Malware Analysis Report

2024-09-23 02:56

Sample ID 240710-t51v9sybkn
Target XWorm V5.2 .rar
SHA256 e4b004dd8c3648aee2d1efe073cdf5a79c89fffab06395e9c6b57fde30fcf024
Tags
agenttesla agilenet keylogger spyware stealer trojan stormkitty xworm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e4b004dd8c3648aee2d1efe073cdf5a79c89fffab06395e9c6b57fde30fcf024

Threat Level: Known bad

The file XWorm V5.2 .rar was found to be: Known bad.

Malicious Activity Summary

agenttesla agilenet keylogger spyware stealer trojan stormkitty xworm

Contains code to disable Windows Defender

StormKitty payload

Stormkitty family

Xworm family

Detect Xworm Payload

AgentTesla

Agenttesla family

AgentTesla payload

AgentTesla payload

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-07-10 16:39

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

Xworm family

xworm

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:46

Platform

win11-20240709-en

Max time kernel

401s

Max time network

383s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 .rar"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Applications\7zFM.exe C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Applications\7zFM.exe\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000e95852881000372d5a6970003c0009000400efbee9585288e95852882e0000004ef50000000019000000000000000000000000000000d3676f0037002d005a0069007000000014000000 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "2" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Applications\7zFM.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Applications\7zFM.exe\shell\open C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c00310000000000e9588d89110050524f4752417e310000740009000400efbec5525961e9588d892e0000003f0000000000010000000000000000004a000000000056e55200500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Applications C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Applications\7zFM.exe\shell C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \Registry\User\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\NotificationData C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4380 wrote to memory of 3440 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\7-Zip\7zFM.exe
PID 4380 wrote to memory of 3440 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\7-Zip\7zFM.exe
PID 2760 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 .rar"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 .rar"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe

"C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe"

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe

"C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7ec9cc40,0x7ffd7ec9cc4c,0x7ffd7ec9cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2240 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4320 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4612 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4920 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe

"C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffd765b3cb8,0x7ffd765b3cc8,0x7ffd765b3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd765b3cb8,0x7ffd765b3cc8,0x7ffd765b3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xa0,0x10c,0x7ffd765b3cb8,0x7ffd765b3cc8,0x7ffd765b3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4584,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6120 /prefetch:2

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004F0

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 104.86.110.98:443 tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
GB 184.28.176.72:443 r.bing.com tcp
US 20.189.173.6:443 browser.pipe.aria.microsoft.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.78:443 chrome.google.com tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 34.111.35.152:443 cdn4.cdn-telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zE07D10A58\XWorm V5.2 password 1234\XWorm V5.2\Icons\icon (15).ico

MD5 e3143e8c70427a56dac73a808cba0c79
SHA1 63556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256 b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA512 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe

MD5 e6a20535b636d6402164a8e2d871ef6d
SHA1 981cb1fd9361ca58f8985104e00132d1836a8736
SHA256 b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
SHA512 35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe.config

MD5 15c8c4ba1aa574c0c00fd45bb9cce1ab
SHA1 0dad65a3d4e9080fa29c42aa485c6102d2fa8bc8
SHA256 f82338e8e9c746b5d95cd2ccc7bf94dd5de2b9b8982fffddf2118e475de50e15
SHA512 52baac63399340427b94bfdeb7a42186d5359ce439c3d775497f347089edfbf72a6637b23bb008ab55b8d4dd3b79a7b2eb7c7ef922ea23d0716d5c3536b359d4

memory/484-179-0x0000000000CB0000-0x0000000000CD0000-memory.dmp

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\RVGLib.dll

MD5 d34c13128c6c7c93af2000a45196df81
SHA1 664c821c9d2ed234aea31d8b4f17d987e4b386f1
SHA256 aaf9fb0158bd40ab562a4212c2a795cb40ef6864042dc12f3a2415f2446ba1c7
SHA512 91f4e0e795f359b03595b01cbf29188a2a0b52ab9d64eadd8fb8b3508e417b8c7a70be439940975bf5bdf26493ea161aa45025beb83bc95076ed269e82d39689

