toxiceye | 31890493973af1dbe3ecd33a59536cc24fa753ccb603372e17a05eafa5378746

Resubmissions

16-12-2023 16:06

231216-tkkzbaddg7 1

16-12-2023 15:35

16-12-2023 15:29

16-12-2023 15:29

16-12-2023 15:23

16-12-2023 15:20

Analysis

max time kernel
183s
max time network
216s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
16-12-2023 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

D3STR0YCOMPUT3RS.bat
Size

26KB
MD5

18aa3a29ea6572754fbf785a2eb03ed6
SHA1

69ee89c62e3fce0ae58e5803e283b511b41e8d81
SHA256

31890493973af1dbe3ecd33a59536cc24fa753ccb603372e17a05eafa5378746
SHA512

f2d1cf6512807e7868a48ea0c94eda7c6e75c8f5bad03e2a3313c39c83230b5116a78c803979ad051539c4dbcbf9aaf5c430f3d2259eca714d63e626ab4414a9
SSDEEP

384:89OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9Oh:3

Score

10^/10

toxiceye rat trojan

Malware Config

Extracted

Family

toxiceye

https://api.telegram.org/bot5536756167:AAFMcQrFbMZMBynbrtZUudaOT9ndCJXIqT4/sendMessage?chat_id=2024893777

Signatures

ToxicEye
ToxicEye is a trojan written in C#.
rat trojan toxiceye

Executes dropped EXE 3 IoCs

pid	Process
5264	win-xwarm-builder.exe
4816	xwarm-rat-builder.exe
2848	Update.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4388	schtasks.exe
4056	schtasks.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
5424	timeout.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
5160	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133472145604207199"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
1608	chrome.exe
1608	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 6020	2676	chrome.exe	88
PID 2676 wrote to memory of 6020	2676	chrome.exe	88
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 2240	2676	chrome.exe	91
PID 2676 wrote to memory of 3540	2676	chrome.exe	90
PID 2676 wrote to memory of 3540	2676	chrome.exe	90
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95
PID 2676 wrote to memory of 1776	2676	chrome.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D3STR0YCOMPUT3RS.bat"
1⤵
PID:1664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffac2d89758,0x7ffac2d89768,0x7ffac2d89778
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:2
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4072 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4656 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5436 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5468 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5088 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3712 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
  2⤵
  PID:2744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3848

C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe
"C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe"
1⤵
PID:244
- C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe
  "C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe"
  2⤵
  - Executes dropped EXE
  PID:5264
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Static\Update.exe"
    3⤵
    - Creates scheduled task(s)
    PID:4056
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp4DE3.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp4DE3.tmp.bat
    3⤵
    PID:4016
  - - C:\Windows\system32\tasklist.exe
      Tasklist /fi "PID eq 5264"
      4⤵
      Enumerates processes with tasklist
      PID:5160
  - - C:\Windows\system32\find.exe
      find ":"
      4⤵
      PID:4952
  - - C:\Windows\system32\timeout.exe
      Timeout /T 1 /Nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5424
  - - C:\Users\Static\Update.exe
      "Update.exe"
      4⤵
      Executes dropped EXE
      PID:2848
    - - C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Static\Update.exe"
        5⤵
        Creates scheduled task(s)
        
        PID:4388
- C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe
  "C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe"
  2⤵
  - Executes dropped EXE
  PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
74KB

MD5
8384f38c6913c0610cad73b3537b8851

SHA1
1466845b97f434237c38337ae931521d75af9221

SHA256
c8a85bfac6d5987025b53961bf6384f4e9172bfc68ac8e52f7b25e77cb51b4e1

SHA512
bf20522aa360084280cc18e2eaa01c3cb8b696165074871f768c6737de5a529c8513dbc69dd10ecc2902a4e03e9af42d58f2b818a1376bd3ddaaeddd90d031d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
40KB

MD5
929729aa7cff46b3dad2f748a57af24c

SHA1
81aa5db7dd63c79e23ccd23bf2520ab994295f2e

SHA256
3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f

SHA512
a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
40KB

MD5
80fdffa43780196ea28a74c01b4b6c69

SHA1
02d48ccb6691284117e6477650c988028fe1f483

SHA256
a31e7c91ba7ccb3b68ff10ee4e1e9303bcedcf0a19f7a603e532492910f970e7

SHA512
3614a56b38b6a21deb156f8d09facdb6618c6afbc3436f3e083f4c1b0b3163a0f8560f71fb8838a6519eb2d314c0a7123b05ed169236e569a6d771efc2a9ca17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
44KB

