Malware Analysis Report

2024-09-11 14:49

Sample ID 240611-lltzlssgnn
Target crackAKKRIENPREMIUM.exe
SHA256 dd5150fda9fcfe24861a0c8a080a292978945239e440108e38a93194326f790a
Tags
xworm persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dd5150fda9fcfe24861a0c8a080a292978945239e440108e38a93194326f790a

Threat Level: Known bad

The file crackAKKRIENPREMIUM.exe was found to be: Known bad.

Malicious Activity Summary

xworm persistence rat trojan

Xworm

Xworm family

Detect Xworm Payload

Drops startup file

Executes dropped EXE

Adds Run key to start application

Looks up external IP address via web service

Unsigned PE

Enumerates physical storage devices

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Scheduled Task/Job
T1053
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Scheduled Task/Job
T1053
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Scheduled Task/Job
T1053
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-11 09:37

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 09:37

Reported

2024-06-11 10:13

Platform

win10-20240404-uk

Max time kernel

1793s

Max time network

1796s

Command Line

"C:\Users\Admin\AppData\Local\Temp\crackAKKRIENPREMIUM.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crackAKKRIENPREMIUM.lnk C:\Users\Admin\AppData\Local\Temp\crackAKKRIENPREMIUM.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crackAKKRIENPREMIUM.lnk C:\Users\Admin\AppData\Local\Temp\crackAKKRIENPREMIUM.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
N/A N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\crackAKKRIENPREMIUM = "C:\\Users\\Public\\crackAKKRIENPREMIUM.exe" C:\Users\Admin\AppData\Local\Temp\crackAKKRIENPREMIUM.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Public\crackAKKRIENPREMIUM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1220 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\crackAKKRIENPREMIUM.exe C:\Windows\System32\schtasks.exe
PID 1220 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\crackAKKRIENPREMIUM.exe C:\Windows\System32\schtasks.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\crackAKKRIENPREMIUM.exe

"C:\Users\Admin\AppData\Local\Temp\crackAKKRIENPREMIUM.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "crackAKKRIENPREMIUM" /tr "C:\Users\Public\crackAKKRIENPREMIUM.exe"

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

C:\Users\Public\crackAKKRIENPREMIUM.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp
UA 91.196.82.11:7777 tcp

Files

memory/1220-0-0x00007FFC0D713000-0x00007FFC0D714000-memory.dmp

memory/1220-1-0x0000000000FF0000-0x0000000001000000-memory.dmp

memory/1220-2-0x00007FFC0D710000-0x00007FFC0E0FC000-memory.dmp

C:\Users\Public\crackAKKRIENPREMIUM.exe

MD5 d57a0d2d73d065060516bbee10ce6c95
SHA1 f367b45f918feccbf138a42fe45191bd4db5cdf8
SHA256 dd5150fda9fcfe24861a0c8a080a292978945239e440108e38a93194326f790a
SHA512 984cdbc97807a0000465d3b905aa37eb7f862336468d9550293e884b3249f8729459f95cd3b55cfcd0705798b0b2a00edce681417f673d54ea5bff5bec6633ff

memory/1220-11-0x00007FFC0D713000-0x00007FFC0D714000-memory.dmp

memory/3684-14-0x00007FFC0D710000-0x00007FFC0E0FC000-memory.dmp

memory/1220-15-0x00007FFC0D710000-0x00007FFC0E0FC000-memory.dmp

memory/3684-17-0x00007FFC0D710000-0x00007FFC0E0FC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\crackAKKRIENPREMIUM.exe.log

MD5 16c5fce5f7230eea11598ec11ed42862
SHA1 75392d4824706090f5e8907eee1059349c927600
SHA256 87ba77c13905298acbac72be90949c4fe0755b6eff9777615aa37f252515f151
SHA512 153edd6da59beea6cc411ed7383c32916425d6ebb65f04c65aab7c1d6b25443d143aa8449aa92149de0ad8a975f6ecaa60f9f7574536eec6b38fe5fd3a6c6adc