memory/484-181-0x0000023D4A450000-0x0000023D4A492000-memory.dmp

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Backports.dll

MD5 dd43356f07fc0ce082db4e2f102747a2
SHA1 aa0782732e2d60fa668b0aadbf3447ef70b6a619
SHA256 e375b83a3e242212a2ed9478e1f0b8383c1bf1fdfab5a1cf766df740b631afd6
SHA512 284d64b99931ed1f2e839a7b19ee8389eefaf6c72bac556468a01f3eb17000252613c01dbae88923e9a02f3c84bcab02296659648fad727123f63d0ac38d258e

memory/484-185-0x0000023D4A400000-0x0000023D4A406000-memory.dmp

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.ILHelpers.dll

MD5 6512e89e0cb92514ef24be43f0bf4500
SHA1 a039c51f89656d9d5c584f063b2b675a9ff44b8e
SHA256 1411e4858412ded195f0e65544a4ec8e8249118b76375050a35c076940826cd0
SHA512 9ffb2ff050cce82dbfbbb0e85ab5f976fcd81086b3d8695502c5221c23d14080f0e494a33e0092b4feb2eda12e2130a2f02df3125733c2f5ec31356e92dea00b

memory/484-183-0x0000023D645C0000-0x0000023D645E8000-memory.dmp

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Utils.dll

MD5 79f1c4c312fdbb9258c2cdde3772271f
SHA1 a143434883e4ef2c0190407602b030f5c4fdf96f
SHA256 f22a4fa1e8b1b70286ecf07effb15d2184454fa88325ce4c0f31ffadb4bef50a
SHA512 b28ed3c063ae3a15cd52e625a860bbb65f6cd38ccad458657a163cd927c74ebf498fb12f1e578e869bcea00c6cd3f47ede10866e34a48c133c5ac26b902ae5d9

memory/484-189-0x0000023D646B0000-0x0000023D64706000-memory.dmp

memory/484-187-0x0000023D64650000-0x0000023D646AE000-memory.dmp

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\Mono.Cecil.dll

MD5 de69bb29d6a9dfb615a90df3580d63b1
SHA1 74446b4dcc146ce61e5216bf7efac186adf7849b
SHA256 f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc
SHA512 6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

memory/484-190-0x0000023D4A3C0000-0x0000023D4A3C6000-memory.dmp

memory/484-191-0x0000023D4A3D0000-0x0000023D4A3D6000-memory.dmp

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Core.dll

MD5 b808181453b17f3fc1ab153bf11be197
SHA1 bce86080b7eb76783940d1ff277e2b46f231efe9
SHA256 da00cdfab411f8f535f17258981ec51d1af9b0bfcee3a360cbd0cb6f692dbcdd
SHA512 a2d941c6e69972f99707ade5c5325eb50b0ec4c5abf6a189eb11a46606fed8076be44c839d83cf310b67e66471e0ea3f6597857a8e2c7e2a7ad6de60c314f7d3

memory/484-193-0x0000023D64710000-0x0000023D6474C000-memory.dmp

memory/484-194-0x0000023D64590000-0x0000023D645AA000-memory.dmp

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWorm V5.2.exe

MD5 8b7b015c1ea809f5c6ade7269bdc5610
SHA1 c67d5d83ca18731d17f79529cfdb3d3dcad36b96
SHA256 7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e
SHA512 e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180

memory/484-196-0x0000023D65390000-0x0000023D65FC8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll

MD5 2f1a50031dcf5c87d92e8b2491fdcea6
SHA1 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA256 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA512 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

memory/484-204-0x0000023D667D0000-0x0000023D673BC000-memory.dmp

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\Guna.UI2.dll

MD5 bcc0fe2b28edd2da651388f84599059b
SHA1 44d7756708aafa08730ca9dbdc01091790940a4f
SHA256 c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef
SHA512 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

memory/484-206-0x0000023D65110000-0x0000023D65304000-memory.dmp

memory/484-207-0x0000023D64F10000-0x0000023D650C3000-memory.dmp

memory/484-208-0x0000023D64F10000-0x0000023D650C3000-memory.dmp

memory/484-209-0x0000023D64F10000-0x0000023D650C3000-memory.dmp

memory/484-210-0x0000023D64F10000-0x0000023D650C3000-memory.dmp

memory/484-211-0x0000023D64F10000-0x0000023D650C3000-memory.dmp

memory/484-212-0x0000023D64F10000-0x0000023D650C3000-memory.dmp

memory/484-214-0x0000023D64F10000-0x0000023D650C3000-memory.dmp

memory/484-215-0x0000023D64F10000-0x0000023D650C3000-memory.dmp

memory/484-216-0x0000023D64F10000-0x0000023D650C3000-memory.dmp

memory/484-218-0x0000023D64F10000-0x0000023D650C3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWormLoader 5.2 x64.exe.log