MD5
4e90f58db53da2207a34d1cdd04b56b3

SHA1
0d7a983f93c72a186369900e36c1f69472292679

SHA256
d4dba762aa70749391513700e4716939bdeefec33c825eecd6c26e97a40ec35a

SHA512
af63d4b2a5b75f45ea41fabd5cc6d259821e24da37cc3f4c2c4714065579f1e51e87450fa669cc4399eb724d7c0af17eed599229b2e338a86af6085cdcad419b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
22KB

MD5
d0e2d82a108f12dee9a4b4b4fe3170e3

SHA1
cd90a159dd3215d705ae6631ae2a9f71d38b56b3

SHA256
517f0425c755fe6ca4e7e4726c2061f1d3c415239bc383afb1e50f36268e6892

SHA512
77270c8396fb8d67397a1db31a6b2aa9e4855a49f51a731938a932704cecda7b5e41132393ba3319c9fa4b7355e7698d73a43df8fc706bac70e8019a2a6ab5c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
19KB

MD5
4a39d7679905e2864f7960abb5c3d2e4

SHA1
51a171140ccb0000a6b85be6c5c58f83435cbbf5

SHA256
73e087e129e8f7e663ec1ba4381df94bc46ddeb2e4e49cc61eb071c71d729dc6

SHA512
bee6897b3c8825281ff2f6d6709fb3c8c2c8dfff135ad05264e8974cf395a204092c03dcc13aff6c13d2019ae64b053b6079a2b284d8af5fa27c8db61d3eaa2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
313KB

MD5
1a23246992b12b0ba5332bf2125bd04d

SHA1
72e3af6bc33c8360037775d35d1d842e921d513d

SHA256
bbcbbf6f6a4d95084367b8f3cf3edd3b43893990065ecb228079a6e2df10c431

SHA512
3407bbb6237729997aa7ab5ec0dc9f826819d753a20a4be1beaa132e4d6a4ed80b0d8cd9bd8bd1441642b7fd1ffa4d96733d221a0a47add00410e31b4b1e9ce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
122KB

MD5
398e3eeb22294331220ddf1adc60c79f

SHA1
924f71b09190e9a010826ab7d794cc8d68f1a1e2

SHA256
c2de2f9e804a2030ef9430bfaa8ae2905b56c49fe9362ed133ed49db5d65fe38

SHA512
02eabc06f8766f07cfd2a23fb29365e34c57f3a8cfe935589db38edd6d83769ada61b82bd93d36576925c3459f95d90c663a322567513712af438bc2f1b74e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
72a1a40ed3ecb93c614c50f8e884ecb9

SHA1
04813ca13eb7a6141930b74624c5c2518e3cf901

SHA256
281ab545faef22c71fd6a8437f05593840fc56820f51458be6703b0002b33fc1

SHA512
a4c215fa16d94883df21057061c09bf12efee3e7f85dd2194acf502d9b8c52812999ad8986bfc434c8a00658372373ccccfb61ff2b155ec9be9081d7a8db18a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c441be3123b48d54611ff2c7b05d8a45

SHA1
78bb07cd39a48ac9e920cc0cebd61ec7c4100a76

SHA256
a5ae074e7b060e68ab1f97820c30380d1d9aec7aaefdf6aed683a9deac3157da

SHA512
efa9f6042537874a204ba82ceb6e8272f3e53ef79336366eadc974b28ebf6d45d4932c114f197341d5afd7da734f192ec1e7ad2611828f0137912780fa21100d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
db089d27b21315ed06c3a5074ef4ed89

SHA1
00e290ce6c6ffd4d72e548029644b1d3389137b8

SHA256
725b23ee114a9674c1554d74a3404babc5b14393bb32efc76fb81fafe37ea92f

SHA512
04c2e3d9b085a5ef114cab512e018e59b359972b0229c66dad0c0ae7a954f199b27677979d0f1134b754e5254ff8038a5de952c865aa4e23b9638ac8a4608a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
9f81cfeae3abe36678b1f664ff751e6b

SHA1
66de24b62af2838459acd8acc1452264c36fcbd8

SHA256
fc226faa22ad30fd6874006b2e8341fbddc2f7d85dab00cfdef407cc92039e6b

SHA512
540c302ab0d1844b7ce7c2d9c8c375394f0b03975961aac927623c1a1680e9d9ba968fcb3e8ab4dfd653cacce1a94aec37279befe910ac4a184f441829adf95d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
23e5481a0a83b8bebdcbe2b37f717834

