Overview

overview

10

Static

static

10

Xworm 5.2.zip

windows7-x64

1

Xworm 5.2.zip

windows10-2004-x64

10

Analysis

  • max time kernel
    66s
  • max time network
    68s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-01-2025 17:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xworm 5.2.zip

  • Size

    33.0MB

  • MD5

    59043b724d293c256219ebf504d7585d

  • SHA1

    f0e7f97669840a24cc4540b1b6979ab38e87c896

  • SHA256

    4573900c7704aebc47134753fc2e52d4b26a4f071f6cb76d7ddcd00e2b3f6331

  • SHA512

    ee9ad2e8407aa4d5d63d3c10c862ae9aae8b5f652b0663d77f0229fd01238c1e13c807c87aa98321e5a1c180cd45da94fb1286bff34227bcd3b0aefa9cffa109

  • SSDEEP

    786432:5wtNX23QgeyHmwthL9zcsV/gU9eKVGa8WzFvXCif1+u1OO8k76HU3QmMzS/BA:SX23QghFH9ISgU9n/82FSFlg6UAmMOG

Score
10/10
xwormagilenetdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

publication-portsmouth.gl.at.ply.gg:41961

Mutex

O6yDyz0qQEiafOSy

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 2 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Xworm 5.2.zip"
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:5036
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1420
    • C:\Users\Admin\Desktop\XWorm V5.2 - Copy\XWormLoader 5.2 x64.exe
      "C:\Users\Admin\Desktop\XWorm V5.2 - Copy\XWormLoader 5.2 x64.exe"
      1⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3356
      • C:\Users\Admin\AppData\Roaming\fakexworm.exe
        "C:\Users\Admin\AppData\Roaming\fakexworm.exe"
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:876
        • C:\Users\Admin\AppData\Roaming\XWormLoader5.2 x32.exe
          "C:\Users\Admin\AppData\Roaming\XWormLoader5.2 x32.exe"
          3⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious use of AdjustPrivilegeToken
          PID:4728
        • C:\Users\Admin\AppData\Roaming\XWormLoader 5.2 x64.exe
          "C:\Users\Admin\AppData\Roaming\XWormLoader 5.2 x64.exe"
          3⤵
          • Executes dropped EXE
          PID:4528
      • C:\Users\Admin\AppData\Roaming\XWormLoader 5.2 x64.exe
        "C:\Users\Admin\AppData\Roaming\XWormLoader 5.2 x64.exe"
        2⤵
        • Executes dropped EXE
        PID:4508
    • C:\Users\Admin\Desktop\XWorm V5.2 - Copy\XWorm V5.2.exe
      "C:\Users\Admin\Desktop\XWorm V5.2 - Copy\XWorm V5.2.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1668
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
        2⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3032
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe700246f8,0x7ffe70024708,0x7ffe70024718
          3⤵
            PID:412
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8534765421232301185,15613117077591469585,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
            3⤵
              PID:3640
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,8534765421232301185,15613117077591469585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
              3⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:540
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,8534765421232301185,15613117077591469585,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
              3⤵
                PID:3048
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8534765421232301185,15613117077591469585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
                3⤵
                  PID:2204
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8534765421232301185,15613117077591469585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
                  3⤵
                    PID:4692
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8534765421232301185,15613117077591469585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
                    3⤵
                      PID:4400
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8534765421232301185,15613117077591469585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4716
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8534765421232301185,15613117077591469585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
                      3⤵
                        PID:3564
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8534765421232301185,15613117077591469585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
                        3⤵
                          PID:4508
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8534765421232301185,15613117077591469585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
                          3⤵
                            PID:3408
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2608
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4208

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWormLoader 5.2 x64.exe.log
                            Filesize

                            654B

                            MD5

                            2ff39f6c7249774be85fd60a8f9a245e

                            SHA1

                            684ff36b31aedc1e587c8496c02722c6698c1c4e

                            SHA256

                            e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced

                            SHA512

                            1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            37f660dd4b6ddf23bc37f5c823d1c33a

                            SHA1

                            1c35538aa307a3e09d15519df6ace99674ae428b

                            SHA256

                            4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

                            SHA512

                            807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            d7cb450b1315c63b1d5d89d98ba22da5