MD5 33bb549a6f0e5d5b27d2af0a0894a55d
SHA1 c6b7b943d8a8d50da22c40d2f80960af63b18ec2
SHA256 f7d6ec766167a17fce46669ca54b383d4468a21faf2eaa5eb02aa1a3b1a2af08
SHA512 2e57b52b60bbd44f07c81f605118922650a6da1a4cd85ecfab4f954f476a7a851e1a71ae7e74a57153dabf7ea49bb6a50ca2c73c384871d5f68f05db6e37ced8

memory/1192-221-0x0000000000CB0000-0x0000000000CD0000-memory.dmp

memory/1192-222-0x0000026C28DC0000-0x0000026C28DC6000-memory.dmp

memory/1192-223-0x0000026C28DD0000-0x0000026C28DD6000-memory.dmp

memory/1192-226-0x0000026C42120000-0x0000026C422D3000-memory.dmp

memory/1192-227-0x0000026C42120000-0x0000026C422D3000-memory.dmp

\??\pipe\crashpad_2760_LOAINUGJXXAGJMHD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/1192-257-0x0000026C42120000-0x0000026C422D3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e1e1057ebd0ad6b04f453dfe96acd517
SHA1 061976489684e6957f322e56eb8e97e2197f3668
SHA256 9f8cc5eb9ed2576ff7019c5e21d455c4b2a50fcafa509412264a5ce0c71b123a
SHA512 d61a67697d0af5761edfbe41476f79e965caf5c5ce2479a88b277e7d18243501b3ab65cd2ea9c61468344aa67a252a8db1ca1bfd3d0fa155c91fdfdf426c4ed1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e689ce60514ab8e71bb4c554ecc03317
SHA1 3f31d86aa5fe6a4fa939bf6d5ca625d3d5eaf43b
SHA256 a5454f65b8f330300e9aef76fb27577bf39b5150a390a0e999855d35b0666abd
SHA512 9df11ddcdf5db91c3d7786e216175e768f3e5b9ace85b583dcf3e96f3aba6a724dd5afa69c693dee8354ac3d9055fe17f20690bc8449f1c48bb3197e75b95889

memory/1192-268-0x0000026C42120000-0x0000026C422D3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 33aef139859eb48c5b99fdc20624dbfd
SHA1 d24827364525c7073abfc14a068e90b824645476
SHA256 87ef3e1c87f2446ef6f3617340fd2c71e84680895e835a66d576eb5929dd7365
SHA512 a791fa1cfcefe98472a32846568a95ccf6fe1676b6740c75db860955e5f5815e73131c69ed6eb10dc55f34cee405d186b274f5e6bb6d1612754d8269674862c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 79fb7c3d5a4773811fe678007d96c8fe
SHA1 8c33a19c3a9b1a6458ad4e19f638a4e107efd385
SHA256 6bc167b8fdb2c2902358f88a1b5d5dbaf25b034763cf39993e419f0501a8724c
SHA512 73165f4f6427c18eabacfa85329cd596d8ce5a1bbd8276396727d0a28ad86eeec71a91f6a82e46d72d4acc718609d348b0a0fb2df42606c221f59934e315da3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5d71e17885098ebecda93ff318c19f3d
SHA1 09162d39b1648283d5dd57b155406f767021b723
SHA256 126f9bc2b14e3a64ec384582c3cc867bef4e8247c24d203bc7492d1280a36049
SHA512 ee554069b0182c222a92a8113fb85570c40e9f01bbaa7812f1e9c7343fc4be008eeba357746a50530f8639a32df5044fa001a1786e1fca4a81835fd1aae3c054

memory/4144-289-0x0000017D82190000-0x0000017D82196000-memory.dmp

memory/4144-290-0x0000017D821B0000-0x0000017D821B6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 034f007151d90944e1f54913f3f7465c
SHA1 103dbd5e0fe695f3a20910b71a8a9b420b938f3d
SHA256 3eaf4884e63aa6be42e7e40eefe31a0a99d5b8b0738c28d686a59de3d3164aa2
SHA512 2b57ca3cf88ac2a7b1c206b195af87f989b42d3dfd7240b94630d02979d09c8388f5cb6d72d0a2fbae2425e329df8940b094a480a2692c41aae27ffa26c79395

