Analysis Overview
Threat Level: Known bad
The file https://anonfiles.com/zcs165y1zc/Silly_Boost_rar was found to be: Known bad.
Malicious Activity Summary
Stealerium
Reads user/profile data of web browsers
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Accesses Microsoft Outlook profiles
outlook_office_path
Modifies registry class
Modifies Internet Explorer Phishing Filter
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
outlook_win_path
Uses Volume Shadow Copy WMI provider
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-06-30 01:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-06-30 01:05
Reported
2023-06-30 01:08
Platform
win10v2004-20230621-en
Max time kernel
150s
Max time network
142s
Command Line
Signatures
Stealerium
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | icanhazip.com | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe | N/A |
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 24ad397b44a4d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{8C0CCCCA-190D-43C0-B063-800CF95A6C6F}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "477704764" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{47394882-16E2-11EE-9FB7-CE83860A346F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\DOMStorage\anonfiles.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "467094860" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbcc4d706d9277469144fa0d79f40dea000000000200000000001066000000010000200000003a07990287b9bedf6d2fe6d36cbae8615bd874013cde459019458242b495a968000000000e80000000020000200000000275f78bdf5586f6f06231918b269a14827ed2dffe70b682ff3ab8f5cfcacce4200000006235ba0d35ae52f1623a65569b9d6ceb747463aa5f522ca6f87f621b873b152f40000000d86ed52bb8aa3e5940b61ab30beb1225fe9c842f00f0648fcb0c261c9d40aa8136ed07f2ef0d18c31c0bbab7b3edb06a56877df7a33f04a38ec6bff67de24b29 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\anonfiles.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60bf101eefaad901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\RepId | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31042287" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40171f1eefaad901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31042287" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\anonfiles.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "467094860" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31042287" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbcc4d706d9277469144fa0d79f40dea00000000020000000000106600000001000020000000460d38667641dd5940c6432422450c4d16120cc8cc84aa00201db3804663980a000000000e8000000002000020000000192339719fc7b96ae19e9a5dd78128f576bb27e322fa2a7e6bf407b3f276443d200000004c527bceec0c33a4eb1dc37f697bd1686ccafef42f7c979eff729fdde884b1a240000000303a6985e1320e116d5f0ddd365ac229cc9a613230c2219d129f5033be47c3c78f1e0895aac9611f116210afd18800f5d52e03cb4c9b290d04636ce5061c74e8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "2" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c00310000000000d556903c110050524f4752417e310000740009000400efbe874fdb49d556903c2e0000003f0000000000010000000000000000004a00000000005d273d00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Applications | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\.rar\ = "rar_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\rar_auto_file\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\rar_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\rar_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000d55653361000372d5a6970003c0009000400efbed5565336d55653362e00000085e7010000000800000000000000000000000000000093d98d0037002d005a0069007000000014000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Applications\7z.exe\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\rar_auto_file\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4025927695-1301755775-2607443251-1000\{D9B97E50-676A-4264-ABE5-DBF6B7420ECE} | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Applications\7z.