7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf

Resubmissions

11-11-2024 18:26

241111-w3hm1ssmd1 10

11-11-2024 17:59

241111-wk5ptstamb 10

11-11-2024 00:19

241111-al9vaaxnev 10

Analysis

max time kernel
1348s
max time network
1409s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
11-11-2024 00:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.6.zip
Size

24.5MB
MD5

27065dd8016564f65a5444d70a9daad1
SHA1

1be1151330b7b0f12c486e9e36a1fa682adcac50
SHA256

7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf
SHA512

fcf41ba034133fcb7f91936fb16a6b59503a9016a78079c61fd692edec24a7e3daadf8ae2459d36ecd6c72dff9f8835355ea8cc7d20455d3e0922d74f7337435
SSDEEP

393216:VyavqxXFeuBc9Q+Fdt6ieJS9xCZGb7kjjJ6AKbKrbdcjXo50Ko+Y2ToxYv:Vy5xXDBYQwn63qkjBKego5Ho+R

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
472	Xworm V5.6.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4924	7zFM.exe
472	Xworm V5.6.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	4924	7zFM.exe
Token: 35	4924	7zFM.exe
Token: SeSecurityPrivilege	4924	7zFM.exe
Token: 33	2248	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2248	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4924	7zFM.exe
4924	7zFM.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe
472	Xworm V5.6.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
472	Xworm V5.6.exe
472	Xworm V5.6.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4924

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3752

C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:472

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zEC33761C7\XWorm V5.6\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CCSIZKYM-20241023-1504.log

Filesize
58KB

MD5
eb7df9b4f58c66e3743c34e0837d7a6e

SHA1
34b779ef987b2823e579f26dbb4a983b8556506f

SHA256
d9f2a613c575bcdffbc34075c202f6a9b16775699e0a38060dd93a1e3e88a928

SHA512
ae7edc0cc2949dfd6bf9c4daad3fc9e8c0a7762d59b8c8d8d76f2cca3c63c0475636574a8974d01bb7d052fecfbd31c495cc98f384d5af0886e667586338e130

Download Submit
C:\Users\Admin\AppData\Local\Temp\CCSIZKYM-20241023-1504a.log

Filesize
182KB

MD5
96e30b84050f93f3f41126091d3e9b64

SHA1
1413d688a3502cdbd5f15ecef86beff321196ede

SHA256
7dcac0cfe7a5b1fe2e89c05bc23347e3743a8e508a8d672fa174a77fd08d6c72

SHA512
e1065e8031f0fe614795745588278d4e53645262f96fa84e28e2ff3faa4e686f5985162cc6f4a02e831275f10a67f476b6a30cadf16d8609174217185e77a637

Download Submit
C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

Filesize
13KB

MD5
6e4600cacc5e269ed6d05368a759d018

SHA1
970f427e00aded9ac6615e93b9e88819e3aff46b

SHA256
391c84dc0452fc8a75f12453ea9c5eff7f0fce114268b4b876de5b4b59c6d21a

SHA512
057ab7391c36cd0c11901df2d5b68bbf1539f91af5bea71bc281244f2451aec7fa2b1a3b9fa523db156a28494b1c9686f6ba6b8d2b6f5e069eae1cffbd035743

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20241023_145929720.html

Filesize
94KB

MD5
97a6e864fa670c7581208436a476e5c4

SHA1
18947ee3cff2df0625042e4dd1bf8b6994cbe2fa

SHA256
636bb1d659a1e6f5d4e2f87695baf642c6ae8250f750fb5c8c08489f9aac4b45

SHA512
29083ec1c35c56a00853e57fbfad357c648a3ebbea0dbba126332cf3cff8e0a85073349e06da5a4f9e84525445b191594f9325867ebf1aeb27333bfd2694546d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241023150010.log

Filesize
15KB

MD5
29611895e3f9d42feada241a2f5aa361

SHA1
69b677a507049653fb9d61d7949386f809f6bb85

SHA256
4aa8d658a2a374d308d0c1f8b139f5556f6f9b778a5b3c82b82c9f39d8d6aff8

SHA512
5ac3594f289395543daddc83c66f94ae6440622db24a43a4b7fb055f76c86ff08c4471781b9beb079a0dd2a47f943106149d4cc26fc11698605a77ca833087ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241023150010_000_dotnet_runtime_6.0.27_win_x64.msi.log

