp
N/A 127.0.0.1:49757 tcp
N/A 127.0.0.1:49763 tcp
N/A 127.0.0.1:49960 tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:49972 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
US 8.8.8.8:53 fbi.bet udp
US 185.199.109.153:443 fbi.bet tcp
US 185.199.109.153:443 fbi.bet tcp
US 8.8.8.8:53 153.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 fonts.cdnfonts.com udp
US 104.21.72.124:443 fonts.cdnfonts.com tcp
US 104.21.72.124:443 fonts.cdnfonts.com tcp
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.179.131:80 c.pki.goog tcp
US 8.8.8.8:53 124.72.21.104.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 185.199.109.153:443 fbi.bet tcp
US 185.199.109.153:443 fbi.bet tcp
US 8.8.8.8:53 wtfismyip.com udp
FI 65.108.75.112:443 wtfismyip.com tcp
FI 65.108.75.112:443 wtfismyip.com tcp
US 8.8.8.8:53 112.75.108.65.in-addr.arpa udp
US 8.8.8.8:53 we-are-jammin.xyz udp
US 104.21.30.128:443 we-are-jammin.xyz tcp
US 104.21.30.128:443 we-are-jammin.xyz tcp
US 8.8.8.8:53 128.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 23.200.147.72:443 assets.msn.com tcp
GB 23.200.147.72:443 assets.msn.com tcp
GB 23.200.147.72:443 assets.msn.com tcp
GB 23.200.147.72:443 assets.msn.com tcp
US 8.8.8.8:53 72.147.200.23.in-addr.arpa udp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
GB 51.104.15.252:443 browser.events.data.msn.com tcp
GB 51.104.15.252:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:443 www.microsoft.com tcp
GB 95.100.245.144:443 www.microsoft.com tcp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 144.245.100.95.in-addr.arpa udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0bb226be-e3c3-4cd1-a00e-7a849dfbb57e

MD5 31fa0f8c262b9bc278352cde064bab6b
SHA1 2d344832a2f2cf9e3ebae250c464ebf8224830df
SHA256 138dc3f67d57c6933a5a663ba73dbe06cf0437e336897c1b874f85426ebd5218
SHA512 f6073ead9d1c7166ed585f85805fe2790761c868fd5f13ff9e48885c6a6c069aaca80a0e2a2a0d244fc2fe99ad8b8d280a96be0fa54afef9446af1dde5a1c81d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\e0d7e624-1bc9-44e9-beb5-d40c1b6f4ccc

MD5 5e813422995c67bbb715c65f80b11309
SHA1 5a4a6d10ed4f931888a4c10ed8acd150db6677ba
SHA256 a96adcf758fd3eeea88f3cc8e5532c41e278b4b1cf183c32b510575584574fd7
SHA512 556867c1a88d185a008869b7d8cf505f759e3b629defba98fdd14902b286b2272b5fc3903979ce4ccbbdd13dffe7f9c390e29cbf3644a7dce0bb71e3176393e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 c4ae33d4bece39bf306664de990d3703
SHA1 9520317afaf22d1953c2ba324f2db0d3d658a0ca
SHA256 1acdb7950d996b7c209284c47aaaf87afa5002f1cda13d2d89be3d8c83d030b1
SHA512 fa79bf08a7eeb6e3a8677e64d97e2fad12340fe580db11aefdeb49b670354fc1d8cfc5d7036f9f7b6acb236976867b72e05ddb49fc0f08db16965e81425142d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 5227db9712d17ce11a5369309ce710b4
SHA1 6a9153997dc82f44622967a8ed1af1c2f3de8440
SHA256 4fd2777a43aa5b3e369dbd1ce74d5f8bb95e4050328589f47665bccd6054ae11
SHA512 7b79a79eaa7c6617356a535c1031cba7c8051a6c4ee209f82490d4b52bedc49b82067fffd05467343228bb182538d639f2acc6390eb3b8c004953a4c011c87bd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 61f27113a01497654397c913084f63ed
SHA1 55a34e8393a4e09365334deb7840c36e49f46259
SHA256 79cfa357bb886f696f97e3a8204b7e1dd81ef6adaba2ef702f0253d0d7e99df2
SHA512 85a04fd09d561daf65916bc5e735cbf164da5cdfaf9afa08aaa52d2253d2797ed53350c09983afb50fe7ee34bdc0d6ee8d365966c3930cfbc7c7cd630f447e20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 81139010103892440a6eef00e6ac75d0
SHA1 026493d3edc6948b337c5a9d71361b45c6ade981
SHA256 7996513e59b1cd087dce813298810d3329ce7b4505e4148dd6b520134c25c769
SHA512 2b28a591dbc3475ce931aa955f98584abfec32ddbedcb3648f2887aa814fd500b43c5fede067be36b6bf6b289f71f7dbedd90c2b43bd810d4e517eded823e742