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\GeoIP.dat

MD5 8ef41798df108ce9bd41382c9721b1c9
SHA1 1e6227635a12039f4d380531b032bf773f0e6de0
SHA256 bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740
SHA512 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

memory/4144-302-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 21cf39beee4d807318a05a10dc3f1bf3
SHA1 01ef7fc09919eb33292a76934d3f2b5ba248f79c
SHA256 b766823dabbf6f78e2ee7c36d231d6708800126dc347ce3e83f4bf27bc6e2939
SHA512 0baf8b0964d390b9eb7fafd217037709ac4ab31abcdf63598244026c31284cd838f12d628dcffe35d5661ba15a5e4f3b82c7c2d9226ac88856a07b5b7b415291

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f1998107017edc46fed4599ad24cfe53
SHA1 47e92f0646f0de9241c59f88e0c10561a2236b5e
SHA256 cc6838475e4b8d425548ceb54a16d41fb91d528273396a8f0b216889d79e0caa
SHA512 ef7228c3da52bf2a88332b9d902832ed18176dfff7c295abfbaab4e82399dc21600b125c8dad615eb1580fab2f4192251a7f7c557842c9cac0209033a3113816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 51588b2275d2a4d9748f196d2c18c386
SHA1 36801ba853fb7f8182769e03de14afb5ee4ea920
SHA256 d14f466e7979d19d1973a801fbf48167c41ca4dd6f3d17ac92876054bbdb9560
SHA512 189794640607554e1be8112e6a8697ff83241b17bd748c15043f250f5094bcbc85c5fb0dd4e2dbdb38b241cf5ca83e516a5c23b36b85bffe1d40fbaaaf72dbfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 069d3831161a35c9aafdfe1a9ca21bd5
SHA1 dcdf372b73b3bfb5a34801c64730b9ddc028d814
SHA256 0207877db5bace99d94f90def2ff932967c167c3baef7519bdafb96723e17d57
SHA512 ad2fff16b3ed833ef61e89675543d73c698b342206f61653439d1b95cfd4b87eccf99244510994286884f6b9e551ff5ae7cf40e379da4f5a1a97ca8e63f73fbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b93211443d6292c6b5a10821dd7fadc5
SHA1 26e47e0b79b359e425d70a64443454e29a63064e
SHA256 bf9fd7a96425f94f9da89cc12ba9b6995484af9784c76f1abe848b8c267d151f
SHA512 ab87958c408ecbd5c9eb65eeabcc6cf09b5f4e7d0fb300908119d0fee668daa4732c71245f5601b9e945af1dc564418bc9af5af685edc4d9470b786cbc31e42a

memory/4144-380-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cb8314ed4d18d8f3ebab459d24c74cee
SHA1 ba03f1b8ca20638d5a98292177a11bf954684f97
SHA256 38b71d8cebbfa61795fb026428157d11a7b5b172ed718d0bd5ce14fae0566d76
SHA512 e40ce67a53f2a5b9b7d17bb633fb912d45e6124925307251e46f0973f044b38ab9daa5338f493ba83b002b1684dff703066f67b0991c0d4f0a768f92cce3809a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0fa5e1c0fcef6e8250cd7cc4557a4e53
SHA1 38fdee503dc9498e4bdd877b2a86678a937cb2ac
SHA256 0a03f6e3efdb0414e47eb4639e1cfd60f7523691e562d23a5c0ad239993f3182
SHA512 1916a0d057743f16a0be2fa391bd5c222d25c694271a1aaf71883327cc37e0e6b7cf400e83361c1c7e52fbe511ffac5c6fcbc115941209d367e893d254c03090

memory/4144-409-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ef4836393e9982c8cbcad5e4fd0a1320
SHA1 efb91e078ba3b0a6a342457557bbe1217113ca8f
SHA256 fe767cdf437463020a9f7deaac6dc07f59798623fb8960751a94c82b7891aed2
SHA512 931d20df1ad5eede1278030e0df391e661dbd9f7648c8ebac9c9d6f3b18836110382ed56bf8dc9f966936a555d5bbdc89d7716e99b3e2597fe09cff79d063a7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2ececf143d25455539008d6e6491130a
SHA1 c2da644a19a6061501b040fda175eee3d6920db5
SHA256 a0cceae9f571a34a3f940f546bb3eed0efd528534c4c0d5169432704323c522f
SHA512 64a6a1f05ad793bcfd345d563514af16ccdfd9d396f93eb2c2984601ba8846eaf97b00d37bcc6db1ffa9e444178599e52afb67e12f94822caeda18da8f1330d0