Filesize
551KB

MD5
6410cfb75bb67c2ce53ddc4a4921e343

SHA1
39230a04a6a186b63fba02de93678aac9fe5a491

SHA256
926968ef0c22823f44989e1af8b6a8378ea79cee20ac829e65b139e186052ec2

SHA512
0fa2af8f397ec35455e3acf6bf732e9d147b7a93f0edd88ef8c700c9f2249563e86eb05a3511f9e37365a3dd161b3e007b20656c3c6e9b4daedb0cb4d7d52508

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241023150010_001_dotnet_hostfxr_6.0.27_win_x64.msi.log

Filesize
95KB

MD5
989e3a84064bae0d9ef29c69187b5010

SHA1
635f022a92bb9c14e9cbf8e8a348178b4559f9d4

SHA256
4e461c2150e58440244eb2a9a500cf365df30cd294571338a2030a7e17c44cca

SHA512
b85022a8d226173cdfb55f7cb978bd895f95d559d60aec46f7e4ee5e23a1c17a3b60ecc6a69718c5e4a3ba37e3d6f716acb8625bb0711ce14730d1f87e4ef40f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241023150010_002_dotnet_host_6.0.27_win_x64.msi.log

Filesize
105KB

MD5
c62c80b8567fb7fd960b22b777053fed

SHA1
ae4caab5591bf02b58f467331c2b6d114534df24

SHA256
120398e7a2004c0bc10befd9dd97234725db1ebebe4cd0204b47cc9f156c8239

SHA512
2d6744685be68e74acf70cffe30a5bd6b2e48357ff21dcbf4ba43c42d11c487a79bea3292acc43e9c65b2943acf341011839897ac2bf38f399c9819499b63f4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241023150010_003_windowsdesktop_runtime_6.0.27_win_x64.msi.log

Filesize
847KB

MD5
5f0fc3cbbd0e233b716826a81ae1503a

SHA1
ca8f66d39b152329c3c331d04f67846c49378312

SHA256
629a512135358346adca3edd5ecbccadf397d383510d7b2e99eb91374fac4c26

SHA512
c02316009669b7a41db144f6794d64da0dc26c027e3e1134f4d7bf6021b3106d7e60a2b85d9ba7d0e9d5caefd1f130e214b60ed3a371fa82ed6b3baf2c875b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241023150051.log

Filesize
15KB

MD5
8e559ec811b52323fdfa79347a39f89d

SHA1
7b29909b5dc5b528e95a01cdfe8fdbf6777674b0

SHA256
2d72b0db1a25730668cfd3da133716ec95d0a165ba9c68dde6051935a0a0eda7

SHA512
4b8f7f558dc56f9618bb3cbee76ad92a6911770f2e06b7400baf7107b9598e04584ac994ff35c69bcfc9efff2018749dd126b907cda6d69bca813d1c96bb461f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241023150051_000_dotnet_runtime_7.0.16_win_x64.msi.log

Filesize
470KB

MD5
6beec5e7873eab960fe23b125b1a6dbe

SHA1
222c0cfb95334ab6d0b8251331b095c0acc3f575

SHA256
e989076a66f2eabb1fc645110fc954f9d30612984594d57453287cdbb89e4733

SHA512
86f8e833c2a46932b9292308d44d2e82699a075f3df3b9f56fa2e771d725732ec902f4ff21ec0da4c8f75f890962becac62700d851da223e4b3b8fcf7af62637

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241023150051_001_dotnet_hostfxr_7.0.16_win_x64.msi.log

Filesize
95KB

MD5
c711a722ae0111731fe720129fc1cb02

SHA1
5331b95beb2138a75d2236a0e8ae4c28b589b376

SHA256
ace2c2f60cdcc5fc5e29927d9b4bf04ac6df49ec3127ccc90fbf6d71e0d88974

SHA512
99aac70b5c9a8f4202f453d9ee55ecbd3bf8196911009684932cb69b11a2df2bfed2991c8015231f26a1d0618f3845405e22e9e6967330fc6d06f75dc3d419c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241023150051_002_dotnet_host_7.0.16_win_x64.msi.log

