Malware Analysis Report

2024-09-23 02:49

Sample ID 240711-m3ndtstcnl
Target XWorm_v5.6_Edition.rar
SHA256 69cc2a01c58024d4636306daa5aeb3ae73ed828f0db0cded3f445927490677e9
Tags
agenttesla keylogger spyware stealer trojan stormkitty xworm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

69cc2a01c58024d4636306daa5aeb3ae73ed828f0db0cded3f445927490677e9

Threat Level: Known bad

The file XWorm_v5.6_Edition.rar was found to be: Known bad.

Malicious Activity Summary

agenttesla keylogger spyware stealer trojan stormkitty xworm

Stormkitty family

StormKitty payload

Detect Xworm Payload

Xworm family

AgentTesla

AgentTesla payload

Agenttesla family

Contains code to disable Windows Defender

AgentTesla payload

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-07-11 10:59

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

145s

Max time network

156s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\ActiveWindows.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\ActiveWindows.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

146s

Max time network

154s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\HRDP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\HRDP.dll",#1

Network

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

132s

Max time network

127s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Options.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Options.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

133s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Xworm V5.6.exe"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Xworm V5.6.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Xworm V5.6.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Xworm V5.6.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Xworm V5.6.exe

"C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Xworm V5.6.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/3264-0-0x00007FFF6B0B3000-0x00007FFF6B0B5000-memory.dmp

memory/3264-1-0x000001529EA40000-0x00000152A02F8000-memory.dmp

memory/3264-2-0x00000152BAFA0000-0x00000152BB194000-memory.dmp

memory/3264-3-0x00007FFF6B0B0000-0x00007FFF6BB72000-memory.dmp

memory/3264-4-0x00000152BBDF0000-0x00000152BCA18000-memory.dmp

memory/3264-5-0x00007FFF6B0B0000-0x00007FFF6BB72000-memory.dmp

memory/3264-6-0x00007FFF6B0B0000-0x00007FFF6BB72000-memory.dmp

memory/3264-7-0x00007FFF6B0B3000-0x00007FFF6B0B5000-memory.dmp

memory/3264-8-0x00007FFF6B0B0000-0x00007FFF6BB72000-memory.dmp

memory/3264-9-0x00007FFF6B0B0000-0x00007FFF6BB72000-memory.dmp

Analysis: behavioral11

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

150s

Max time network

154s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Chromium.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Chromium.dll",#1

Network

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

145s

Max time network

153s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\HBrowser.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\HBrowser.dll",#1

Network

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

145s

Max time network

154s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Informations.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Informations.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

149s

Max time network

155s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\FastColoredTextBox.dll",#1

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651692189116506" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3766757357-1293853516-507035944-1000\{BA79E42A-81EC-499F-893F-74D749DFAD98} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3096 wrote to memory of 1048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 1048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 3336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3096 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\FastColoredTextBox.dll",#1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffc23b7cc40,0x7ffc23b7cc4c,0x7ffc23b7cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1764 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4376,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4436 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4768 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4848 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4860,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3452,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3480 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4932,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4404 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004C4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5220 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5220,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4976 /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.200.14:443 chrome.google.com tcp
GB 142.250.180.14:443 consent.google.com udp
GB 142.250.180.14:443 consent.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.4:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.238:443 play.google.com tcp
GB 142.250.180.14:443 consent.google.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 global.localizecdn.com udp
US 162.159.136.232:443 discord.com tcp
US 172.64.153.29:443 cdn.prod.website-files.com tcp
US 172.64.153.29:443 cdn.prod.website-files.com tcp
US 172.64.153.29:443 cdn.prod.website-files.com tcp
GB 142.250.200.10:443 ajax.googleapis.com tcp
GB 142.250.200.10:443 ajax.googleapis.com tcp
US 104.18.5.175:443 global.localizecdn.com tcp
US 172.64.153.29:443 cdn.prod.website-files.com udp
US 162.159.136.232:443 discord.com udp
GB 18.245.246.167:443 d3e54v103j8qbb.cloudfront.net tcp
GB 52.84.90.103:443 assets.website-files.com tcp
GB 52.84.90.103:443 assets.website-files.com tcp
GB 52.84.90.103:443 assets.website-files.com tcp
GB 52.84.90.103:443 assets.website-files.com tcp
GB 52.84.90.103:443 assets.website-files.com tcp
US 8.8.8.8:53 175.5.18.104.in-addr.arpa udp
US 8.8.8.8:53 167.246.245.18.in-addr.arpa udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 172.64.153.29:443 cdn.prod.website-files.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.18.5.175:443 global.localizecdn.com udp
GB 142.250.200.10:443 ajax.googleapis.com udp
GB 52.84.90.103:443 assets.website-files.com tcp
US 162.159.135.234:443 remote-auth-gateway.discord.gg tcp
US 162.159.136.232:443 discord.com udp
US 162.159.135.234:443 remote-auth-gateway.discord.gg tcp
US 162.159.134.234:443 remote-auth-gateway.discord.gg tcp