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

MD5 7c7ef9154a8ea65944c4cebc3dab32f8
SHA1 ac33f20b94adfde8070de40fcd8e4e55edb418f7
SHA256 77d0bc54e5c597cd0a19f200590d99384199dfd83b6c6341d7145a290546fd87
SHA512 e3a3937c84e29957296157bd22a2e172f322aa1187482b816a8b4ad1d7161c9f5b8659698cf5797827c88549f4e41cf8bf3fbf2da9b8207bcfe706defb4ed0db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 3cb6d4c98623564a0ecb1f7674a447da
SHA1 cd250957a78b88d18d49c38db9396414b8e191d9
SHA256 4ca045c47ac6a1612f1c5b35f8d15f87703b91eadbe53dae0d5c1ceb1a5fba06
SHA512 eebe87b751454c07f683c79bc947511e6388409410c8a89c88342dd11bffcbafef274930df8fde167f44f7cad75e952aba351c8a52920af90e029d6b3f8be4f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache-child.bin

MD5 44943d04ff14a340764d9509ea0c14ed
SHA1 7c675c58ef7e0cae211d5b358eecb54b0a69e5ad
SHA256 623b61bf26625bd4ef954af12a2abd4346cb445c1d0575c3c07372d3dea0c79b
SHA512 1f057516218161aa9585856801c9ef17abed36c4c3259c34878166c0e32851afaf4434a47e1a55949b4c2333e41f2a2d83e7c9df4745df6cadae9a5a32906377

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache.bin

MD5 b4b641f3fc224f72e30684f1706b4296
SHA1 696301bd46086dac38038f78dce37e95705a6156
SHA256 f05eb165a35e70b985361d4ae3e4f03e51364bb9434408b70e9f7f2379d19380
SHA512 57c84dd39794ae1217cce93f6c0bbfbdf0a307551770e67d5a8173f40b922c211358e9012b373296d1f61723caf857c03e24cd109b931c018688601b723c8850

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json

MD5 58e240288763218d12bf235d34e5aee2
SHA1 89135494b57f590011c09668dec3b90d2c5ee9ae
SHA256 615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176
SHA512 caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin

MD5 9d7c843fc418b4a2e329494e63567df0
SHA1 9e19150cedb827e8ab9f884d774b3e2d1a0be85c
SHA256 0d92c4402c14b8c80efee2ff7dbc4f938d61c3b36dde976b68458d57fd2ae8cb
SHA512 8a65a94314effbd048cd8e9310b366eaf94208a5d95566619d98fba2b7c4ab5b6ddd72321ae13d9999f82ff438cc6902eb72adce1210c6877a1445fe678ddf67

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 72ba299b2333ae39fe4d074a541ce263
SHA1 fa02a39b9d5e90abd7e0f1004a37dfe249151cec
SHA256 8014902170c42c713d403b841d60f6d438f7187845581e160d9e47c10e52bb92
SHA512 ac2a66c86b373669d8a826bec1d0db897a1d3f4674903bc0cb74b581c028a1bec5b458ec0841b36c5e96274024cd057f436d44feb2a0d63b2330a78229e7c791

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 7f868e557b098795d645df9ea302427f
SHA1 001f3306144559b4049a8ab139b4139f51e59c0e
SHA256 b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5
SHA512 56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

MD5 6b77a9f779399e95d1cee931a2c8f8ff
SHA1 826efd4feb0d50fcce5696111af7c811b81adcd9
SHA256 3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3
SHA512 ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 12650282c356d817de53601eda2dba90
SHA1 84b5c98b48b57fec9cb62a02032a0632d9833737
SHA256 9629936f108e43316e94fd9d3db254617b470fe906fcb035b7fb65128f51e1ad
SHA512 fca51e297e7ec5388f683a8f198c1199693cd0fe1f4cf0a5c39d1b6bda79de2672065cb4bcbc5b97af1cca2c960ac91d18bffa5e71cf81ceb8ec36006f4ddd55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