Filesize
109KB

MD5
e30b0bf2d84f61b4df28e72db7733c98

SHA1
dcd1f59f735221bc9835368650524846a9b17ae1

SHA256
fc2ee891b37f4fbe680ebec12d8eff7f1e31da7ac0449d6646c84279212a18a4

SHA512
9fdf0e1ae282b406f780176f7cf93ca0ad4eaed07318e4e099d79f9b832089c75615d3819aa8f7df4046df248e60600962fad0d588a144b4b04f27d833753550

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241023150051_003_windowsdesktop_runtime_7.0.16_win_x64.msi.log

Filesize
852KB

MD5
3d50132cfe9b13f677a425d8295cf4fb

SHA1
96575bef1312f3ac8623628576fe7b202afb03b3

SHA256
f7393988f00eaef06df98fcb49b0b9b49325859238afc0994544a7a9c814e3ee

SHA512
cb20f8726d7cbf17f54259c17113f5b9b5abaf0c1ab33df226f068befaf8e0f9074163cdcd883becd7bb121bb42145ec61c426764739a59cf0de5b33406cfb3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241023150111.log

Filesize
15KB

MD5
1f5cf0e440ea288cf5ead485d7769cdc

SHA1
6b8a785a65b05686195c43c82a5d4ad4183ac83c

SHA256
d059701294428a0867ea58907b4c52b9253898680bc10ac34f7c9b5bbf4bdf12

SHA512
1f2483f20063b30024c5b10704a29d813311be1dc81483ffab52c957cfa9bd196f8c7c529b8c8f2f73cc3151699f132761d6342aff04271bbda119d65338ef1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241023150111_000_dotnet_runtime_8.0.2_win_x64.msi.log

Filesize
469KB

MD5
b768d9e7d0573e2502cb63ecf80f5848

SHA1
cc109ad8cef3ea2bf69f9bcdd70ac324863207dd

SHA256
8ddc41eea996fb91fe36174bf336297278f2be0b3dc398555552121412d164a6

SHA512
7d40d46905b08f4c9302c8f44a2032020ab945919eec4f58c323c58d479b084c65a5eaf30debf924678bd6067fc09da34e1f77c0d1d39a0bad70e24bb920ec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241023150111_001_dotnet_hostfxr_8.0.2_win_x64.msi.log

Filesize
95KB

MD5
e8bd11a78a1a21c68477b4cc8ca3dad0

SHA1
dd6828ed9d54d1109602276e8bc702ccfef39160

SHA256
eede1c3f5b62588c1bf5fdff3028be86ea8bb1d4bbad649a7bb7e132319a44d1

SHA512
e1a80df1e89bcdafb35c6c16c46e6facaf8185a0300095ce3b58d05b995eb77f054169b97f1e44859888fdd815a9e197b76a1c991e03d37b9e26f8273a10312e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241023150111_002_dotnet_host_8.0.2_win_x64.msi.log

Filesize
109KB

MD5
971f730e6059e59c617992323939fe82

SHA1
566dfbc030a3601d425d8135cb2b390ae98d2153

SHA256
e71ba09c715edb9622d5bfb76424b2d1592386a9bc5429d0ab6ab2946fda67d7

SHA512
7234a91f12530598d29c631a05cc023d85ecb5f4157a11caee49cbe278df9d56a99a8812444ddd127760a3b46a40a3ad695b4d1ea182c3562fae6800b37392b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241023150111_003_windowsdesktop_runtime_8.0.2_win_x64.msi.log

Filesize
846KB

MD5
3e0fea4274543ade81615dc5ac86e1b4

SHA1
83c5a5813e0b5edd35d498d0108a00ab1d06aa4a

SHA256
02e45de1b56f386aa9ac38f5d977f09c867c73ac1d99b7caf5e3ebc389be338c

SHA512
c49aafde5fe05c7a3c8867886dc06efaa83025f960ca87af529f794f9d5e5d048eb6c11224f9648ae0eed2684fff48fa70d516be788b1944edb10b0e2524c8a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm V5.6.zip

