ae954270e3858099736ab1933377207a50cbe131c07587689635cced33689d52

Analysis

max time kernel
42s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2025 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xworm Server.rar
Size

45.2MB
MD5

8fcf03f1448aa2a924b879d01c85c7bf
SHA1

acc1449e43e8bdcc53b002ffe1b8fcce5baccbf1
SHA256

ae954270e3858099736ab1933377207a50cbe131c07587689635cced33689d52
SHA512

d749625a0d472a7b99b608ac5f47d899f9281370a2e74fe0c573b27cb059bec09d35d911903252ac319283c108b0df4233a5b1b14ec086a73ade634e85600556
SSDEEP

786432:wyedu3wt2fvZoCHFpMz6HuHmIbxV44bnwApgj6x+TJEEzSUblzdj+Yv:Gdu3wqoCv8VFVTrwM+6MTSkHFv

Score

7^/10

discovery upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	Xworm V5.6.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	loader.exe

Executes dropped EXE 3 IoCs

pid	Process
4456	Xworm V5.6.exe
2172	loader.exe
2240	Xworm Loader.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000024831-4878.dat	upx
behavioral1/memory/2172-4882-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2172-4892-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	loader.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm Loader.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm Loader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm Loader.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

pid	Process
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1236	7zFM.exe
2240	Xworm Loader.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	1236	7zFM.exe
Token: 35	1236	7zFM.exe
Token: SeSecurityPrivilege	1236	7zFM.exe
Token: 33	3204	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3204	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1236	7zFM.exe
1236	7zFM.exe
1236	7zFM.exe
1236	7zFM.exe
2240	Xworm Loader.exe
2240	Xworm Loader.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2240	Xworm Loader.exe
2240	Xworm Loader.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 2172	4456	Xworm V5.6.exe	101
PID 4456 wrote to memory of 2172	4456	Xworm V5.6.exe	101
PID 4456 wrote to memory of 2172	4456	Xworm V5.6.exe	101
PID 4456 wrote to memory of 2240	4456	Xworm V5.6.exe	102
PID 4456 wrote to memory of 2240	4456	Xworm V5.6.exe	102
PID 2172 wrote to memory of 760	2172	loader.exe	103
PID 2172 wrote to memory of 760	2172	loader.exe	103

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Xworm Server.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4224

C:\Users\Admin\Desktop\Xworm Server\Xworm V5.6.exe
"C:\Users\Admin\Desktop\Xworm Server\Xworm V5.6.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Users\Admin\AppData\Local\loader.exe
  "C:\Users\Admin\AppData\Local\loader.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Windows\system32\cmd.exe
    "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C90D.tmp\C90E.tmp\C90F.bat C:\Users\Admin\AppData\Local\loader.exe"
    3⤵
    PID:760
- C:\Users\Admin\Desktop\Xworm Server\Xworm Loader.exe
  "C:\Users\Admin\Desktop\Xworm Server\Xworm Loader.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2240

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\@jimp\custom\LICENSE

Filesize
1KB

MD5
9551d6a1683826a097eab9cd75ac7bcb

SHA1
95501392f85bf3fe2c4b4b6aa257788452980892

SHA256
942eab097945c835cf41abcbf1b9a6659c5d0c3493e60c56796d2e045c219278

SHA512
c62767abe93f8f09b9cb5e46141898897ff1d91729975187b6157f588f07344c644384b6450407cd036330772599a7fc6c552a6385d9086c6556c65f4f9ee61f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\@jimp\plugin-contain\CHANGELOG.md

Filesize
2KB

MD5
6b201806002e3dc5825083eb612a5cb3

SHA1
40e985b390a59beb1c90c9e3b2caf052a06b8f64

SHA256
6d8f825bd629e540a0a1fb53f39a5892c65b50026ae5ac1c6f6e4e80d6b4f3c4

SHA512
025f3cd6497eb6a20dedd8692b2b5203682efe5dee282dc47bc70a6649fd262970c30de48f0e8bdc8b208f4461d479dd04df77d6b244a388aad00c01a5c896bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\@jimp\plugin-dither\CHANGELOG.md

