Analysis Overview
SHA256
5cda2005efea3007513401b78b0d49bdaf40eb9272b4470debe813f3b4e3ca27
Threat Level: Known bad
The file XClient.exe was found to be: Known bad.
Malicious Activity Summary
Xworm family
Detect Xworm Payload
Xworm
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 14:29
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 14:29
Reported
2024-06-14 14:32
Platform
win7-20240611-en
Max time kernel
86s
Max time network
148s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\XClient.exe
"C:\Users\Admin\AppData\Local\Temp\XClient.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1d49758,0x7fef1d49768,0x7fef1d49778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1572 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2348 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3364 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2652 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1436 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3920 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3696 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2636 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 --field-trial-handle=1376,i,13131706124604772102,11967560107281534464,131072 /prefetch:8
C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" SYSTEM
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.0.619594129\1767047011" -parentBuildID 20221007134813 -prefsHandle 1144 -prefMapHandle 1136 -prefsLen 20902 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63fca8dd-c678-4d5a-a38f-61cf605d059f} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 1336 115d5958 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.1.363819353\2023201368" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 20983 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05b70afe-75e6-4dc0-9522-88835b401cfb} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 1496 102e2258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.2.1143693855\1459504138" -childID 1 -isForBrowser -prefsHandle 1984 -prefMapHandle 1980 -prefsLen 21021 -prefMapSize 233414 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b6ab6cc-d67c-4387-8597-ebff7445be6a} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 1996 19838e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.3.299061910\2030502350" -childID 2 -isForBrowser -prefsHandle 1656 -prefMapHandle 1652 -prefsLen 26114 -prefMapSize 233414 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee587daa-a6fb-4cad-8052-2fe566bd325a} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 1856 f70c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.4.733444140\443860550" -childID 3 -isForBrowser -prefsHandle 2396 -prefMapHandle 720 -prefsLen 26114 -prefMapSize 233414 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd57656d-5963-4750-908e-9c428a5433ff} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 2432 f69858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.5.794985349\714851103" -childID 4 -isForBrowser -prefsHandle 3716 -prefMapHandle 712 -prefsLen 26238 -prefMapSize 233414 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bff954e-c924-41ec-b503-1a349e2bde30} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 3728 41eea58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.6.830863404\1218782576" -childID 5 -isForBrowser -prefsHandle 3836 -prefMapHandle 3840 -prefsLen 26238 -prefMapSize 233414 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b9eef72-ff76-4c95-a8a7-2b6808614aa5} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 3828 429df58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.7.1920397805\2100900024" -childID 6 -isForBrowser -prefsHandle 4084 -prefMapHandle 3912 -prefsLen 26162 -prefMapSize 233414 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7ee8890-4c02-40af-a013-c0679aa1b32f} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 4108 20470758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.8.1166545864\2026374958" -childID 7 -isForBrowser -prefsHandle 1884 -prefMapHandle 3584 -prefsLen 26356 -prefMapSize 233414 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7ce15ae-6792-4dbe-b383-6c5fb817dc69} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 4336 1137a258 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | cdn.prod.website-files.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| US | 104.18.5.175:443 | global.localizecdn.com | tcp |