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\rar_auto_file\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\.rar | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe | N/A |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://anonfiles.com/zcs165y1zc/Silly_Boost_rar
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4488 CREDAT:17410 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Silly Boost.rar"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap29819:84:7zEvent16555
C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe
"C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe
"C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | anonfiles.com | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| SE | 45.154.253.150:443 | anonfiles.com | tcp |
| SE | 45.154.253.150:443 | anonfiles.com | tcp |
| US | 8.8.8.8:53 | 150.253.154.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.33.222.23.in-addr.arpa | udp |
| SE | 45.154.253.150:443 | anonfiles.com | tcp |
| SE | 45.154.253.150:443 | anonfiles.com | tcp |
| SE | 45.154.253.150:443 | anonfiles.com | tcp |
| SE | 45.154.253.150:443 | anonfiles.com | tcp |
| US | 8.8.8.8:53 | djv99sxoqpv11.cloudfront.net | udp |
| US | 151.101.2.217:443 | vjs.zencdn.net | tcp |
| US | 151.101.2.217:443 | vjs.zencdn.net | tcp |
| NL | 13.227.211.132:443 | djv99sxoqpv11.cloudfront.net | tcp |
| NL | 13.227.211.132:443 | djv99sxoqpv11.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 19.101.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.211.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.61.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.102.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.102.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| NL | 2.19.195.233:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 233.195.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.112.50.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-141.anonfiles.com | udp |
| SE | 195.96.151.34:443 | cdn-141.anonfiles.com | tcp |
| SE | 195.96.151.34:443 | cdn-141.anonfiles.com | tcp |
| US | 8.8.8.8:53 | 34.151.96.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| GB | 51.104.15.253:443 | tcp | |
| US | 8.8.8.8:53 | 86.8.109.52.in-addr.arpa | udp |
| US | 209.197.3.8:80 | tcp | |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| NL | 2.19.195.216:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 209.197.3.8:80 | tcp | |
| US | 8.8.8.8:53 | 216.195.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | icanhazip.com | udp |
| US | 104.18.115.97:80 | icanhazip.com | tcp |
| US | 8.8.8.8:53 | evcs-ocsp.ws.symantec.com | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.50.195.152.in-addr.arpa | udp |
| US | 152.195.50.149:80 | evcs-ocsp.ws.symantec.com | tcp |
| US | 104.18.115.97:80 | icanhazip.com | tcp |
| US | 8.8.8.8:53 | apiv2.gofile.io | udp |
| FR | 51.178.66.33:443 | apiv2.gofile.io | tcp |
| US | 8.8.8.8:53 | 33.66.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 8.8.8.8:53 | 245.70.14.31.in-addr.arpa | udp |
| US | 104.18.115.97:80 | icanhazip.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U74AOVB4\favicon-32x32-anonfiles[1].png
| MD5 | ee0e6dd4ef643128a1b7bd4ab32b8a79 |
| SHA1 | 8136c70aac1e50f8356c83f91fb77ea4b6596cbc |
| SHA256 | 51f305558b4ed6fcf3a31b4f9e404fc2ea426cb5e785ac46ce827de0c5cabb4c |