Files

\??\pipe\crashpad_3096_YGLVHVECKEYTPVRU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f7ae6e11fb200009c2cd7b015bc51a23
SHA1 7e2d7d395fe08cb7a781fcc8146a1ade8e5faadc
SHA256 6008ad6e87af3b62484938921a6c973c5c5e4d34f39a1461fc48dfe27b086c8b
SHA512 b8b5561a3da0b919cccaca3309882ad58a54e3f00a79c5df1ddd82e844392cdf381b303ab02b54e4f98dc2e16c91b23b3050d491cefad224605915b02e9a4c19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 13f276ec2fd26b973b04641e4dd87c8d
SHA1 d21dec3717a5dc14d0b0503c3182770992a661c2
SHA256 7b875676039a933514b9906aa553cdc7671f35cfc94e9b96aee0f098e1b1e66e
SHA512 d4a7a8f633a3fcefa851caf52160eaf7b19c380b0d83a994d7e71c127515f3bf0179242513c9dd1399ef34ce197cd06ab95130af75e611baced765a63a6ba6e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 826206a4e11c63cbf881aed5a2ac04e4
SHA1 b91ab4e18ab889155ac6b1643fd3d86e931171db
SHA256 5fd948bd60c4b928693b4b338d89e4bf5522f8dbc369efbd0ef83dd9d4d90004
SHA512 268eb786e592a1f1fdcb2b53e5770cc4be279f991e9a28bee2a9b0ab7406a8baf76b9e1e8c909a5f62ac2441b798090d5ba7b0f0034506e9c43c7cfeea1fd836

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 fe6ff596bf1bf51feb635610b32d316d
SHA1 3b77791cbc7966441a977a1edf36abc2883a6ceb
SHA256 0c5718e8ec4cac045193962547fff5fae6641a0f29b318252dddc9efd688cbfd
SHA512 5779f3cdbca2c9253fe271958d9d86ae958c39271227bba6a9ea889fd286f67ef2b6291b017434a31ce47260e8d2e01aa96900e7caf4b7c1d27cc8441d028789

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f4fa44413b602affbf65d5c5c13170b9
SHA1 e0c40445a85c49dd0ecbdc73261e6809c09fc4b7
SHA256 891e866e40263046afaadeeea38df17507ae4d36d724937fcabda1dcd55987df
SHA512 48c2c27e41ed7d4edfbc897b9affb3004a6892a91d2874008cea81584f805fd1f9a9c129f31af26e0615445f3795fab51a3527881acf5ee9bd1bd718f6053b1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6c3135dbf84f469bf209cba92bbc4a77
SHA1 402f8da8f3834f24b67bf56fbab1da4a2e17e935
SHA256 80cf8494e80a6aa698eee89372d3f1d3968b1ae6c4c7688c92382818f8c8e72b
SHA512 f9a38cbabf929fadb78beb3ad2ed22ef34dadf52923c27fdd211ef37a043997bd551187975cbbca08bfc9b4a80bc7bccc5038f07bea70e1406b05dab7d308b00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 06452dbddda8258d3fe256d99403571b
SHA1 96f9871cb9485fb8c3771bf5f4152f4d07da8ce6
SHA256 005e67da1eda28f729905e3fd71474a6f4c6fae6b663d579926335e17804ec8f
SHA512 9eaa024efccb7d30e58d7f3088f169a3a911e6401ba2d83b19d4bf310026ec0b46470940471c7d1b642583ffe58a8370bdb2f947e5bed143b4f52c2222797dc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06c5b03eed3f4cfeb6daf39caa0e028d
SHA1 51f0eda4916854ddf908b4b03e3783cd999b898d
SHA256 2c54a1a2af814fdfe9bfa95e308c331f5889da23d09dea54c7f7d3d7c5c2d31c
SHA512 3b2444c789076622cf8ac02e0bd668aa4bd1fa2cc40db58e3a2d338d6d1736b97803a17ef9f25310a2499fe4331ac1ab5cc015b5eda73db4167d3c338080f60f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e8c695c526023daf65f2bac5c35b5c43
SHA1 58dc44d169b7ba53ba908be355b5b0cd6cb8279f
SHA256 a1df8b2e06934adfa01d145f40bed68bec15a05956575726e850da9c9ed07361
SHA512 aaacc41c895c0686fe5176cd119d5da372f536fd0258d19951e31abee0a5a8a51719ee4ace9f39136d0c3b55800a6d33c641d15ba9d4de44e076fa9f6f527dba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 21880cfc47c2da1747c549ba331d4a60
SHA1 569f08760883d76155c7dee5f0bfb09930c81540
SHA256 e3faa400012a033bee837e9e13b3f9de1f693c3e1eb58fd3ae368b2cd8a37c43
SHA512 6e0615f3fa3394843cf6c4d70e87bf4c331585918ee08b1cb0ee9d3dece6c4f6e0a1dd2c5ee72ac466419e71e9be5504a8d8e843574ee5a85490ebb612d5a207