MD5 e5e6a9fffdf9c2cc7927d267f1d1d122
SHA1 6b33a1ebd0ff1c9ad858204067b5e0434e805647
SHA256 584aa150b3aa8472fa852411f5abc7b36c31121e1da89394233324f8183251c8
SHA512 a8c4deb50a00a2ec4ac2889ffe0d243bd0f70dd75d23e4f91cb67424569377838f715370d4e4592302af7592d1b7fd88fe1fa092af68398abf3bd14bd837b612

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite

MD5 ca0e5583ff83524b577a629c5aee8a3d
SHA1 4acdc025d0622e9dcdb6880880d31e2df31aa963
SHA256 971a45cc22cd4055ada97ebe5ce533a0eaea95745ec88e9bae4bb18320d975cf
SHA512 0128ceb07fa09c0bf5b08e31056ff384ba6d3a6272eab752b55e9f4c87193f8ecb3c66f9ce6c400e3f617a008ada347ef494cbddb1778d11d45037e48030b83e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 8e2751e18cf9bb2f2f3a33a5b198a624
SHA1 24fb59882387afc88aaad2c152acd94c428b5600
SHA256 91c38db5b443c80e130fc182d795c5faa27562ccb6492843e34561baa487ae5a
SHA512 041fce1d1daaa01931508181c04fb868a2542d70577788463f19666f5ff1c8f4afd82622d77b7c1d91e018a4a6aba327b48025629d7490a1714fd8e46c5b952b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\287f1fdd-00ea-403b-815b-53c4638d3606

MD5 81b23d799a79555eea7144ade28f285a
SHA1 45dbe089e4064f613aaa0e9a1df0b1a0f8ab2c55
SHA256 236629869c96adfcc0a2a249d5c134adefba9f168bce950c19af472ec79c2df8
SHA512 d74ace31b4083365457e00055cd7e12514a41ec30369ae1a39a7c31833d4b079cac373a2355c72a54e91be1e8eaf1a87cc8318853114936586163686592e0502

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 f43579aebb72d45c6fc30ce5ac27f24a
SHA1 3e79f9ac52bde7030190af4f02c4dcb25b7b8ec0
SHA256 87875cdd9a6e2e9171f3db8d2f9a52a937f0210765e1be397aceeab624557057
SHA512 f98dc330100b48a343463cd76ce319137571ffbc35126307a592ab4cd025de9cbff147f86b0de5dfd5d7e506e08218330421a70af6798b6bf09c36a89e006a1d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\protections.sqlite

MD5 49397db0486dc59d607907a086f40c9b
SHA1 08742ce9db9569062def08e99eea8470702feb7d
SHA256 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4
SHA512 fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 16f91e4bd2a4c3c8ec9249269cc7d90b
SHA1 07aa4730451dfe76cc777291105cfdf62042b990
SHA256 96fa54435aaf60d8fc5d637561c4089bd943ee1863e27c83cd39d5923b2bbcb3
SHA512 ed69527e68e6262ec379ad53170e3f39df799a2e4761ead96a46369cdf3a4b2d2c56955e658ce323599443c6422657f40723785fc2ad98adbdd203c15e317d05

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt

MD5 fb0ae75093f711af75059a8eb4da58f7
SHA1 77352e94fd0ab60aeb09bcb7519ef7cc70caee31
SHA256 a728a9b2c44ef924332d2263efbf66ea596fea99b56b55411d49b0b73e8541c7
SHA512 b7d20e9c0ff8ca5b4d338d40fadc074906edf2efb5dfa6e1f3b773bc89a1950659df5d8359c4710ff420b9ee6e86c658789407e4db9bdb5655f3d377ec7cc77c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cert9.db

MD5 1d5e9d0a0db83e75f2da87b16d21e1b4
SHA1 15db2c37dcf345ce393986f8b20cc86ec0f8513f
SHA256 ae53f059740368de986ccc5bb6369ee35ee2fe72775821bdcf6f8b925a079266
SHA512 aadf0126501a0f64f7cb1d2e6d42708fe6f85fb15aab7687126b4884e1cf03f25977c2a5590566e1392b361c062d7659fdab42f801a3075c55836c751da05dfa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 2f26059a363e068e21117f70413b91ea
SHA1 6ebfee1e2b0b6282b46a1daf93bc5296c61591c6
SHA256 f58f393924b6ea7228546dee45e6c2d79c8d0463d02d7da8c849dcc2c88315b8
SHA512 f13fd190f223d11c444952f6ed6df19361c63daa12836441d14959b1537c03f531903519217edd73096aa41340380fb3ad9de432c2289b3be50d1f0a04f157d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