Filesize
24.5MB

MD5
27065dd8016564f65a5444d70a9daad1

SHA1
1be1151330b7b0f12c486e9e36a1fa682adcac50

SHA256
7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf

SHA512
fcf41ba034133fcb7f91936fb16a6b59503a9016a78079c61fd692edec24a7e3daadf8ae2459d36ecd6c72dff9f8835355ea8cc7d20455d3e0922d74f7337435

Download Submit
C:\Users\Admin\AppData\Local\Temp\aria-debug-2976.log

Filesize
470B

MD5
ecc91a9cddfdd77644f7f7168be0129c

SHA1
138db6a25edef529c32a5383c4106ab5b0b53b4a

SHA256
bcc094fcc3bff55a94b128447b263d4fbd1ad7c45abd37fe7be3aeab333f5f9b

SHA512
8db336da457aa6cfa0f850f8662cac231343bf5db27ea4ad76ee98aa1145fc4da2a5d1197eede6abfe57bbca95f09c22d6e8ab2000c303bbf234cf06397e5a1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
6KB

MD5
18972eb782410dfacb196774cc1085f5

SHA1
97ddf34b149f1e1abad38e52ac9959dbeb15533f

SHA256
ff8a346b51ef8d7b1d6686ecac778c0947941c9923306528a5caf2e4ebcc6440

SHA512
4345b1d35f552573d14db907a6d0faf5d98b7ac3a15db620eed9da37d83e62bea0d36c3c01df445e0705eb47789a7505a01ed707493ca63dcb843c398fb52974

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Filesize
1KB

MD5
d22736f164eda87a262949f9bec0da9b

SHA1
245c90ab08b8cd040e28c09cc410f00666ab4bcd

SHA256
51698ff0bd7bcd361a3e047a2bf8609de0ef51e1f6297ecde8806dbd1e30404e

SHA512
37044cb838567d1346ede5f8688381e515a6f7e0c0b7fdd83deda20ff3755ac205f9492b113c1cc3d3f77aa6db148bf67ac5efd77b1fbfbd20f7f9af977f700d

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI1FEB.txt

Filesize
425KB

MD5
153fa2428d000185e87f93e7d804b867

SHA1
653f5c36b887bf8a058f4d9460c7ba89efe642b1

SHA256
d20873a23549581cd99490a1f847d13384b4004253eb04c7c6eab7c03dee8f41

SHA512
70a16403fbf5861daaf80bf3d544075026199737ca3c3fae104c79747bfc2d2f207da591fc5fac1d77136ea096eebf14e91477d78811a6c11b1320fe98aeb2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI200B.txt

Filesize
415KB

MD5
5da84d38295fbee3a28d9cca839a25f2

SHA1
1eff2b26df280fe9ee414ad6eaed611b03f13920

SHA256
9795f93a1dae2da87985db87c1286aa8e7756fc4324bf36b8ed36791955ce797

SHA512
b3213300495282b02f4671be4ef8495eee97b1179f5706cc0291b5dcba9b9cf8427a0d73a553c24ccdd00ddc053a7c7443967b70b4b24e03dc692085535d611c

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI1FEB.txt

Filesize
11KB

MD5
e4f2888321e4d715ad819bf1b558bd36

SHA1
fc860dcff5594a2a8d5d1f89a7c430c042f4d0f2

SHA256
ec23e564308d867eac5fdd814560ee6df7fd0cad04fcf8fa4ce825ebd0a1136c

SHA512
0f702df34ebc188c14ed6d56fda1f200e62e1f25231d61b22f880d3607509b6bcc6e39c1b2a2c42a7cd56f261adfe9e0432433b31155c11d58b8c1b827477ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI200B.txt

Filesize
11KB

MD5
a2a5ed59dcb671548f990d9d0e8cc4bc

SHA1
2ef8c2e5c28d5f31157e62c3859a02356734e76d

SHA256
2a7eedafaae7455d6bdd95433d2e1485a219615c7afa7f08845f2449f853a834

SHA512
e9f83064506652d70335006c4036cbd567ffa1f755001aeb4db09baf3d1b38b5bc02c46087881aafe1766de90cd652e0dac5c8a10687efd43e781c2ac77771c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\jawshtml.html