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 615cebd8c00808f8a80b78839ba5cfd6
SHA1 543d1d0af7028ad193026cca3c2d94b8747d7f43
SHA256 45d9161680f7dd28bfa395da57dc420c5ffa0dc30edba9bba113e0ede7bb36d1
SHA512 e10408e28b3498b0c2ee987bb2aa9292ae08541e9abaf86a9212e82ff8e29b794d41f8d51e31088b42b40ce02a6b40761f5065ed3bcd1bfcfa6d59733028c2dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 63917839e807da36a540a5fbff169148
SHA1 aea12e54b8d7917d5b65a99f99a155705287beda
SHA256 3bc0243fc28f3ef3e0198269101cb547f070331f2b87662c8b78cf5967cf8946
SHA512 39221485b7d847d75f33dab1a7f3dba537d35eb42d65e3304d3074a9be40f09e0d0ff2ad341ce1cde35c8ef4fab2bd9797cb659b8b8d01d0ba7980e5f9733a51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9cb1e75c7bc3fd53c848436c1cb31ab0
SHA1 99767dc2355e7e8e0e38db056dd3d183dd4b2be4
SHA256 be95f40c2a2de93c073784fffe0b1ee212199111d9db045f5bc066df8ab780cb
SHA512 54e2c618ddcf23452b39c873f3bec432cdcadccb7c6d7b4c7e4d2d53ec9f0adf835c5e69f659dbf619421260039287e6e0de4c44265f34694b0d68768016cd1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 640d43b1114560d15cb22b853b542397
SHA1 2d89631202e116300f847d02af589bc475813157
SHA256 fcb4288ca0cb19efc06606749389d91369e650dbb57b7676e1ee01e731832e1b
SHA512 95d1440f3f56a8ccd03c785e48c91ba5491d5a23188fdbc3c5b096666d2972e6f0fa14c16835f500c13adcb2ef02ce947cf269ee9f8dedf83e318d0a211a79b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5dca76bbbc87c62a19df3e31d460f1f0
SHA1 8c6cbad56b9c47f36163bad416668c1d942f671e
SHA256 be6388a319eed07dddc919b150573550591f2645907ba45bbd730c0d7709f665
SHA512 95f72ec4f8b94e33f5f88dd1a5830567b53e55aa5ea2799cbb448b5e772865d2f4a773c693f02d4acb7e3c35012b60a1d7cac5119c4ada26576a54708ec2b416