MD5 b8c948b47de0d0304c9c0936bc3b732f
SHA1 1d64870c84af550ed682fef8affb076dd0dfd302
SHA256 83f3bcb77e30bdaf1edd0393dd76c9a50468b73fa77b5dc1106e9a9edae99823
SHA512 ff4057d8ca4e2fa170586fc2db7190dc29dd9ed2421c80db568253e42409258ea8d398309f1bf25f8b15d47c963486bc15891f3e98cd58c1cf4e57279318e004

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ea44b853f4a69df3c001d707973b3aed
SHA1 f90d6af3a024e4ac9aa1f25f3fba91c07c7377a2
SHA256 803e7b10c4ecd738ecba681ba7a21b3d6a2c8a2afbfae7a6a04f371207379b3b
SHA512 9a7ed3af39d443749f22b69198bc47172fc002b5e8262c535d669bd3786e6318479de9ce45963f27b870be7975129a38c52f407b874ec14aaae62bc594600745

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Icons\icon (15).ico

MD5 e3143e8c70427a56dac73a808cba0c79
SHA1 63556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256 b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA512 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\ClientsFolder\050ED1609754E9530C78\Recovery\RecoveryData\bookmark.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\ClientsFolder\A22BA88618B7B8EC5441\Recovery\DiscordToken_06-05-2024 20;21;25;018.txt

MD5 ae9be7f520985e59cfb80d4663c5065d
SHA1 7d695b6d641252b49cbf04ec49d94dfd41da0cd4
SHA256 95168feda8cdee6b6ed3e21da7dc26ea177f29fd163f2e41a6d78f806f8dee54
SHA512 12ebc696a34aa612ac9e82eea7aa15c7ba5d8631d6774dc601d69eafabcb4de0d991b1ca93bb50ca65ed9373c1c30dc28fb38182e32c1bf02f7b4a0254667dd3

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\ClientsFolder\CFE8D379188E499C0CC3\Recovery\DiscordToken_06-05-2024 17;07;04;567.txt

MD5 2ab1d1a6594500d74746c496a450687a
SHA1 d9ce634ab48c90f454b78d0976bd2081a4689e17
SHA256 df010dc46f4d2cf6024c0c24831b9ee7d39439e2a1bb3ace19756d423250ee21
SHA512 42b249dd1516cf61e507795a0f375aaae04e0e437f7c72ff1f9ad467145927fb8d387d08372459d2db3e2c5ad8918dfbd19eb16bee2643d3562d30bee093187d

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe

MD5 56ccb739926a725e78a7acf9af52c4bb
SHA1 5b01b90137871c3c8f0d04f510c4d56b23932cbc
SHA256 90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405
SHA512 2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

memory/1088-875-0x0000028A0D770000-0x0000028A0E658000-memory.dmp

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Guna.UI2.dll

MD5 bcc0fe2b28edd2da651388f84599059b
SHA1 44d7756708aafa08730ca9dbdc01091790940a4f
SHA256 c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef
SHA512 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

memory/1088-877-0x0000028A28FF0000-0x0000028A291E4000-memory.dmp

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\GeoIP.dat

MD5 8ef41798df108ce9bd41382c9721b1c9
SHA1 1e6227635a12039f4d380531b032bf773f0e6de0
SHA256 bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740
SHA512 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Sounds\Intro.wav

MD5 fcfade9b14166e1e046c3701906add00
SHA1 958a5652f5dfa9b16a02cb403e228301fbe4db75
SHA256 c8d7efbd251002b109b0b23a0801ee18c290fc8d335e76755688846122d54f85
SHA512 679a3612488143accef2672d88cb1cb89ef98394228feacc03499014ecfe86655d7dc39ae5ed59fcecadfa7ef61169f38f9f2aa9fdb091b944f8ba4b231d3c2f

