eed75f0edf37bdd0d0a64ac8723672dbfe64288fb3845b89cc3596d0511f67d1

Analysis

max time kernel
374s
max time network
333s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-10-2024 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-5.6-main.zip
Size

24.8MB
MD5

98af17dc86622b292d58fbba45d51309
SHA1

44a7d9423ce00ddda8000f9d18e3fe5693b5776f
SHA256

eed75f0edf37bdd0d0a64ac8723672dbfe64288fb3845b89cc3596d0511f67d1
SHA512

b3b9c67e373bcba5bd039088953400a3296b374f29f5de00f56c0702da7f9eccf0c452586d486c17ab1ea5ab16240112fda8457ec258d2ba9735b17959db4b05
SSDEEP

786432:3vngbHGYI0DuXXEDgfI+tjIdubuu0SVww6vZqwffr:fgbHGY2hfI8yuxV7oswXr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1912	Xworm V5.6.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Checks SCSI registry key(s) 3 TTPs 15 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
1148	taskmgr.exe
1148	taskmgr.exe
1148	taskmgr.exe
1148	taskmgr.exe
2376	taskmgr.exe
2376	taskmgr.exe
2376	taskmgr.exe
2376	taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe
4204	Taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4344	7zFM.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeRestorePrivilege	4344	7zFM.exe
Token: 35	4344	7zFM.exe
Token: SeSecurityPrivilege	4344	7zFM.exe
Token: SeDebugPrivilege	3588	taskmgr.exe
Token: SeSystemProfilePrivilege	3588	taskmgr.exe
Token: SeCreateGlobalPrivilege	3588	taskmgr.exe
Token: 33	3588	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3588	taskmgr.exe
Token: SeDebugPrivilege	4168	taskmgr.exe
Token: SeSystemProfilePrivilege	4168	taskmgr.exe
Token: SeCreateGlobalPrivilege	4168	taskmgr.exe
Token: 33	4168	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4168	taskmgr.exe
Token: SeDebugPrivilege	1148	taskmgr.exe
Token: SeSystemProfilePrivilege	1148	taskmgr.exe
Token: SeCreateGlobalPrivilege	1148	taskmgr.exe
Token: 33	1148	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1148	taskmgr.exe
Token: SeDebugPrivilege	2376	taskmgr.exe
Token: SeSystemProfilePrivilege	2376	taskmgr.exe
Token: SeCreateGlobalPrivilege	2376	taskmgr.exe
Token: 33	2376	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2376	taskmgr.exe
Token: SeDebugPrivilege	4204	Taskmgr.exe
Token: SeSystemProfilePrivilege	4204	Taskmgr.exe
Token: SeCreateGlobalPrivilege	4204	Taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4344	7zFM.exe
4344	7zFM.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
1148	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
3588	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
4168	taskmgr.exe
1148	taskmgr.exe
1148	taskmgr.exe
1148	taskmgr.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 4204	748	cmd.exe	117
PID 748 wrote to memory of 4204	748	cmd.exe	117
PID 748 wrote to memory of 3040	748	cmd.exe	119
PID 748 wrote to memory of 3040	748	cmd.exe	119

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4556

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4728

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2800

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3540

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:2776

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3588

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4168

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1148

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2376

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Windows\system32\Taskmgr.exe
  taskmgr
  2⤵
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4204
- C:\Windows\system32\Taskmgr.exe
  taskmgr
  2⤵
  PID:3040

C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe
"C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
9e466b4837d8431be725d6b9c1b4d9ef

SHA1
3f247b7c89985a41d839cad351cd0fc182fcb284

SHA256
2f9a5eeb5ac8cec52a3e73621e4d392f501f5d657dfec3215ccd40eec317208d

SHA512
01de0fda555d63b5c38339b0f6d38c28de2a882643439679e63cf5d75f13516b57dc90e8dfb8c638bda328fc12342e58d1e501acec8f85b92dbd5589dac06418