Filesize
2KB

MD5
5b81017432f77b96dd0a42d924c7924a

SHA1
8a4b7f0682d7571a597b30ac8b20bf53df3e2e83

SHA256
c38afd80fe96c5bf10f064cb3566885b585e8bb1a3396dd107720e6fdb5f99ae

SHA512
b246325fdf2b86d3fa79aea722831328900ddd871c1f75b6f1b7fcf9d83dc1896390dae420aad258a9199be2e5cd8974086f0ee51fdc0232e7036956c1f69803

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\@jimp\plugin-threshold\babel.config.js

Filesize
773B

MD5
99f351de432a4edd0dbe45255c03b120

SHA1
3f1270e80d5905e9276030aa1b7ebdaf13dff5f3

SHA256
b5605e07a11df21f28a90de71a7e591754adda74074f179265cf6c5973d8db7b

SHA512
39b010159c5d9f0aa9775d57b77f76ee3bcfd5466311af6aa2e1e023c0a1ee61844c11925b11bf92540405751a0a6bfd3a6f12d524288a72a4afc3f705b07593

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\@types\node\LICENSE

Filesize
1KB

MD5
d4a904ca135bb7bc912156fee12726f0

SHA1
689ec0681815ecc32bee639c68e7740add7bd301

SHA256
c2cfccb812fe482101a8f04597dfc5a9991a6b2748266c47ac91b6a5aae15383

SHA512
1d0688424f69c0e7322aeb720e4e28d9af3b5a7a2dc18b8b198156e377a61a6e05bc824528fca0f8e61ac39b137a028029ff82e5229ad400a3cc22e2bdb687ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\bmp-js\test\bit32_out.bmp

Filesize
29KB

MD5
cda58bb280bb5c67f8152fa3cefcc950

SHA1
7a93a8a61c794d558dbe1f6965b5c60081d34c76

SHA256
b2348e7be0f01e79ffdc15b334792aa71ff06d64fed5cac20b705b0f39a0b6be

SHA512
9592cb5b002b02c60330f3dc9275bcfecf3a950feecbfd5f9ab66f4ca7fb39e51fbcc28c61d572c68de24672584f23bf268a5139fc9eb24a58bebad72363bcc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\engine.io-parser\build\esm\decodePacket.browser.d.ts

Filesize
156B

MD5
b6cd5983b32f4d4ddd5502c0f10d066a

SHA1
674e38f718debae7bc8345b395bfb48c1837c67f

SHA256
4b84373e192b7e0f8569b65eb16857098a6ee279b75d49223db2a751fdd7efde

SHA512
1aa2197f2c97df6ebc151a6aa9733b5cc8ffd34dd5bb275269f8fe84dea08ae537b9e5a9921dad19c6b473a9266b76ef27ee15ba25acc43d0ca1629551481177

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\get-intrinsic\.nycrc

Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\hasown\.eslintrc

Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\hasown\.nycrc

Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\jimp\browser\examples\dice.png

Filesize
213KB

MD5
206fa05527ccbaec58391b202c73e500

SHA1
6da7812435aae769e15ad1d21f96773b3613cd6a

SHA256
af8e81e3089ad082f171266b4de154bd398de4df0d41c90dc592bb12ef5723a6

SHA512
392d4c5f63cad358ff0c114b797a545cc5b1c8616dbdb074305107460a63f1ed6c2f6002b66060247bd24b5ebf69d538fc7a1080fa2a0d1653f49ab2b8c440db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\rimraf\LICENSE

Filesize
765B

MD5
82703a69f6d7411dde679954c2fd9dca

SHA1
bb408e929caeb1731945b2ba54bc337edb87cc66

SHA256
4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b

SHA512
3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-adapter\node_modules\debug\LICENSE