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\SimpleObfuscator.dll

MD5 9043d712208178c33ba8e942834ce457
SHA1 e0fa5c730bf127a33348f5d2a5673260ae3719d1
SHA256 b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c
SHA512 dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

memory/1088-883-0x0000028A30490000-0x0000028A305F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2fcghgdq\2fcghgdq.cmdline

MD5 ad65fad7f568cce9312ffd6958072f2c
SHA1 76a80c809d756592ded3048e17fe6774ea7c9aa3
SHA256 9f42d8959ff6f3965d8ec58e511db5eba56e9aeda09f93c686219ee5002aa533
SHA512 827c3916a801a2cb7f2255640ac405252e0d25f1a8f0b6ee51f36bbba201abcd11de3916e0cabf2dd904b4c9fc18fd32abf7ddb777463382ea16987d6dff5273

C:\Users\Admin\AppData\Local\Temp\2fcghgdq\2fcghgdq.0.vb

MD5 82ff82f12242036da676ef3761d421f5
SHA1 506645166529b552425072274b3efa1fad79de59
SHA256 b5e41b371d67d1293a89ac087f5c41ae1a77be8dd929ee754a746e8a7a0c1f43
SHA512 0e80687d562929e8f1202412104f64e58f4b19bcf0716c7cf846a66482288f65b2b4e27180cc53d04d2a3f2673b5aeb44285e47bce75d1de8fb818719bbe09d5

C:\Users\Admin\AppData\Local\Temp\vbc96FF779DB2CB4CFD9C4D37BB4AA055DD.TMP

MD5 d40c58bd46211e4ffcbfbdfac7c2bb69
SHA1 c5cf88224acc284a4e81bd612369f0e39f3ac604
SHA256 01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca
SHA512 48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

C:\Users\Admin\AppData\Local\Temp\RES7805.tmp

MD5 2def5d3954947f9e26961544a1df2b94
SHA1 e0cd6d741048839d9468fa4ce3997d60a4961f53
SHA256 dd546a382bb8e8cc3c6a11ebc30f22b912fd0a56db45b827972e0e850dca37d7
SHA512 7c3ade07d75619c158cb7ac09d2eeb9341a19e3fbde14bb02ca836738b7840d7b3debfbd70eeb426c5e8cd9493aa4f67d548bb160cbb00e2f8542d13531c0302

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\XClient.exe

MD5 f0960c4e04dbdb9b212abda33e917985
SHA1 62ca818893d0433753a42170868cc7daa6c0a5de
SHA256 8c98cf8b2b2a3f0fb2be1778ad9e055c10e877f5b18a9c689aca07f1fb0e9544
SHA512 e669525e63e0c2357e73601c6b2c3610caaaca26f6997dd5f0233dc0a221490e1ba70e2057fa09e50165eb23bc8763acf1af5f1b783efc89687b0128d85b166d

memory/5108-900-0x0000000000FA0000-0x0000000000FAE000-memory.dmp

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\NAudio.dll

MD5 3b87d1363a45ce9368e9baec32c69466
SHA1 70a9f4df01d17060ec17df9528fca7026cc42935
SHA256 81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451
SHA512 1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7

memory/1088-904-0x0000028A29DD0000-0x0000028A29E52000-memory.dmp

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\GMap.NET.Core.dll

MD5 819352ea9e832d24fc4cebb2757a462b
SHA1 aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11
SHA256 58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86
SHA512 6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

memory/1088-908-0x0000028A31350000-0x0000028A31632000-memory.dmp

memory/1088-906-0x0000028A29D70000-0x0000028A29D9C000-memory.dmp

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\GMap.NET.WindowsForms.dll

MD5 32a8742009ffdfd68b46fe8fd4794386
SHA1 de18190d77ae094b03d357abfa4a465058cd54e3
SHA256 741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365
SHA512 22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

memory/1088-910-0x0000028A302B0000-0x0000028A30362000-memory.dmp

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Newtonsoft.Json.dll

MD5 195ffb7167db3219b217c4fd439eedd6
SHA1 1e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256 e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA512 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Xworm V6.1.exe.log

MD5 5bfd0dfa1613cdbd4c6fddc4e826a411
SHA1 8c78e0cfc21afb9725c60ed24e67bc52a78b71dc
SHA256 e5b56dac178278b60a37584ef6ce260c11d48749203e8be75e009a6db2d07a2b
SHA512 13fd22864d11c64f7d10e0448d3a55cf15077cb1114d1be789e06aaf6c64e9f31d2c2f4743e41a94583ae99cfd6d458bfa8ee78ef962da8314e157bf73e6ea62