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6a026192421b30cdc5fe3a14aa24e685
SHA1 e2ab9d54ca336c95b20f621c26b92ac8a0603579
SHA256 d9ac0ec0c223cc15bb2dd51e25c8ca5b7b3f4215409b7219c1ca4de4518ac82f
SHA512 8e4ad04c70ef95b738d8c32e9a6dc2001341a194d1282ccfca4d18092830055ce15505b7b625aa536e2e73bb97f0ebed51ef362546b3fa074ab82af78ac61c93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1cb7decfb97fffb639ddd50c584100a
SHA1 219134c6c84bafa2e669b421a1662c0dc311b862
SHA256 a0fb13780087f4a05cd3a81debc280da1b1ac617ba64b26f25f56d359d706ba2
SHA512 48c060bc05811f8fab08b7f600a902abc7f29cac702aa50e87da489fd74188f32928858d1ef3e59638ae3fe1690f731333586431235a62f7b81bba9ae2c8c57a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c29cf15aea6ce5ec39c48ae42f4c82d4
SHA1 45b062f43a286b7c23bb47f810f23fb1f52a498b
SHA256 777495b008d564ddf0485a9682bb18714adadc83ac0ccc05d26c55de839a73bf
SHA512 b0f43bb01f9037e3b1283492a38081b839195cd099ac812b10db7dd2372cbc0239d61c506088cfc52e1673febbde42c6570c1645d6a903f832ffa721d9826e72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1b28ca051fe20f3ed2e9cecac48f656
SHA1 86cc1c55bf245951b88416fad51ef616e18fd916
SHA256 91b7a8b560731552e1624658f2bc8bf5259e3e52795fffc67f910b732c937385
SHA512 cd7e0a506a505a616d41bda6776e0284914b87e404ce34bc2174cb9d52ec84fd66e51e9fecc2e965767402c7a32b88c1aa5b2c02ef3dc9d9882c3983d8836ff1

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c2821eb72e02e2d862fbbcaa598608cd
SHA1 2018ce7131f9171516852d1866a4e7aeb51aa47b
SHA256 8c99e385e9811e40b930f071a085a0ef338b6f7ab8e36ac279d9728c6b7ef58a
SHA512 5f7a0238a6a173d164a0d6bc6c5d169345eb792e7aefeb8ab475f27882e3b931088d763c1c7b0e8c21d92c46570c53c3e72571fc82a081fe2f41a87db2463e8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d43eaeeb54f4cc6543e1e84d5fd7aa9d
SHA1 17ebea446f4c44c8f0e66c53d0e17d290bb97156
SHA256 4d65d2f78584efd8e321efb1804a9980c3ec199a5c62b9feb60e5f714b24b7f9
SHA512 c704559fa3ac7ba580c1437b822dc0e94fdc28e3d07f031f33493738c5d0bfe2492ddc0df4078d2f02044af338350219f8d5c45b782b7c8b008ab60b180467df

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

90s

Max time network

97s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Fixer.bat"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Fixer.bat"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

89s

Max time network

97s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Guna.UI2.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Guna.UI2.dll",#1

Network

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

146s

Max time network

154s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\IconExtractor.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\IconExtractor.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

7s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\MessageBox.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\MessageBox.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

90s

Max time network

104s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\NAudio.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\NAudio.dll",#1

Network

Country Destination Domain Proto
NL 52.111.243.30:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

132s

Max time network

130s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Chat.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Chat.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

90s

Max time network

97s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\FileManager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\FileManager.dll",#1

Network

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

145s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\FilesSearcher.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\FilesSearcher.dll",#1

Network

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

149s

Max time network

158s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Clipboard.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Clipboard.dll",#1

Network

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\RES\XWorm.Resources.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\RES\XWorm.Resources.vbs"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

149s

Max time network

154s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Microphone.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Microphone.dll",#1

Network

Country Destination Domain Proto
US 52.111.227.13:443 tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

146s

Max time network

150s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Ngrok-Installer.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Ngrok-Installer.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

90s

Max time network

95s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\HVNC.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\HVNC.dll",#1

Network

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

145s

Max time network

153s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Keylogger.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Keylogger.dll",#1

Network

Country Destination Domain Proto
US 52.111.227.13:443 tcp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

146s

Max time network

156s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Maps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Maps.dll",#1

Network

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

131s

Max time network

127s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Performance.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Performance.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

145s

Max time network

152s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\SimpleObfuscator.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\SimpleObfuscator.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

146s

Max time network

156s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\GMap.NET.Core.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\GMap.NET.Core.dll",#1

Network

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:00

Platform

win11-20240709-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

150s

Max time network

153s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\HVNCMemory.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\HVNCMemory.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

89s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\HiddenApps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\HiddenApps.dll",#1

Network

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

91s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Newtonsoft.Json.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Newtonsoft.Json.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

91s

Max time network

97s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Cmstp-Bypass.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Cmstp-Bypass.dll",#1

Network

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-07-11 10:59

Reported

2024-07-11 11:02

Platform

win11-20240709-en

Max time kernel

149s

Max time network

153s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Pastime.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\Plugins\Pastime.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 2.22.144.73:80 tcp

Files

N/A