memory/4144-434-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bd8ce5c385b7d08f84d147d29bc0c106
SHA1 046ac8c216c1a6e167bdf5e65ebf1a9ab815dc28
SHA256 03edad643992213f1d7b161a7d8277e2e03ac4a0e4c5c99f6f69b780006c37b4
SHA512 10013cbe67952edf4c9ab448356927e5abe3620d4ecc06aa237917b99720ead9bad0ea962c4b3244a54dbfd4a38f654dc53c7c731d1977b063b608cfa923cb32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fa636a2c187ef7ed4aeebec99524c787
SHA1 69121b15bc5336b6872435fedd14c7d847284f24
SHA256 174135973148a092fe79362b22f66d60de72e6f489c5ab3e51d91668f782d932
SHA512 6fab7f5a5f7677e640ef3cfdf75caf00436012da9f89b4f35188eef3a4131689617d2d031311561dda652793f4a3779236c27a9eb1c4e25d1cc92e4693971b79

memory/4144-449-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eac4bd1e359d729495f2421fa26d3db7
SHA1 dd2411badf3310095fd8f6531eef710ac8d87241
SHA256 baa8dd3d2f2277d6f5720602ec7b99f972291b06583d0a5648126df416058ff6
SHA512 489e4248a35af55e0ce091d803d88dd8da8579078eb80082b555eaeea20a4cb229b5fdfb794a83bb9057f7245e842d46ab4ae31310b776627193459d4155a469

memory/4144-468-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 f4017127d1ec466e5eaa9381fb542920
SHA1 431fec3f952f5e45c4ff64a992f7a5d91be34460
SHA256 21befff8e26723141b552ff1ab105e9a50d448527155100052d087377f22adbd
SHA512 a04a4c40f6fd422ae1cc3f63ef51c221cd5c08cd52352ccb4683abdf3a5e7654d028d227c7fa3736c3baac4d73377743a0fa03e63a5487d6ed8e64e44cde8c01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 14e39be019da848a73da7658165674cb
SHA1 e016473c4189a8cc3dbff754a48b3e42d68af25a
SHA256 39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd
SHA512 828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029

memory/4144-478-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2aaa423d373d3b248766d0e1962f20dc
SHA1 f7f1e0cff7b3710201ddd1040c84b3071d6c190a
SHA256 4d32c13f8554f8f78a7d99a14ebe1a7fcb58be11ab1b808227d4cd79819617e9
SHA512 8d5454e2adde844abc72aacd3d6edee8fa2802c40d0f08bfe116ce3b04857997a0e0489b578c400ed02db0c76c02a7bc853e9f350e57fdfcb0c7a5f2a2d9f8ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c45e7a176454c3d6b7756be4fc3c7f7b
SHA1 d9a3ff4be70c74147d71a4785439055f61a1a6de
SHA256 c7114e23b4369cba250f6b1426a918d4557345463175230e9547166decfe0e25
SHA512 24f7e0aba7e353bdbc569ba7abfccbb8f24208cdcb5bd348e053baddc9735105bf17b15aa11677f471ac13b1c1678b9b4b1ef8af7e7545d6e0b72622cac04152

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9d1fb222d5761441039d6e2f434678d2
SHA1 324d9c6fd80d84ff884686740d07826a8944ccb8
SHA256 49dbf7d494845429624adac1c3da3399154f73094fd0d01a16cb88d33517ad7e
SHA512 fcad3dadfcb3a1f991c10651d9757f970b1f90029969216626c715c137c4201434e5e602074bd73a11907b658111bf06d50f1d2ce090148c10642359b93c2334