\??\PIPE\wkssvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\ActiveWindows.dll

MD5 5a766a4991515011983ceddf7714b70b
SHA1 4eb00ae7fe780fa4fe94cedbf6052983f5fd138b
SHA256 567b9861026a0dbc5947e7515dc7ab3f496153f6b3db57c27238129ec207fc52
SHA512 4bd6b24e236387ff58631207ea42cd09293c3664468e72cd887de3b3b912d3795a22a98dcf4548fb339444337722a81f8877abb22177606d765d78e48ec01fd8

memory/5108-919-0x0000000001600000-0x000000000160A000-memory.dmp

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Stealer.dll

MD5 ade4edd66bc695c9465816fa2538d0cb
SHA1 e4351a2531307c848c60b20ffb50bcc04156fdbc
SHA256 018e06f57725563e4525700edffafb1b062bf5d4b0e9fee498507f0f8200fcdf
SHA512 e2bf3962787366d7a975eb55d2edd1fe35935205febc00f720dc0efff0c62b5df7f0207fd569f692205e8a227c059eea596904995855458e9c02306842e88a6f

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\FileManager.dll

MD5 641a8b61cb468359b1346a0891d65b59
SHA1 2cdc49bcd7428fe778a94cdcd19cabf5ece8c9c0
SHA256 b58ed3ebbcd27c7f4b173819528ff4db562b90475a5e304521ed5c564d39fffd
SHA512 042702d34664ea6288e891c9f7aa10a5b4b07317f25f82d6c9fa9ba9b98645c14073d0f66637060b416a30c58dec907d9383530320a318523c51f19ebd0a4fee

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Cmstp-Bypass.dll

MD5 cf15259e22b58a0dfd1156ab71cbd690
SHA1 3614f4e469d28d6e65471099e2d45c8e28a7a49e
SHA256 fa420fd3d1a5a2bb813ef8e6063480099f19091e8fa1b3389004c1ac559e806b
SHA512 7302a424ed62ec20be85282ff545a4ca9e1aecfe20c45630b294c1ae72732465d8298537ee923d9e288ae0c48328e52ad8a1a503e549f8f8737fabe2e6e9ad38

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Clipboard.dll

MD5 831eb0de839fc13de0abab64fe1e06e7
SHA1 53aad63a8b6fc9e35c814c55be9992abc92a1b54
SHA256 e31a1c2b1baa2aa2c36cabe3da17cd767c8fec4c206bd506e889341e5e0fa959
SHA512 2f61bcf972671d96e036b3c99546cd01e067bef15751a87c00ba6d656decb6b69a628415e5363e650b55610cf9f237585ada7ce51523e6efc0e27d7338966bee

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Chromium.dll

MD5 edb2f0d0eb08dcd78b3ddf87a847de01
SHA1 cc23d101f917cad3664f8c1fa0788a89e03a669c
SHA256 b6d8bccdf123ceac6b9642ad3500d4e0b3d30b9c9dd2d29499d38c02bd8f9982
SHA512 8f87da834649a21a908c95a9ea8e2d94726bd9f33d4b7786348f6371dfae983cc2b5b5d4f80a17a60ded17d4eb71771ec25a7c82e4f3a90273c46c8ee3b8f2c3

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Chat.dll

MD5 59f75c7ffaccf9878a9d39e224a65adf
SHA1 46b0f61a07e85e3b54b728d9d7142ddc73c9d74b
SHA256 aab20f465955d77d6ec3b5c1c5f64402a925fb565dda5c8e38c296cb7406e492
SHA512 80056163b96ce7a8877874eaae559f75217c0a04b3e3d4c1283fe23badfc95fe4d587fd27127db4be459b8a3adf41900135ea12b0eeb4187adbcf796d9505cb8

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\HBrowser.dll

MD5 f0e921f2f850b7ec094036d20ff9be9b
SHA1 3b2d76d06470580858cc572257491e32d4b021c0
SHA256 75e8ff57fa6d95cf4d8405bffebb2b9b1c55a0abba0fe345f55b8f0e88be6f3c
SHA512 16028ae56cd1d78d5cb63c554155ae02804aac3f15c0d91a771b0dcd5c8df710f39481f6545ca6410b7cd9240ec77090f65e3379dcfe09f161a3dff6aec649f3