| US | 172.64.153.29:443 | cdn.prod.website-files.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| GB | 18.165.158.90:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 172.64.153.29:443 | cdn.prod.website-files.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| GB | 13.224.81.122:443 | assets.website-files.com | tcp |
| GB | 13.224.81.122:443 | assets.website-files.com | tcp |
| GB | 13.224.81.122:443 | assets.website-files.com | tcp |
| GB | 13.224.81.122:443 | assets.website-files.com | tcp |
| GB | 13.224.81.122:443 | assets.website-files.com | tcp |
| US | 172.64.153.29:443 | cdn.prod.website-files.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 44.237.65.238:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
Files
memory/1764-0-0x000007FEF5893000-0x000007FEF5894000-memory.dmp
memory/1764-1-0x0000000000E60000-0x0000000000E70000-memory.dmp
memory/1764-2-0x000007FEF5890000-0x000007FEF627C000-memory.dmp
memory/1764-3-0x000007FEF5893000-0x000007FEF5894000-memory.dmp
memory/1764-4-0x000007FEF5890000-0x000007FEF627C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
\??\pipe\crashpad_2776_IWBADSGZUBAQEBYG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
memory/1764-91-0x000007FEF5890000-0x000007FEF627C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab2E72.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2F40.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d0a0f6aafbd47b6eeae3c3f60b73d094 |
| SHA1 | 1ef3ef21d49a98fe349a8558cdf3534a40abebbe |
| SHA256 | 578093d3eb9a7030b010e5c29bafb2a1b178c50334b4a0f0b22e6b38eca05ea3 |
| SHA512 | 3030d04da1eb08f48d7d3d5e085e908c5971b2d61932d2df918861de548ab76f661b5a61df73f97398823ba919a1a63af927c95c4b313d350a16c70820f4f3cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df8030e05eccefdb95d81e55eb2cb5dd |
| SHA1 | dc84a27c7c0e6274d1e52ca54bde6b1969c9805d |
| SHA256 | 3428795145259a5d29fb6ac7a2cd6d3e14263e3717c4a3cc4ef602238afa4533 |
| SHA512 | 62ec485f48298d7bd44c30aa563728232fe2129bc82c6f3a4eb4036bae039f3dea5d7145b75a8002d2030862560be4022e934d141591d595775f937b490d3d82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f317381ad8f22852c4d1727af2fca30f |
| SHA1 | 9c579426fe1884454a7712e0f1c245db824899b4 |
| SHA256 | 5a248841b63e8635beaa88ef474a89108e329cce69c829dc052526cba8caf21f |
| SHA512 | ab55978ee42cbd581052227003ec1269306aaaf7773db56f4a4e7b4d77711634c34b1404b93bb238fd8026365813df2a78b7ca5b6752e8e789618ece8ab5fcc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9fc993840eddab348008f4d63d715f5 |
| SHA1 | 024e1e6514e28de00be9efa8e2d9bb55d0ddc5c4 |
| SHA256 | 1fad80ef7efcc90d9970067c81c7aac1653ca9c43fe2b6fb59c6b83bbfee567c |
| SHA512 | 6a3fd81c9b7e5176824e55c8935377f3278911760826161cda6dcaf6eebb8953d36457989a23446c07d3305d5c1654d17543295443b86dc52755d248390eec56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 2785e00edff0172be35ab48397d60dfa |
| SHA1 | 96012922d57455e3707ce12b85b24389f2dd4aaf |
| SHA256 | 8664629aa40c18d89047d6725ea731e254c7164072963545a0d7175c6893a0c7 |
| SHA512 | 59e7eb3db68529ab2479b951d3394533871479ba59701aba98afcfb606ff55ad3abb18e0681529d4e5e86c96365f55fd556b992f6e9531dd3042cace5c6290ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 114ea1eb2eeb809385544795f93951d6 |
| SHA1 | 7cfa77fdfc8b9fa54ef869f4781c7a87c5068901 |
| SHA256 | 2d4c526a0605df026c55870ed9557a7148dfdc361d038e0643167a5a9ecefaf0 |