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
960B

MD5
16846df493521e84fe47cd6b6451ec8f

SHA1
6d99eb017c5aec08d3a7e908bbd4a051ce250c02

SHA256
69f19f2ab2f3625faca623477864766ab1ef3a21712bc892d7b2b0886585b3f9

SHA512
aefa5121601b8273cff6b79b7f76417c71e29e835b66faf3e1a67d0d38fb9ebe90320b75493fd5c4a2d9ea3e3c485d0a84bcdbfb78c26a8ecee3175cd8bd93cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
0d668cd9858f575e6184a8390ae60aa8

SHA1
bccff8b9889d19430cd24b498bf10463346fa023

SHA256
f53bc3bf0bf735790de041e191fdb27366752f413e722a4a071b3f0dffadbe9b

SHA512
40c6633dcef6bfc2d6614e256aba9525182a05c70191de2be105e7485d51207f1ff8443f8e687ed476135cc2f04d539ec3ed072fd081f40c72d43c0c92073d6d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\2a03e8ca-8ea4-4bee-8efe-af967b1f5642.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe

Filesize
14.9MB

MD5
56ccb739926a725e78a7acf9af52c4bb

SHA1
5b01b90137871c3c8f0d04f510c4d56b23932cbc

SHA256
90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

SHA512
2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

Download Submit
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe.config

Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
memory/1912-320-0x000001CBF2D10000-0x000001CBF2F04000-memory.dmp

Filesize
2.0MB

Download
memory/1912-318-0x000001CBD5DC0000-0x000001CBD6CA8000-memory.dmp

Filesize
14.9MB

Download
memory/3588-259-0x00000196FBCD0000-0x00000196FBCD1000-memory.dmp

Filesize
4KB

Download
memory/3588-264-0x00000196FBCD0000-0x00000196FBCD1000-memory.dmp

Filesize
4KB

Download
memory/3588-261-0x00000196FBCD0000-0x00000196FBCD1000-memory.dmp

Filesize
4KB

Download
memory/3588-262-0x00000196FBCD0000-0x00000196FBCD1000-memory.dmp

Filesize
4KB

Download
memory/3588-263-0x00000196FBCD0000-0x00000196FBCD1000-memory.dmp

Filesize
4KB

Download
memory/3588-253-0x00000196FBCD0000-0x00000196FBCD1000-memory.dmp

Filesize
4KB

Download
memory/3588-254-0x00000196FBCD0000-0x00000196FBCD1000-memory.dmp

Filesize
4KB

Download
memory/3588-252-0x00000196FBCD0000-0x00000196FBCD1000-memory.dmp

Filesize
4KB

Download
memory/3588-258-0x00000196FBCD0000-0x00000196FBCD1000-memory.dmp

Filesize
4KB

Download
memory/3588-260-0x00000196FBCD0000-0x00000196FBCD1000-memory.dmp

Filesize
4KB

Download
memory/4204-311-0x000001FD47F40000-0x000001FD47F41000-memory.dmp

Filesize
4KB

Download
memory/4204-309-0x000001FD47F40000-0x000001FD47F41000-memory.dmp

Filesize
4KB

Download
memory/4204-313-0x000001FD47F40000-0x000001FD47F41000-memory.dmp

Filesize
4KB

Download
memory/4204-308-0x000001FD47F40000-0x000001FD47F41000-memory.dmp

Filesize
4KB

Download
memory/4204-310-0x000001FD47F40000-0x000001FD47F41000-memory.dmp

Filesize
4KB

Download
memory/4204-312-0x000001FD47F40000-0x000001FD47F41000-memory.dmp

Filesize
4KB

Download
memory/4204-303-0x000001FD47F40000-0x000001FD47F41000-memory.dmp

Filesize
4KB

Download
memory/4204-304-0x000001FD47F40000-0x000001FD47F41000-memory.dmp

Filesize
4KB

Download
memory/4204-305-0x000001FD47F40000-0x000001FD47F41000-memory.dmp

Filesize
4KB

Download