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c6b06.TMP

MD5 4a24b2fabece2b77de06bae58fcfd060
SHA1 f0a02dbc35cb578408bc2b4d2559450d663bd5c7
SHA256 718d8ef91414e1555dc2420074badc353f798fea264cfef43178be8a6e6785ae
SHA512 437a1bff7a6882fc08b0904392abef44e1261151a46745c9c6fa97de2f86e3aa7fb7c8396403478d16c7146f0e815f184b98f1c2bd5008e185769d51df19aa7b

memory/4144-523-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 284915a4caf84b9f2f8c03db1ec687da
SHA1 673d2d4f7596e6c770441eeab7aecafa2cdf45b1
SHA256 8eb8a33aafe824df9726ec755d07d950821767232e227199c61c32bf308e9937
SHA512 128ba49129858f67a2dd7faf41e6607df0227dfa2c124ea699eb837841fcc2b16ca5a4ebfd3cda7e165049c2bbda7eb7a8f1d6a8ab310ecf75354728daa023c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46fcea581b8ea029f51bed73d97d615a
SHA1 13ae18863a7d1592bf4670d0c833fde302c1f34e
SHA256 f0196c7c43b851e6ad3cf15c9dd6976cbbc44c998813eb2433e6463c5a46a280
SHA512 1a1c9946cc65bde1a1f66b9e5c264fdafa26676e0b6d63723a63d2e45dc42a107d7ed76f5378d7efa1102780a9352134016cc2d406b890fa03371ae8fa7d3101

memory/4144-538-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aa2a6d7236103404046a757e6b50a617
SHA1 a56b318870ef5dc7fce26d80c215a3f29987c7ba
SHA256 166f2db40f9ca140cecc6d7ada695dfc7b3ce2f2420481080512198072d4ffd5
SHA512 d0db3cc153d7a9bec5ea98901b03457b627a0228a63eab1e8eb78e3b42a3ea84488d44f488784c017eeb788fea60b79b1f2da1dd814e6347ef9515109d711732

memory/4144-573-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0e1ea6a0c2229016e39a0b29718b8381
SHA1 78e3d99fb305ef376df7d96b1f52ec3fc01e4225
SHA256 af335640e8ac85348861e32b7783358031fba0c568479c65fa1e0213a396d3b1
SHA512 7b6c1428ef882543b31eafa6bbb9bdbea11fbfd7f4ef2eb1fb3683fa227ceec8ef5e433f7c2f460457dd45238b3aaa2fe16c797034fcf5fbd02fe671c96cac02

memory/4144-583-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 107d83567a98d4b0a07fae7d7a2591b0
SHA1 138f1b90e50b5671493b6965ef3c625ab53f4de9
SHA256 d5ea6c4a903f8015f54eb63c8e615048a47988e026299e1cd355e8cb8284c7a9
SHA512 5171ef92dbf90b8c977e4e8b916a57037e90c920fee417ef2b50e79a361915862698895516a2008846dc2e743c7e56c87245147b7e47e40c06d78c04fa1a167f

memory/4144-593-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

memory/4144-594-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de46495338c6724df678ffb7c9767d54
SHA1 04c62cac41f0d39f37b8035bb7c82f5f87939a98
SHA256 8c5d9c347d6df39ab38b0d364a259d71532babc5fd81b33bbce0d3444850a55f
SHA512 2dd1e19b470c78eecaebb9012213537df047f5e5a411c9bbfe5869a5180531e7e9303166ecd64781535dc43d2693c85bad6e42f681b5e90861a65b1de58e6a59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e91924a9c50fbee3410aab60ab362829
SHA1 bd622cdd8bae3e5c5a8b4a163e50feee7d72c581
SHA256 500bc696a11075cfcbf1958b72732e7a0c23931ab6526c0e29624cffe20a7b02
SHA512 7c26c14f198609a0f165a6fc71d6f3d92e013547e81db389fe10be054779c74a057c17adf0463284cbad446c8fde9779079ebd40d5d0574ec196f9283184e260

memory/4144-618-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\Sounds\Intro.wav