Filesize
1KB

MD5
d85a365580888e9ee0a01fb53e8e9bf0

SHA1
59e43165aeefdfe28d5e497a0aaef79d6d622af0

SHA256
3a61c6c96caf5c1d9b623fb9b04c822b783dfcb78aa7e49c76a3f643e6ed7f95

SHA512
3489ec3783403daa899ec5bd89d8d23a7386ab2cea6243ccccb23d2cd7a69c735f2852d66a6c3571d22a7bf724823173c8c115c4e49b9120331638145e3dc058

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-adapter\node_modules\debug\README.md

Filesize
21KB

MD5
44d6d103f294667967e0975107c50e59

SHA1
86a542a5178a95047aab606b0605cd8d56e7053c

SHA256
27542cdec68da894345048dd553144e12764fb1f1c33e602bec276d7a50c56a3

SHA512
dd8222e2ed98720c4ce9018d0c464319c9468224d902e61c2b41c978a680eb9dc01d2094d8513868fa653f7a9b235ad9f9aa26e6d12a2399d5c7e4384f0aa381

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-adapter\node_modules\debug\package.json

Filesize
1KB

MD5
9eebfd87feae25b89e06df41490bd931

SHA1
0e255d8fc204ddfe2f49b257cf527a973af7859e

SHA256
952ea1ef23d0acb5e23274fb4a50e6dc408b417f23015e81d139c3bce0e9af4e

SHA512
1f092ce3530534dc574d4c987728fb691147c14e32fa8b4ccd7e88984f69fa7fdff4ba82121be2351ce103e88bd8378c15e75e668141570ed143d23254f70449

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-adapter\node_modules\debug\src\browser.js

Filesize
5KB

MD5
20bd9fad97b79a0a28e550ade5cd3ab3

SHA1
e63a38b9e85d1d86dea2e02c6f885fa001b49d34

SHA256
4e3dc6d0e1db58a0d74206b443f35582d3b717be56a0f6d030c34af6c2ad9f62

SHA512
6905ed5f21c03abb872232b8356cd40ef3a8d095e2b944049563f87b006a4d480d7b4f5b58005f5d5265ab8a08ff0e3861fe342da060e5b73e45472391d3d47b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-adapter\node_modules\debug\src\common.js

Filesize
6KB

MD5
28e94a3cc7d081498bea5ced383038f6

SHA1
c9707394c09387b56864a8865158d29fd307774a

SHA256
c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37

SHA512
5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-adapter\node_modules\debug\src\index.js

Filesize
314B

MD5
d6c53f5a0dd8f256d91210ad530a2f3e

SHA1
0f4ce3b10eff761f099ac75593f7e05b149ae695

SHA256
aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3

SHA512
4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-adapter\node_modules\debug\src\node.js

Filesize
4KB

MD5
29e5634a253db67e7f6b24318eba115b

SHA1
769a6316f547868e1f91286d3c8184713807dea5

SHA256
d7b26d7c92f8ea7794b77ce11f3c11cd18c9084df7c357e3c7025344fa28aac6

SHA512
8017e730cb8d9f0cf4c5f5c3ce9074e00efbe59f041ed96d336ecc3cfdf5a22892d6dd4f9e222397f00f9c546a9feec8f48d31f6972f9e0324c2e270d7ca8f3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-adapter\node_modules\ms\index.js

Filesize
2KB

MD5
fddcc2097091479666d0865c176d6615

SHA1
55f9b3a7d4cfbf68b19ccd0d698aa86483dd4694

SHA256
55986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c

SHA512
252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-adapter\node_modules\ms\package.json