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Ngrok-Installer.dll

MD5 3e19341a940638536b4a7891d5b2b777
SHA1 ca6f5b28e2e54f3f86fd9f45a792a868c82e35b5
SHA256 b574aabf02a65aa3b6f7bfff0a574873ce96429d3f708a10f87bc1f6518f14aa
SHA512 06639892ea4a27c8840872b0de450ae1a0dac61e1dcb64523973c629580323b723c0e9074ff2ddf9a67a8a6d45473432ffc4a1736c0ddc74e054ae13b774f3e2

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Microphone.dll

MD5 9c3d90ccf5d47f6eef83542bd08d5aeb
SHA1 0c0aa80c3411f98e8db7a165e39484e8dae424c7
SHA256 612898afdf9120cfef5843f9b136c66ecc3e0bb6f3d1527d0599a11988b7783c
SHA512 0786f802fbd24d4ab79651298a5ba042c275d7d01c6ac2c9b3ca1e4ee952de7676ec8abf68d226b72696e9480bd4d4615077163efbcda7cff6a5f717736cbdfe

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\MessageBox.dll

MD5 7db8b7e15194fa60ffed768b6cf948c2
SHA1 3de1b56cc550411c58cd1ad7ba845f3269559b5c
SHA256 bc09b671894c9a36f4eca45dd6fbf958a967acea9e85b66c38a319387b90dd29
SHA512 e7f5430b0d46f133dc9616f9eeae8fb42f07a8a4a18b927dd7497de29451086629dfc5e63c0b2a60a4603d8421c6570967c5dbde498bb480aef353b3ed8e18a1

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Maps.dll

MD5 806c3802bfd7a97db07c99a5c2918198
SHA1 088393a9d96f0491e3e1cf6589f612aa5e1df5f8
SHA256 34b532a4d0560e26b0d5b81407befdc2424aacc9ef56e8b13de8ad0f4b3f1ab6
SHA512 ed164822297accd3717b4d8e3927f0c736c060bb7ec5d99d842498b63f74d0400c396575e9fa664ad36ae8d4285cfd91e225423a0c77a612912d66ea9f63356c

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Keylogger.dll

MD5 246f7916c4f21e98f22cb86587acb334
SHA1 b898523ed4db6612c79aad49fbd74f71ecdbd461
SHA256 acfe5c3aa2a3bae3437ead42e90044d7eee972ead25c1f7486bea4a23c201d3a
SHA512 1c256ca9b9857e6d393461b55e53175b7b0d88d8f3566fd457f2b3a4f241cb91c9207d54d8b0867ea0abd3577d127835beb13157c3e5df5c2b2b34b3339bd15d

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Informations.dll

MD5 67a884eeb9bd025a1ef69c8964b6d86f
SHA1 97e00d3687703b1d7cc0939e45f8232016d009d9
SHA256 cba453460be46cfa705817abbe181f9bf65dca6b6cea1ad31629aa08dbeaf72b
SHA512 52e852021a1639868e61d2bd1e8f14b9c410c16bfca584bf70ae9e71da78829c1cada87d481e55386eec25646f84bb9f3baee3b5009d56bcbb3be4e06ffa0ae7

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\HVNCMemory.dll

MD5 065f0830d1e36f8f44702b0f567082e8
SHA1 724c33558fcc8ecd86ee56335e8f6eb5bfeac0db
SHA256 285b462e3cd4a5b207315ad33ee6965a8b98ca58abb8d16882e4bc2d758ff1a4
SHA512 bac0148e1b78a8fde242697bff1bbe10a18ffab85fdced062de3dc5017cd77f0d54d8096e273523b8a3910fe17fac111724acffa5bec30e4d81b7b3bd312d545

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\HVNC.dll

MD5 30eb33588670191b4e74a0a05eecf191
SHA1 08760620ef080bb75c253ba80e97322c187a6b9f
SHA256 3a287acb1c89692f2c18596dd4405089ac998bb9cf44dd225e5211923d421e96
SHA512 820cca77096ff2eea8e459a848f7127dc46af2e5f42f43b2b7375be6f4778c1b0e34e4aa5a97f7fbabe0b53dcd351d09c231bb9afedf7bcec60d949918a06b97