| SHA512 | 51a9d7e4e516e73fd57befeffd9fc1fcf9dd779da223216276323c1c9e05ee12df5c4fafa7048bb2c481f2994d186c7e725eef8d53b5e3aa30444490f56da235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f73c010b2c38c860833a59e80cb208b |
| SHA1 | 89b584251e718b297fd899fa742d159b68675bb6 |
| SHA256 | edc9ca83101c00b92defa26bf698dccb6c6f860b97a36cedf9db49c99f67fd70 |
| SHA512 | 5e0ea405259aad5e3b00ba10fd52abab4a4c7cc3cb078a7aeae811d12dc342c48ca5e0ed49ad2da1056c680088a6334919d22affb48809aab2d490724ca421e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc4132cb4714c3109ae3082f705f17a1 |
| SHA1 | edf2e47fc11fd5e8182da6dd3ceba303a33ce97e |
| SHA256 | b2c297faa2bc2682517cb9a5bb17b21b8c3e338ff61845aea2c104876851287f |
| SHA512 | bc2d69ce4996f98de0896f899575c838aaca060ce0ef50ebea2945af76ff13cd3d51b1cbd2e4b492bb8fe3f2ebe0ed0cbd9d5e410672373aafb95591123f8d35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e12a833098ad40fe7fd0b2c8c1873c6 |
| SHA1 | 6449ad4494fdf20dced92677b20a94e314ffe13c |
| SHA256 | 93d3411c09c8cd55db5d6e353e997a1583deaaf2db38bb54bcd457e287e99ae0 |
| SHA512 | 70fdd41f0e9339672771ee94afbd9ee2102191dc7a73074ad515154df56109a05acceac6efda210005de49960a2e566e8231f7146dd51dcfd7e2c3ff04d57726 |
memory/1764-607-0x000007FEF5890000-0x000007FEF627C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bd3088ed7c888020da6a54a6b09cd819 |
| SHA1 | edf27bd631da408e97f9088cc954fc37d5fa7d2b |
| SHA256 | d0a80e4919c12dfe18b16e127b5316607c0a3bd3d9d0c8fbedaed7b3aaf7388f |
| SHA512 | c214bc15b31be3febad9d4c0efb321a79e9df22429a83b11463cd78fb4b3b7145d6002a4b7c79ea6ac1a738102583ef340402b995678c3a60f948c6583fcca67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc9094322a1b7895e490159ceaeab2bb |
| SHA1 | 3376b78a911eb484127f69fcbf31d9c4f1f69bec |
| SHA256 | 882f7f0124c6a6e8345fb4e8e8a857d1a8ad870cb3c12ad13beab7448dc3b637 |
| SHA512 | 9c786b3cbc49029080dcd7985a880c4962556b8dee0a6b899cd41a9a56cd7966c1d73405c27de7888b415d77873784614bbd7b9d944c2b55a71a425efc424608 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 067875d61312638f03bce7f45552de80 |
| SHA1 | 16e4fce8c0b19dafd6aa87fc2a30af8d533443c4 |
| SHA256 | b25a8316fd024f8c00ab5a43b370b94e79d11b65931d6e9baa02f0c1854f10b4 |
| SHA512 | 0917d6aa489a35cf889740c05932e2062e753625f99c457610891e4d3fb103cec6e976e76ed60ce51ad95cedb967747d1ca80ae30a0803d2737615d636ea6aeb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e0a290ec8f373f86183ad5c614cd7f67 |
| SHA1 | 8d75e02d47f7eb4d10181610eef7e04df633c213 |
| SHA256 | 9bd4a3e76d7913c6d305e65bba25ff90ed3a7f5c89aa0617724ba7c525fe382d |
| SHA512 | 9a5f3c24bba8aa1804a9d34cc23a9e40d51b6f8df5d5f9ff6176edc810b026b898f96905c436b99662d96006b352242000a28af787492269cfad69cc4251d38d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 405395f0c97b94d977e94329dfbab572 |
| SHA1 | 4943bf65b450ed3aa9d3b9a68f5bbd8cc8241bd3 |
| SHA256 | 18543e6c21f664ce27264c231518261377201a93523b82d40e146d96b24bb19b |
| SHA512 | 968d907c83e3ca19376acc6e812df736d56d12862c360da5718ebcee61f91613167db2f9449e27f20fb3161c8cac50aae304fc77efbc84446a7a4e46a89fe939 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e9d489d4-21c4-4fd3-8a64-c1c35d32ab50.tmp
| MD5 | 960b0d6b5c557ec036739b8775dab2c2 |
| SHA1 | e3fc311f02c83caaaaab88c58aeb6d238bcbce42 |
| SHA256 | d16bd58e0c8305cb6e5161d78c4d568b54b864ef1afdef0254abe8144a9d06a2 |
| SHA512 | f541ec39e96e057efe94f727ba8c4320e08bb7ad6b29f2210c61bc4b28a1145e32f3d68ff23d2c0ed93a1f9e350fd4857db1b3e7853bd859ff800dcb356c1095 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c7cf104dded2dede9af1d40a563698cd |
| SHA1 | 07831737151913536ecb71206c1879022a4a645a |
| SHA256 | 4da29085b6e4c06765854c653fc056db7cdb592af7e9d808dc85a44b5d6661d7 |
| SHA512 | 5653f1074174b3cceaab32e309c96427f9ba7b1653735cc278dccee585fa7e5c3fb26ca37ae869ad33466f230e6335e9489ce77b3fc5b5fd4ac7c444121820b1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ckqup08y.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | af4fe676c157f44a1fb213e5b4077144 |