                            SHA1

                            694005cd9e1a4c54e0b83d0598a8a0c089df1556

                            SHA256

                            38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

                            SHA512

                            df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            111B

                            MD5

                            807419ca9a4734feaf8d8563a003b048

                            SHA1

                            a723c7d60a65886ffa068711f1e900ccc85922a6

                            SHA256

                            aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                            SHA512

                            f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            cb71513bb834980e3736cbe88dd772d5

                            SHA1

                            96acf37b055024313a8305201ed18f34b499492b

                            SHA256

                            d9717ad1f9f2061db73f7f0a1c1b4386d60afead68e6dc5cfb372d8e7dfed750

                            SHA512

                            e1737ad16ab5affa9a505280356a94b6a1c7eeede58867a5d77f98eb231ed0790e8f8926d80e775905f21720457ed90f5746db832f4466900d86bf61baa608b6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            1b92f58a8e66b8bcf644faea2ca98b08

                            SHA1

                            d0deda8da4a7cc1ce74ce21907b5ef72c4a73846

                            SHA256

                            03c454ac269d7bc81c2d91ec4757b7a8088713f25c324b533e2ded9784def4e7

                            SHA512

                            1895d65a79895607850f63b158dec55a784ec79edb7db0c41d8d92ae342f9ccf9cfa2906c2f989ca21112d835ff340548712f70828464249b85cef301c1f3fab

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            149a0ac43967f45b9b355b6a6de4ee39

                            SHA1

                            3daeee57ada95138327ee22ad4399ea270c0626e

                            SHA256

                            7fbf7626a936e0d0c973f6aa4618cc392ca2d4ec331e745e0dd53752296c02b5

                            SHA512

                            863cbe2d9153be85fb54bdeceb3869d277b7bb492e952ef8e7af7175110276b76fb11da81788299a76a730ea9f194741bf29702f88b390d77cff14ab45a261da

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
                            Filesize

                            112KB

                            MD5

                            2f1a50031dcf5c87d92e8b2491fdcea6

                            SHA1

                            71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

                            SHA256

                            47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

                            SHA512

                            1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\XWormLoader 5.2 x64.exe
                            Filesize

                            109KB

                            MD5

                            e6a20535b636d6402164a8e2d871ef6d

                            SHA1

                            981cb1fd9361ca58f8985104e00132d1836a8736

                            SHA256

                            b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2

                            SHA512

                            35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\XWormLoader5.2 x32.exe
                            Filesize

                            103KB

                            MD5

                            05493ddb873c6917c8a8e11fd14fa5e0

                            SHA1

                            530af60238cb173a7e501a3cd07b7ede02cd4cd9

                            SHA256

                            65f7d33c327432c939013d7bf36ed6f830948ac6c69f6d54bad5f10c30bd74b9

                            SHA512

                            97c178d90a09eaf0f1f88d1d7922a0cf97498b1f37cf9cb868760e4452acebe07461d904c12e45d39fc00b00ef8ff71a76c163b8a51c262582ab112fdd82c337

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\fakexworm.exe
                            Filesize

                            358KB

                            MD5

                            f6fc2dfa2ab31de05f71c22ae684a499

                            SHA1

                            1140f28080bdde6fda7400911c42fd0dd87280cd

                            SHA256

                            1c80ddf77ad32f54196bb58c953c4891187d1becf0aacbc47a01cd107fe42b86

                            SHA512

                            6567221ea10a87bde4f50a564129917cacd2d17c9e8fdd8f366be9938971bd7ac163ab84ceb4d35548468b6b9ca13a5368e3349aa4d3505d2e77647b6470e736

                            Download Submit

                          • C:\Users\Admin\Desktop\XWorm V5.2 - Copy\ClientsFolder\184F0168363955CD7D4B\Recovery\RecoveryData\autofill.json
                            Filesize

                            2B

                            MD5

                            d751713988987e9331980363e24189ce

                            SHA1

                            97d170e1550eee4afc0af065b78cda302a97674c

                            SHA256

                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                            SHA512

                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            Download Submit

                          • C:\Users\Admin\Desktop\XWorm V5.2 - Copy\GeoIP.dat
                            Filesize