SHA1
09f1dc6cebbff5e6a25e86906e0db41af676c2b2

SHA256
fcef94b0608a7a2c3103bf1a75842863f5d498e0d8a726ac7ab0a21eb1ae9a00

SHA512
7127dd3fbea7634ffade300dde9c9e5baf082d33652b60533b2488e849d7f83b9d087e5c54abd30b76df17170c50d21b57e5f5fa7817f8138e45b3290b8ea767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4693fddf3aeee1a4ff366b370908d76a

SHA1
18593de0597029cb40ccec91c13e57e955fc4078

SHA256
c920d93c3bb655967fcff23dfbb01a20735298834b4333e1a4732cdd6e4fb950

SHA512
9d3bc9efb958cf6a392ffde2ea4b3d9cd16171a96df46e87a719021a9ca3504df1c1602d44c5201055c03dfc345d8eda3d34702e256e9ac1b445197fe5f90767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cb758cade3318573a877e1f8744e0ada

SHA1
fad1abeace86e7c38ce56045280a116b2334ce19

SHA256
81c31d8193e5c120f92354dce3989fbcc16c6dfc300832cb2f6a8244413fb841

SHA512
71e9c8481859cdc46f2b99ab2fce5120d24f29b55c364558b9dcc8e3f0ada30a3977b8c607f22a0909c58a1d664ac5f2b7ea3c7e237004adfa9767eea875d92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
9e9a466ca407301e33d88f33a437c7e9

SHA1
f1b56c81f2e1b66af9be2357d6ac26d2eee2b414

SHA256
92aea8b9c9c616da4c6f4ace8e73c6825ed33028506ff2371036ece001a7a397

SHA512
60b88353d77ac2e58dda17c59526d2af4af4caa09c04739ec05119a4ac3d0fc3d13dc08f62e2160de313dfcdf3a0d9152519a6b6eb50223e474012a1ebc7c8de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ad6bd43116718e0d08d96e8d86758493

SHA1
3b06c8fec22603926fdf31f1a4ffc745360b09d6

SHA256
221b1a33b31c33172bf20c690ef3defb65dc9cb3ce2bfd8e3eae293764043c16

SHA512
c87228cc6204715cd8cf96682e15bcc731d35f6b9dcb022bbac27ff5faff025dec492e5c5d7e55a3ed32b374c97c2a262294f92fe5c8a9decd324b66a789c871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f9bfcad34d9d99caf9f4ea8ea0675e4b

SHA1
c375e7d1d225af4068be9e197fe70e997a0106d4

SHA256
c5595eb48e8e4a531f8ba3aab898d99bcd416e4020a0d5c55f423fcb25594af3

SHA512
a57a9b4ac079b89c00428b75a04be0c7d598e6eaa7ba945b5e8a84e06284ccd939576dfb838d6764c321277846b2eb4bf836a530cfae6daf72a081071204eff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8bc1de9a3abca984e58ba21d87e0ccf4

SHA1
e8985756b74c1c2692b24008b155fa976f1bad76

SHA256
6bb3bc8f6f8cc4cede91fb496dbdda65a1740e86f612735afdbc525b9c913f06

SHA512
dc56332a0e241c0e62d204c5f9d1212d0903d7d44063fa503cbb40bb45c193b7b4542c71a40b1f053e6cf8d2a33ebcd6bf6c376cfd6a815673bf9a6717d90e12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
217a00423f11a12f9155c6f20fd55d8a

SHA1
f9da76a490b4c636e91301c2d2eda92f9370bb80

SHA256
490af9601ea97f40b9e39d17d41bffd36c64d84b712401e013e1bcaf9d83c0ec

SHA512
abb4588a0643c4b763a0876c7d1b5ea36f9c560a0a898520c9f529183a0eea1895fa3a3a6f1fd2b2487274139afb9b51fa7ddfb23d2e8efe4e7104c86217c3e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
74cb1e958cc5b54164592d6a1a69b770

SHA1
1fe8cc15d85da8eb60e95d35de87ae7dd83a8e48

SHA256
3968212b4793a39727f0a92b64ac22bc8740d732e751752f9b5e9e501922f0b2

SHA512
0cd7f66a54a3361e7410a39d5afc8e7904130f9e3390ae90f033388b9de7d6a2f106d5cc8a1c6e59fbb28c11345b6e7fdc9558a098399401eb16198c5ffb5e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
938f435fda04b6c64635696ce62e40e7