Filesize
13B

MD5
b2a4bc176e9f29b0c439ef9a53a62a1a

SHA1
1ae520cbbf7e14af867232784194366b3d1c3f34

SHA256
7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

SHA512
e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
162KB

MD5
f767596b7c2755d5591c48192f43cde0

SHA1
72ac42be6d1b7cc575481e1d03aa0a4fb4631785

SHA256
ed77c7274c552d896b9feab85b01c5844258d2a52405d8b95d8c406f2382e11f

SHA512
d3ef9fc17399774076722ba66bb9f0e210bb7ce3e8881472344f8a21a4fc38a2d13cdcb36385ba7c849cf2d933fc070efc0d3feac672faf757ac72e8f3d03317

Download Submit
C:\Users\Admin\AppData\Local\Temp\mapping.csv

Filesize
120KB

MD5
d3186aada63877a1fe1c2ed4b2e2b77d

SHA1
f66d9307be6cbbb22941c724d2cf6954b41d7bb0

SHA256
2684d360ec473113d922a2738c5c6f6702975e6ac7ee4023258a12ed26c9fefe

SHA512
c94e8aa368a44f1df9f0318ca266f5a6a9140945d55a579dee2fd10aff3d4704a72a216718b35e44429012d68c2bb30a92d5179fbc9fb4b222456a017d8981c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\msedge_installer.log

Filesize
3KB

MD5
685541d2c6f622831e09c4cad69bc8e0

SHA1
5fc8add2aebd90bfdeea8d6d545d0f5bb5f1c651

SHA256
e1af2c3ed34af317cecdf70d8d879e82db25095bc1b544877635b546fa662fa3

SHA512
b5d8a1a3a9e9ec2570b4d8ab27cb4ac4faf0051fe46ef8eca6b7cb9539840a63a131c6d7cbcba88a93ac9d2b2785d3f0ae7acf05b4bd08e13e53a69ec31dda84

Download Submit
C:\Users\Admin\AppData\Local\Temp\wctB495.tmp

Filesize
63KB

MD5
e516a60bc980095e8d156b1a99ab5eee

SHA1
238e243ffc12d4e012fd020c9822703109b987f6

SHA256
543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

SHA512
9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
697B

MD5
e472260592b737bab860a38e47864281

SHA1
b223a08868d2c33bd09e85601d361014646d8e66

SHA256
ba04b9107b5f78c13bcc60bb43e6f0706214a03272b12feb8df10fb98855de4d

SHA512
0e1c7ccdffa1ecbd5519bd62624b4e25ea8175205ce68ae3c7b20aa0d407b995560295bee69c9a7fa4928700a6514f3cbb7a035e3ddcf9693f08d14f0cf56779

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Sounds\Intro.wav

Filesize
238KB

MD5
ad3b4fae17bcabc254df49f5e76b87a6

SHA1
1683ff029eebaffdc7a4827827da7bb361c8747e

SHA256
e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

SHA512
3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe

Filesize
14.9MB

MD5
56ccb739926a725e78a7acf9af52c4bb

SHA1
5b01b90137871c3c8f0d04f510c4d56b23932cbc

SHA256
90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

SHA512
2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe.config

Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
memory/472-288-0x00007FF8E25D0000-0x00007FF8E3092000-memory.dmp

Filesize
10.8MB

Download
memory/472-290-0x0000021B2CC30000-0x0000021B2CE24000-memory.dmp

Filesize
2.0MB

Download
memory/472-291-0x00007FF8E25D3000-0x00007FF8E25D5000-memory.dmp

Filesize
8KB

Download
memory/472-292-0x00007FF8E25D0000-0x00007FF8E3092000-memory.dmp

Filesize
10.8MB

Download
memory/472-287-0x0000021B0EB60000-0x0000021B0FA48000-memory.dmp

Filesize
14.9MB

Download
memory/472-286-0x00007FF8E25D3000-0x00007FF8E25D5000-memory.dmp

Filesize
8KB

Download
memory/472-297-0x00007FF8E25D0000-0x00007FF8E3092000-memory.dmp

Filesize
10.8MB

Download