                            1.2MB

                            MD5

                            8ef41798df108ce9bd41382c9721b1c9

                            SHA1

                            1e6227635a12039f4d380531b032bf773f0e6de0

                            SHA256

                            bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

                            SHA512

                            4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

                            Download Submit

                          • C:\Users\Admin\Desktop\XWorm V5.2 - Copy\Guna.UI2.dll
                            Filesize

                            1.9MB

                            MD5

                            bcc0fe2b28edd2da651388f84599059b

                            SHA1

                            44d7756708aafa08730ca9dbdc01091790940a4f

                            SHA256

                            c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

                            SHA512

                            3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

                            Download Submit

                          • C:\Users\Admin\Desktop\XWorm V5.2 - Copy\Icons\icon (15).ico
                            Filesize

                            361KB

                            MD5

                            e3143e8c70427a56dac73a808cba0c79

                            SHA1

                            63556c7ad9e778d5bd9092f834b5cc751e419d16

                            SHA256

                            b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

                            SHA512

                            74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

                            Download Submit

                          • C:\Users\Admin\Desktop\XWorm V5.2 - Copy\XWorm V5.2.exe
                            Filesize

                            12.2MB

                            MD5

                            8b7b015c1ea809f5c6ade7269bdc5610

                            SHA1

                            c67d5d83ca18731d17f79529cfdb3d3dcad36b96

                            SHA256

                            7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e

                            SHA512

                            e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180

                            Download Submit

                          • C:\Users\Admin\Desktop\XWorm V5.2 - Copy\XWorm V5.2.exe.config
                            Filesize

                            183B

                            MD5

                            66f09a3993dcae94acfe39d45b553f58

                            SHA1

                            9d09f8e22d464f7021d7f713269b8169aed98682

                            SHA256

                            7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

                            SHA512

                            c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

                            Download Submit

                          • C:\Users\Admin\Desktop\XWorm V5.2 - Copy\XWormLoader 5.2 x64.exe
                            Filesize

                            543KB

                            MD5

                            d22551b39da5ed3f79aedc08591581b7

                            SHA1

                            c68c13960699d6182e52fd67e15e50087cc64d17

                            SHA256

                            bfc1fc390163b4fa84f87d2e5d59a387e0f7d887bfdbff1574433a8b9009556d

                            SHA512

                            62ea15e446312868f253ba908d4ea9ca19330bdbe0eb181b1339b093a45c8e7dd55eca610b2851b18b2f67c000838986cfeac4c8f8651ee10724fd27d0783b91

                            Download Submit

                          • C:\Users\Admin\Desktop\XWorm V5.2 - Copy\XWormLoader 5.2 x64.exe.config
                            Filesize

                            187B

                            MD5

                            15c8c4ba1aa574c0c00fd45bb9cce1ab

                            SHA1

                            0dad65a3d4e9080fa29c42aa485c6102d2fa8bc8

                            SHA256

                            f82338e8e9c746b5d95cd2ccc7bf94dd5de2b9b8982fffddf2118e475de50e15

                            SHA512

                            52baac63399340427b94bfdeb7a42186d5359ce439c3d775497f347089edfbf72a6637b23bb008ab55b8d4dd3b79a7b2eb7c7ef922ea23d0716d5c3536b359d4

                            Download Submit

                          • memory/876-342-0x0000000000E90000-0x0000000000EF0000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/1668-364-0x0000014A7FBC0000-0x0000014A807F8000-memory.dmp

                            Filesize

                            12.2MB

                            Download

                          • memory/1668-372-0x0000014A1B460000-0x0000014A1C04C000-memory.dmp

                            Filesize

                            11.9MB

                            Download

                          • memory/1668-374-0x0000014A80A00000-0x0000014A80BF4000-memory.dmp

                            Filesize

                            2.0MB

                            Download

                          • memory/3356-343-0x00007FFE73E70000-0x00007FFE74931000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/3356-318-0x0000000000070000-0x00000000000FE000-memory.dmp

                            Filesize

                            568KB

                            Download

                          • memory/3356-317-0x00007FFE73E73000-0x00007FFE73E75000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/3356-328-0x00007FFE73E70000-0x00007FFE74931000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4508-360-0x0000000000120000-0x0000000000140000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/4728-357-0x0000000000BB0000-0x0000000000BD0000-memory.dmp

                            Filesize

                            128KB

                            Download