MD5 ad3b4fae17bcabc254df49f5e76b87a6
SHA1 1683ff029eebaffdc7a4827827da7bb361c8747e
SHA256 e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf
SHA512 3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

memory/4144-629-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ea57d030854fb8e8c4a0f7b2106a68d9
SHA1 b1e871f2d41be07aeb0d14a3451e5cf4a3c22df7
SHA256 555d6635ce7d5b8ceda26e81181f9c81aa73db05c2cafa08908cf59289885d24
SHA512 2568f02b577c8541b396222a933600954a203167528a9c4363c17d00b30502275394c3ae942135aa66e40f7993af75a0ba05c92a6f399f2f2309f0ae65a3400b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a7d1e439ad0ff9217bc2de85ff3a32c4
SHA1 a31926de775330752b17adfcaf1b23b225c143df
SHA256 6e0a27e775f4ce15a40550d5ea27501063080618c5644fd91996c89796bd9586
SHA512 27d4eb3662cdb8af0420341c3f3bf2f2dfe7613d271b40376e0874d6d9d08cad540e943450fce2807a3785769303e866f26723ebb02d156a7194fd346396cc72

memory/4144-657-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\edad7aa5-7b3e-4408-ba0f-18cb6600a761.tmp

MD5 09d4f51378c90ff6404acd154eb242c8
SHA1 5bfbd1853c06d3dbfccb4c5a5e18dff1ede76784
SHA256 e46f66de298433e250a3daaf96823a14d2da9e225419d253d8b8e40ce6349dff
SHA512 1d437ccf14e71ba09bd3f9275134f6d7348541cfb547235cee3cdc997275723c17976d27ed5deba8eadbc2118026c992add883c9e6add497d2ff7419cdb31603

memory/4144-667-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

148s

Max time network

156s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\IconExtractor.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\IconExtractor.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:43

Platform

win11-20240709-en

Max time kernel

89s

Max time network

95s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Mono.Cecil.Mdb.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Mono.Cecil.Mdb.dll",#1

Network

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

146s

Max time network

153s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Informations.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Informations.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

149s

Max time network

158s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Iced.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Iced.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:43

Platform

win11-20240709-en

Max time kernel

146s

Max time network

154s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Utils.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Utils.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

90s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\All-In-One.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\All-In-One.dll",#1

Network

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

88s

Max time network

94s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\FastColoredTextBox.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\FastColoredTextBox.dll",#1

Network

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:43

Platform

win11-20240709-en

Max time kernel

89s

Max time network

94s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Mono.Cecil.Rocks.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Mono.Cecil.Rocks.dll",#1

Network

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

145s

Max time network

156s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Chat.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Chat.dll",#1

Network

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

90s

Max time network

95s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\HVNC.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\HVNC.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

145s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\HiddenApps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\HiddenApps.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

145s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Mono.Cecil.Pdb.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Mono.Cecil.Pdb.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:43

Platform

win11-20240709-en

Max time kernel

145s

Max time network

150s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Backports.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Backports.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

132s

Max time network

104s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.ILHelpers.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.ILHelpers.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:43

Platform

win11-20240709-en

Max time kernel

145s

Max time network

150s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\HBrowser.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\HBrowser.dll",#1

Network

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

145s

Max time network

152s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\GMap.NET.WindowsForms.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\GMap.NET.WindowsForms.dll",#1

Network

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

145s

Max time network

154s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\GMap.NET.Core.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\GMap.NET.Core.dll",#1

Network

Country Destination Domain Proto
NL 52.111.243.29:443 tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

92s

Max time network

99s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\NAudio.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\NAudio.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

146s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Newtonsoft.Json.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Newtonsoft.Json.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

146s

Max time network

153s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\FileManager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\FileManager.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:43

Platform

win11-20240709-en

Max time kernel

145s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\HRDP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\HRDP.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:43

Platform

win11-20240709-en

Max time kernel

92s

Max time network

100s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Keylogger.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Keylogger.dll",#1

Network

Country Destination Domain Proto
NL 52.111.243.29:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

144s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Mono.Cecil.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Mono.Cecil.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:43

Platform

win11-20240709-en

Max time kernel

90s

Max time network

98s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\ActiveWindows.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\ActiveWindows.dll",#1

Network

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

146s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Cmstp-Bypass.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Cmstp-Bypass.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

150s

Max time network

156s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Maps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Maps.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

145s

Max time network

154s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Fixer.bat"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Fixer.bat"

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

145s

Max time network

153s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Guna.UI2.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Guna.UI2.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

149s

Max time network

154s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Core.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Core.dll",#1

Network

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

131s

Max time network

125s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Clipboard.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\Clipboard.dll",#1

Network

Country Destination Domain Proto
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-07-10 16:39

Reported

2024-07-10 16:42

Platform

win11-20240709-en

Max time kernel

92s

Max time network

95s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\HVNCMemory.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 password 1234\XWorm V5.2\Plugins\HVNCMemory.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A