| SHA1 | 712c681f6443f2a23fd59bace2a939546382c199 |
| SHA256 | 4ac5ea41da179867a705a35fc2904805836b8e29631f65b05a257ba4f22ca4c4 |
| SHA512 | 142102e0d934a5ec188ea554710314e71d58e866b4da6380a094968bf8b4779c496c2f25811b7533df8d3fca3f62d9bef5be36503fc5e172f787e853ba9454c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\datareporting\glean\pending_pings\8202c3bf-b151-4772-a242-8469b81c3edb
| MD5 | d4868e254aac4ff269af8984998c2d6d |
| SHA1 | d2f3402b27a7d4421740fc477a715d4a4897572b |
| SHA256 | fd092763d55c31436380dbf4974a437fb8ecbff383134017402a5283899a664d |
| SHA512 | da2d3cd891aa15fc7ab6748d1210dace012fb0127b546d0c48add4c30b4b97ea5b35dbd5346e65684a4c1f9f61a32b9e3dfa81b95f0f55cae0aac24c563cd0ff |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\datareporting\glean\pending_pings\167a98fa-708b-4f99-a318-ea6d8187c03a
| MD5 | 01d6d5a745760e6bfc3bd80911451344 |
| SHA1 | 8d84754428ca0ff6b3a6defa57b2709d1e188568 |
| SHA256 | 342c46e6975a698452243895d4069a58ee63e14485e349bd1f29bc94ba07cdb3 |
| SHA512 | c0865b4baa1435bdd32c302aa442b7667cf96d1c9950f3d28ba3b1c1e7b2c629b5dbb7b601ff39298cf8aa04ab84d9d39a4fcce7d281f867cd86f919424cfbb0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 2a9bc729ec721c2063859c2f497fc109 |
| SHA1 | 4b992e90ef555777fc6244d9d242b2b5372729e8 |
| SHA256 | ab19ff5cdbd87eccf6f0c73c1a2faaa0b2c649318f3cab971708d03ac14b47ee |
| SHA512 | c39ab312d9bd6ac337fa43101c81a389029331f071326764a6b93d9ea70eab435d6827729ed8fbf11e0550370bbb38ca523b27b50a00757dac7f3abae03754bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 72a1e6f19eed3d2b74e2a2b1a7653466 |
| SHA1 | 2a99f59f084225223b2a785c9c290352ef5248e9 |
| SHA256 | ba777936f2b21b64cceee86f660421ad87970344fceea71d8f3ff7e9d563e58e |
| SHA512 | c3d83dba6ec58545c86eccfb52e2f4ed6e82dd7e36bfaf410e57026f2007aaa4c5c835396208d0c135ba5fa2780eb9abff89341d71057f9df4a3d846037b69ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6af787bb-c958-4853-be9f-0aa9be9fdab3.tmp
| MD5 | 8f05c9fb95b85aefff7c99066f312543 |
| SHA1 | 0338eb4763a069a7704cbf529a28205de81e54c5 |
| SHA256 | 2cb1cd00272c26759efa277f333e54fc9bd6ec5b148d9e39363b7d8cbd6c4340 |
| SHA512 | d2eea21e52dff016a66dbf9ef10e034d0859892aec39cf59bb10fe3564964f9ae29b6e770b734050c560f491f337a08006eafd043379cd9b8893879ab92884d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ae5f99b78e0df69f6c7a497527a7f426 |
| SHA1 | c6aa25602dcde99621281c44548df469b6533a30 |
| SHA256 | d3dbb7fa2e54557496250ab7773b9a1c18ddc2083e3a69dc67490d1960582668 |
| SHA512 | 439a10af46b157674149522e76d3c4fb771109dcbd3c1634dab71de1af2328ea4d162b0bdd70087a0ec9fe5e979bc135fb4c454ba28f7edbde8cf9651f6931dc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d208311e4db32aa59815658bcc792300 |
| SHA1 | fd8235f41a1027bf76caaed58d7c5f4849348a81 |
| SHA256 | 0cb403cfdb11e7d17b04e06fefc4a9b85400b17b38a1e1ee43abe6b9d4c2ba80 |
| SHA512 | c7fb74b825c3f88dc0c2f986161d86412a438debd947a22d86bca2685d0af2cce43b8712b85c7ebffaefd38c78e5b67efadea192df4ca0abc43e67e469225d1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\prefs-1.js
| MD5 | b7514fa901a781821290ca6379872c36 |
| SHA1 | 1dd040cd48946e1378918a9fb1d22106ff5af613 |
| SHA256 | 6b2ec359b3e1e7c06b31613f9b5c4727f72587c8abb90596ff14e0032a977b24 |
| SHA512 | f0772d3491b67429265d8c404921b48b1136454234d20afe2753e4d87e5a1860d0f0dd929af1867d20dc87bc07ed75cf5aa8ce85e36c17d134cd185f8aef6180 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 14:29
Reported
2024-06-14 14:32
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\XClient.exe
"C:\Users\Admin\AppData\Local\Temp\XClient.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp |
Files
memory/5096-0-0x00007FF8D81B3000-0x00007FF8D81B5000-memory.dmp
memory/5096-1-0x00000000003F0000-0x0000000000400000-memory.dmp
memory/5096-2-0x00007FF8D81B0000-0x00007FF8D8C71000-memory.dmp
memory/5096-3-0x00007FF8D81B3000-0x00007FF8D81B5000-memory.dmp
memory/5096-4-0x00007FF8D81B0000-0x00007FF8D8C71000-memory.dmp