SHA1
96094509d19aa313e0e826a9d02ce4aafe35506e

SHA256
d2c99639ed1d4a19c04f336f088d9b56bf5070802914001415a4ef2ea2b51495

SHA512
a0080aec00f7f9eacb5376cc1dc50cf5ed6d6664aaa074e0859000b45f36d1345cbe65ab51a488dd7f56e339553184c27fba1173c4bac5169837cd8198b06e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4eca32dbff57f65e9f7d0349b6f8423c

SHA1
b23f738d0afde42946722028867916896087b062

SHA256
8deba224ff780b78e4bf8375b5809a5bd9242ce4bdcade65125995e7c526e1a8

SHA512
95e16c1aac872b45bd6451d67e5461fabcb3d8a05b10709531f0c96650e4edf471c77e58b0387bba41073e3fda66dd614eb6f5c25afc3346d6d49637b53d2e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b93ad736fb07795788e76aad6dff282f

SHA1
63b9fc06f7eaf1c83a1dea92ceec7befd0452e75

SHA256
2ee420cfb730a8990b4f4258158e75a6c9277f806ebdb58c1c8d8b8f3af7ae25

SHA512
14467198f69207b05af944cfbe63b7d385f43c387568a2bb546dacbbbfcda68f74fb7ffb4d39bf6bb76860133ed98dadeebcf33fa93b941fa62bea97759b93e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d79175e7279f0325f0b33bc1674bb8c9

SHA1
692e8db839c728e10730626bd460cc058c89c061

SHA256
777a100a302c84e969af975784ad12cf4cf41b62c344ea9c15c6250da4f12a9f

SHA512
1aa777184e0dcdf46410fd664246b4adbb9db9d2bbfcb9bcb3fa4864c99f833a18eb926e11af4871e47f101adf5a88a1f5b25271886860ceeadb21afb3b9c429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
9ef656e3bf0a7acefc81177b13626993

SHA1
dd78ed027b5b49ef679c8f034485748cf68a6b19

SHA256
6028875420ba438b0f5b928a28011e0888f168567e9f832a32bbed92af49e056

SHA512
17e7f1561524b9417df585a9eb4fc7bf4031211fd53f7fbe0601c9cd59d228d2f7bf12d0afb4d66fc322ef00b334953a1159ad82d236a8e90b1cd5d1196c758c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
066361721d2dd51aeffee3722a6f5ac0

SHA1
327ec5e654a439b2fa890ab88b257f2f610e95b1

SHA256
64dee31a04dd3aae8888b9bb8355cb27f210f013d056d427511f8d60aa611880

SHA512
0ebc154b559d91ee2181721e605fd778b16b27f18e84a1fa54fcd288638c16f4a6cf1df9c52f96adac73f336f0244c82bdd7da96d2ef34aa359059154d9095e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
a9b5d1cce95f6f2342f066c59fc1dde5

SHA1
f8104065b27ae6d73bc1aa408ed54637b3ee051c

SHA256
6320b4533d8ec846db3cb1fa03586a007e555d48d0da7906760ce669aa6f4bbc

SHA512
d07a0b0fec58746924cb7a1a42a473912455bc1b55ce164cca99ad69bded3075ce3d6f9a5c46f37ae87724b92964992c432be8d4e57eed292f79d47b01d1d09b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a0773.TMP

Filesize
89KB

MD5
be6fac1d039daa856b1abe9c27274496

SHA1
8890e660f666d82f3b0b89bc46848d6f863e7bcc

SHA256
88597eaeab44f8012c4d63733dd2fa328edf40d1cb091d301d51b29849d72d62

SHA512
21dbe26f78d6db0601b1e9f2237df82cb4d56db24f410fae78eaa3fe23a951776cf94605d8a2c4ca06d0553921217667074377518500383ae684cd90b95c4050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp4DE3.tmp.bat

Filesize
195B

MD5
84c98f637d42fc7dcf07d10a2564f2b7

SHA1
b5cfe1dae2ebe73f2c3b367eaf210fbd97930c5b

SHA256
b044ff48ce45b00c69fec601f214a175c48bf20e93868e4a15f5caf86c0761d0

SHA512
4478127fba79ae627c35ed223d9663472c9793b4982492b146584bef40580d4b5675ec56d3284de6216e6b3c119c53ce5d73253850815df75c5c5faaaa30fb6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe

Filesize
127KB

MD5
f6f686df785d0abdc66d1f90fa508c4b

SHA1
75f348132001df30cbad9c7cae2e2072fcaca38e

SHA256
61b52af14fc66126a4e7f09b3cff7d3c09e5ad35acf23fb9ba43293fac0c995f

SHA512
7daa425723caade3ec747fbe6e425e26bc419e1a7dccd6253770fe1a118a8b90e0f40f6cf4bdac259e68a0198a384ed1b5de7515958f5e17e4e35219b9077d77