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\HRDP.dll

MD5 f27b6e8cf5afa8771c679b7a79e11a08
SHA1 6c3fcf45e35aaf6b747f29a06108093c284100da
SHA256 4aa18745a5fddf7ec14adaff3ad1b4df1b910f4b6710bf55eb27fb3942bb67de
SHA512 0d84966bbc9290b04d2148082563675ec023906d58f5ba6861c20542271bf11be196d6ab24e48372f339438204bd5c198297da98a19fddb25a3df727b5aafa33

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\HiddenApps.dll

MD5 ba2141a7aefa1a80e2091bf7c2ca72db
SHA1 9047b546ce9c0ea2c36d24a10eb31516a24a047d
SHA256 6a098f5a7f9328b35d73ee232846b13e2d587d47f473cbc9b3f1d74def7086ea
SHA512 91e43620e5717b699e34e658d6af49bba200dcf91ac0c9a0f237ec44666b57117a13bc8674895b7a9cac5a17b2f91cdc3daa5bcc52c43edbabd19bc1ed63038c

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\FilesSearcher.dll

MD5 6f8f1621c16ac0976600146d2217e9d2
SHA1 b6aa233b93aae0a17ee8787576bf0fbc05cedde4
SHA256 e66e1273dc59ee9e05ce3e02f1b760b18dd296a47d92b3ce5b24efb48e5fb21b
SHA512 eb55acdea8648c8cdefee892758d9585ff81502fc7037d5814e1bd01fee0431f4dde0a4b04ccb2b0917e1b11588f2dc9f0bfe750117137a01bbd0c508f43ef6a

C:\Users\Admin\Downloads\Xworm-V6.1 (2)\Xworm-V6.1 (2)\Xworm-V6.1\Xworm-V6.1\Plugins\Options.dll

MD5 97193fc4c016c228ae0535772a01051d
SHA1 f2f6d56d468329b1e9a91a3503376e4a6a4d5541
SHA256 5c34aee5196e0f8615b8d1d9017dd710ea28d2b7ac99295d46046d12eea58d78
SHA512 9f6d7da779e8c9d7307f716d4a4453982bb7f090c35947850f13ec3c9472f058fc11e1120a9641326970b9846d3c691e0c2afd430c12e5e8f30abadb5dcf5ed2

memory/5108-941-0x000000001C930000-0x000000001CC80000-memory.dmp

memory/1896-958-0x0000017B3E120000-0x0000017B3E130000-memory.dmp

memory/1896-942-0x0000017B3E020000-0x0000017B3E030000-memory.dmp

memory/1896-977-0x0000017B3B1F0000-0x0000017B3B1F2000-memory.dmp

memory/4392-987-0x0000026B28540000-0x0000026B28640000-memory.dmp

memory/4540-996-0x000001F117400000-0x000001F117420000-memory.dmp

memory/4540-1062-0x000001F11CBC0000-0x000001F11CBC2000-memory.dmp

memory/4540-1064-0x000001F11CBE0000-0x000001F11CBE2000-memory.dmp

memory/4540-1068-0x000001F11D0A0000-0x000001F11D0A2000-memory.dmp

memory/4540-1066-0x000001F11CEE0000-0x000001F11CEE2000-memory.dmp

memory/4540-1080-0x000001F11D420000-0x000001F11D440000-memory.dmp

memory/4540-1185-0x000001F117520000-0x000001F117522000-memory.dmp

memory/4540-1189-0x000001F117B70000-0x000001F117B72000-memory.dmp

memory/4540-1191-0x000001F117B90000-0x000001F117B92000-memory.dmp

memory/4540-1218-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1214-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1213-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1212-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1211-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1210-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1209-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1208-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1207-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1206-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1205-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1204-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1203-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1201-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1217-0x000001F106CF0000-0x000001F106D00000-memory.dmp

memory/4540-1215-0x000001F106CF0000-0x000001F106D00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AL72F0OC\favicon[1].ico

MD5 84cc977d0eb148166481b01d8418e375
SHA1 00e2461bcd67d7ba511db230415000aefbd30d2d
SHA256 bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c
SHA512 f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QB3ZK6X5\favicon[2].png

MD5 9e3fe8db4c9f34d785a3064c7123a480
SHA1 0f77f9aa982c19665c642fa9b56b9b20c44983b6
SHA256 4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9
SHA512 20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/5108-2306-0x00000000017D0000-0x00000000017DE000-memory.dmp