Filesize
705B

MD5
b3ea7267a23f72028e774742792b114a

SHA1
fe112804e727b4f3489e9a52900349d0a4ed302c

SHA256
3708fd273bf5b1e91c72d88143f48ad962adcc10b99250a4a203d13804f37757

SHA512
01975d65bc491d0b39435d793a62bcdba6b5edf4fb886de0e48a8a393e26fdf31bdfb4f91dd7e10ba69a1e62ed091d5ea04f9f8bf57d784c3491a5c5c8472988

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-adapter\node_modules\ms\readme.md

Filesize
1KB

MD5
04009e125e00c7e93c7c1295707858d8

SHA1
bc16733cc72e710dc1d447280e17d9c2c0b3f3ba

SHA256
312f19921548f72b8432695039c4f8e68d3264bcb33c2edec59fb62bb3ac0d8d

SHA512
ad1e97a666779216847353c41448d0f9e5b204821099ff482a74f14f308d64f5b52ff9e9e250460db8ed52f1af1eca6c6b7a451976214c3a65eec53931c08ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-parser\build\esm-debug\binary.d.ts

Filesize
673B

MD5
5567dd45c776a4e063893e0d80d9b63c

SHA1
5c1b77723b701bd32f9c1c9f742212d6409a58cb

SHA256
f233d56f423b86ffc2039c61ca75a3a6a8aa3a943cf1ff29cc160486185ecb9c

SHA512
d3e4f2a7c5fc03015cccc2717394f5ead635cb8fe4b905aa6c7426e4830d3d5dc40f588532efabd92f046060747c51ddb3e42e9eda5e8e042576a07269d58cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-parser\build\esm-debug\index.d.ts

Filesize
2KB

MD5
70b84039b128da8bfaba2ddaf1553dbe

SHA1
a47830997724da539a70b36176f8203483824380

SHA256
7537e0e842b0da6682fd234989bac6c8a2fe146520225b142c75f39fb31b2549

SHA512
cddad5150623cf15aa9a45f00bfb23a44aae2dc33ebda1c85f5dc0af493fab6ac3525dc0a01035b8fd1891cd1804c7c566b133c17c057380dd101928bd82d65c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io-parser\build\esm-debug\is-binary.d.ts

Filesize
214B

MD5
585831d99ddabe07f34044620bb34f92

SHA1
4753f3117b9617376a33da3e32b72683ae41fc54

SHA256
1da3b6a36b83b8b723f6fbf7bed731a79b60a735c31893ccef57cb5e68283b10

SHA512
162276a589f4cb83f46472ecb113514ff40d04a67cb8e0cbe570da65add7e10d7ef1d1050d5df7b6c0b07ad48aadcb7e54793b057bd7e3c2cab7f798accc193e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\socket.io\node_modules\ms\license.md

Filesize
1KB

MD5
fd56fd5f1860961dfa92d313167c37a6

SHA1
884e84ebfddafd93b5bb814df076d2ebd1757ba8

SHA256
6652830c2607c722b66f1b57de15877ab8fc5dca406cc5b335afeb365d0f32c1

SHA512
2bec1efb4dc59fa436c38a1b45b3dbd54a368460bcbbb3d9791b65275b5dc3c71a4c54be458f4c74761dccb8897efaab46df5a407723da5c48f3db02d555d5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\tinycolor2\esm\package.json

Filesize
23B

MD5
d0707362e90f00edd12435e9d3b9d71c

SHA1
50faeb965b15dfc6854cb1235b06dbb5e79148d2

SHA256
3ca9d4afd21425087cf31893b8f9f63c81b0b8408db5e343ca76e5f8aa26ab9a

SHA512
9d323420cc63c6bee79dcc5db5f0f18f6b8e073daaf8ffa5459e11f2de59a9f5e8c178d77fa92afc9ddd352623dec362c62fff859c71a2fab93f1e2172c4987f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\vary\LICENSE

Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4D4F15C7\Xworm Server\node_modules\xml-parse-from-string\LICENSE.md