Download Submit
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe

Filesize
5.2MB

MD5
cd23ce40767e112e721f1ca9413ad5fe

SHA1
1cc153580734f48db34bd90a5934fb8523a269c0

SHA256
9e5dd3591ddec14e4c4c7a5173662663c6c81a10987ca106eb3d4a99344587c7

SHA512
4dd48c127fd7c936b6fae6ce1cc65e855aeaf99b9a38a2d6c756afb797631d4fc13d8f539ed6b656bdc3fa7ee2ae9314d4dc527e45d7701dcbebaf0abedec98f

Download Submit
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe

Filesize
5.6MB

MD5
9d2e896d8247b4100425addf532bb416

SHA1
b4998b3c9c23507f6260468c47e6326ce63f718f

SHA256
aab7799172be71f4ce4682725ad2a395cc3180fa0be9650085ca216b46dbccfb

SHA512
4e9d7957b413eeeac93ea1974014e62e906e082cf3fd2bb29fb324aabbd14b3fd2c252500bba99a793dd88906c2cef12e4d28b8c6e7be675e66ce4a4610d6843

Download Submit
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe

Filesize
6.5MB

MD5
a21db5b6e09c3ec82f048fd7f1c4bb3a

SHA1
e7ffb13176d60b79d0b3f60eaea641827f30df64

SHA256
67d9b4b35c02a19ab364ad19e1972645eb98e24dcd6f1715d2a26229deb2ccf5

SHA512
7caab4f21c33ef90c1104aa7256504ee40ff0a36525b15eb3d48940862346ccf90a16eef87c06d79b0ffd920beb103ed380eae45df8c9286768890b15ed1067c

Download Submit
memory/244-656-0x00007FFABF320000-0x00007FFABFDE2000-memory.dmp

Filesize
10.8MB

Download
memory/244-671-0x000001DD1DCE0000-0x000001DD1DD00000-memory.dmp

Filesize
128KB

Download
memory/244-658-0x000001DD1DCB0000-0x000001DD1DCC0000-memory.dmp

Filesize
64KB

Download
memory/244-647-0x000001DD03580000-0x000001DD0366E000-memory.dmp

Filesize
952KB

Download
memory/244-685-0x00007FFABF320000-0x00007FFABFDE2000-memory.dmp

Filesize
10.8MB

Download
memory/244-677-0x000001DD1DDC0000-0x000001DD1DDCA000-memory.dmp

Filesize
40KB

Download
memory/2848-696-0x00007FFABF3D0000-0x00007FFABFE92000-memory.dmp

Filesize
10.8MB

Download
memory/2848-697-0x0000023B7FD00000-0x0000023B7FD10000-memory.dmp

Filesize
64KB

Download
memory/4816-683-0x0000000005DA0000-0x0000000005DAA000-memory.dmp

Filesize
40KB

Download
memory/4816-676-0x0000000074F30000-0x00000000756E1000-memory.dmp

Filesize
7.7MB

Download
memory/4816-680-0x00000000062F0000-0x0000000006896000-memory.dmp

Filesize
5.6MB

Download
memory/4816-681-0x0000000005DE0000-0x0000000005E72000-memory.dmp

Filesize
584KB

Download
memory/4816-682-0x0000000005DC0000-0x0000000005DD0000-memory.dmp

Filesize
64KB

Download
memory/4816-678-0x0000000000BC0000-0x0000000001252000-memory.dmp

Filesize
6.6MB

Download
memory/4816-684-0x0000000005FD0000-0x0000000006026000-memory.dmp

Filesize
344KB

Download
memory/4816-679-0x0000000005CA0000-0x0000000005D3C000-memory.dmp

Filesize
624KB

Download
memory/4816-692-0x0000000005DC0000-0x0000000005DD0000-memory.dmp

Filesize
64KB

Download
memory/4816-691-0x0000000007AD0000-0x0000000007B36000-memory.dmp

Filesize
408KB

Download
memory/5264-690-0x00007FFABF320000-0x00007FFABFDE2000-memory.dmp

Filesize
10.8MB

Download
memory/5264-675-0x000002D0E2D70000-0x000002D0E2D80000-memory.dmp

Filesize
64KB

Download
memory/5264-669-0x000002D0E1040000-0x000002D0E1066000-memory.dmp

Filesize
152KB

Download
memory/5264-673-0x00007FFABF320000-0x00007FFABFDE2000-memory.dmp

Filesize
10.8MB

Download