Filesize
1KB

MD5
036fc2bc0bcbaea4c8d67828e8f6c016

SHA1
b974b0e165840a0a37adb675e9e95d98274436d3

SHA256
fb153e8eaf70c10aa169bc3d7401946a9d51163cafaca23458cea8e67de972f4

SHA512
aa4ef252d8cfee64e3b63e16b23d61a1036d424305cd43e7d219632ad127638e4dc02721bfda86a1eece1d9744d57e07bf836f106a4c93e34bfc04fa2d94f511

Download Submit
C:\Users\Admin\AppData\Local\Temp\C90D.tmp\C90E.tmp\C90F.bat

Filesize
373B

MD5
3775870522d2be99444ded286ceb2482

SHA1
ebf781d950f4afe2801571ca6e8b4e0028597c3c

SHA256
847b39b7fbb8e3295bad103771ce8d17bb0d023e3ad1a3fe60aad62480918ad9

SHA512
84eba382ec07040f00cd3bdc5dd78c773edbffa4300b0c12e7aef5eb43062cafc72e8fb73aeb987db46953354dbac26642e99a1195c5c46aba18a18c0b4ef68a

Download Submit
C:\Users\Admin\AppData\Local\loader.exe

Filesize
45KB

MD5
7f0b41121a1a66451a2ec943c3af4957

SHA1
76d9cbec427c8e12dccde8f6a8b39b9f8af32124

SHA256
29aa5fc16144c6e3eb1099cd4e2050bef777f14d155ede9d67f7b3cf9bfffb2d

SHA512
131594564439e111edf5ad4fc362335bcd637ad2aec8a3e42abe0b17c5c3b550d0e89cd2b1c103200c748de1bdbcedcdb151c4b40d9c0e445d55d0475af47be0

Download Submit
C:\Users\Admin\Desktop\Xworm Server\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\Xworm Server\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Desktop\Xworm Server\Sounds\Intro.wav

Filesize
238KB

MD5
ad3b4fae17bcabc254df49f5e76b87a6

SHA1
1683ff029eebaffdc7a4827827da7bb361c8747e

SHA256
e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

SHA512
3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

Download Submit
C:\Users\Admin\Desktop\Xworm Server\Xworm Loader.exe

Filesize
14.9MB

MD5
56ccb739926a725e78a7acf9af52c4bb

SHA1
5b01b90137871c3c8f0d04f510c4d56b23932cbc

SHA256
90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

SHA512
2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

Download Submit
C:\Users\Admin\Desktop\Xworm Server\Xworm V5.6.exe

Filesize
7.8MB

MD5
8112a8f930610e2f45a42029f067328a

SHA1
1ad30e5552e658ac30bf0fd427589d44bdc192f8

SHA256
8cf87c26520f2a9e09090cbdabe41fa70e99147a47c20381674d367ab8fdce3d

SHA512
6a50b9ad2a8d61adfef25bd7cffdc78058bb549a5700f865e8338c354a01f17e058a33edb10aacc261dc5af79e5238aee4d2589e3ceb0c41eaefe5fd95ee5c65

Download Submit
C:\Users\Admin\Desktop\Xworm Server\Xworm V5.6.exe.config

Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
memory/2172-4882-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2172-4892-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2240-4894-0x000002791F2E0000-0x000002791F4D4000-memory.dmp

Filesize
2.0MB

Download
memory/2240-4889-0x00000279023E0000-0x00000279032C8000-memory.dmp

Filesize
14.9MB

Download
memory/4456-4872-0x0000000000670000-0x0000000000E44000-memory.dmp

Filesize
7.8MB

Download
memory/4456-4888-0x00007FFBC1350000-0x00007FFBC1E11000-memory.dmp

Filesize
10.8MB

Download
memory/4456-4875-0x00007FFBC1350000-0x00007FFBC1E11000-memory.dmp

Filesize
10.8MB

Download
memory/4456-4871-0x00007FFBC1353000-0x00007FFBC1355000-memory.dmp

Filesize
8KB

Download