| SHA512 | f57a1882e4d57f6cdb67fc5b8ed61d0dba28f000af87644bfd402275958163b66f7748b83e4d78dff72bb8edd9077c3fe67f5e831a6b79bce72ca4bd1d086b34 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\5qy8zhw\imagestore.dat
| MD5 | 8e024fbe3e899c1cb6faed1ecce72048 |
| SHA1 | b4d45e6d7c0b5f66368807b8570ee1011b98d457 |
| SHA256 | bf7d9c132769a7d432494484f75e26f9dc66db79b0815eebbbf4dded8c5d24ef |
| SHA512 | ab74c9591019d608175fd18ee5f51985f1949ae7b4be4302ae7f275b56c21f7a071f4a16d25b43a60ed90e13077cc6fdd2075e8330b7e97ac188174492ecbdd3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U74AOVB4\Silly Boost[1].rar
| MD5 | 43dfeeaabbd337e88aa8db402e695017 |
| SHA1 | c7f70d5da0a576964f4ffed550ebbb04e77eaff4 |
| SHA256 | 0f426d80c8be8e7df72af481f982e34e1fe86681a39afdd68572e7bca91dbac1 |
| SHA512 | 0fccbbc682341bde0108a3b9a18453a9b9fad553cb5ef101063956090634bd5ada2d45205c124b48aac074a6096d5d0bf510faaf7f2b73ffbfb0d6725924ce64 |
C:\Users\Admin\Downloads\Silly Boost.rar.93q7u3k.partial
| MD5 | 43dfeeaabbd337e88aa8db402e695017 |
| SHA1 | c7f70d5da0a576964f4ffed550ebbb04e77eaff4 |
| SHA256 | 0f426d80c8be8e7df72af481f982e34e1fe86681a39afdd68572e7bca91dbac1 |
| SHA512 | 0fccbbc682341bde0108a3b9a18453a9b9fad553cb5ef101063956090634bd5ada2d45205c124b48aac074a6096d5d0bf510faaf7f2b73ffbfb0d6725924ce64 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | ca91957dba9acf19445a2f7c977ffc60 |
| SHA1 | 196aed0b910df1718341c0441a468cabcd0ed2c9 |
| SHA256 | f62e73804a1dba00c375f0e135c32e9fa07576b86d2c053e1944be2ec427e9e3 |
| SHA512 | a29c82d0bab21b9ab82aced416f735503383345049f90ef02ca4198c21060f2da31dc3e163305e7c3e050d55b2d7f9645f0ad7a63fa76531e3b389e2293b83ed |
C:\Users\Admin\AppData\Local\Temp\~DF8BE4D3ED6C75FCB1.TMP
| MD5 | b533db809402e6ce5f30b8e29adb9940 |
| SHA1 | f91ca55ed8ef8a73ba9153f1a119a4e57ff53dea |
| SHA256 | 994e234fe5f2c9ce65870913f9c1c9b5e355082f8face5c89fd6e4878c9d7c30 |
| SHA512 | 2ea4b55700d2cfe6cfb084450ab02cedc1dccd08ff5cd702f6c5e67d34d33dde0792787a6e1ee4dfe9a3b4ed71b486931d35d63fe435a00137ae06dd0fee7c86 |
C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe
| MD5 | 6168cae808b3f34d187c03d9a4c975cc |
| SHA1 | cc119a9d255a2a2be791314420345e778c8655ac |
| SHA256 | 80b39b93254011afc3b601c26e848114850ea31d722a45c03daff7b4f3f606da |
| SHA512 | d6df9688e8509318fb91c0462056f4bac0dcbdfee8e9feec6aa367e8804d76fc56c0bdfdbfbe1386a2886cbdd6c2aa7566cdef20e3efffe8c0459cdcb9486454 |
C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe
| MD5 | 6168cae808b3f34d187c03d9a4c975cc |
| SHA1 | cc119a9d255a2a2be791314420345e778c8655ac |
| SHA256 | 80b39b93254011afc3b601c26e848114850ea31d722a45c03daff7b4f3f606da |
| SHA512 | d6df9688e8509318fb91c0462056f4bac0dcbdfee8e9feec6aa367e8804d76fc56c0bdfdbfbe1386a2886cbdd6c2aa7566cdef20e3efffe8c0459cdcb9486454 |
memory/1408-241-0x0000000000870000-0x0000000000A04000-memory.dmp
memory/1408-242-0x0000000005250000-0x00000000052B6000-memory.dmp
memory/1408-243-0x00000000051D0000-0x00000000051E0000-memory.dmp
memory/1408-247-0x00000000051D0000-0x00000000051E0000-memory.dmp
C:\Users\Admin\Downloads\Silly Boost\tokens.txt
| MD5 | a848dcb207336284a7879589f3f4a0d1 |
| SHA1 | 1f7cd8b2f2476038f54ab53e77a959b665f20fd0 |
| SHA256 | bca00833e24ba2891b11f6d3da58768ab2b924efb662c1c79973d840e3790542 |
| SHA512 | 2dd3c4edaf591667dda25e31fca7185cfcec79ad93fd70b19a34498607e141cd7d93d72d087ec356d9125d2e38f56d23dda78cda21af983b2d1eff6eaf2d72a8 |
C:\Users\Admin\AppData\Local\0e717741ca6a4fff1d8f6ab24cf77af8\Admin@FGVGNMBE_en-US\Browsers\Firefox\Bookmarks.txt
| MD5 | 2e9d094dda5cdc3ce6519f75943a4ff4 |
| SHA1 | 5d989b4ac8b699781681fe75ed9ef98191a5096c |
| SHA256 | c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142 |
| SHA512 | d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7 |
C:\Users\Admin\AppData\Local\0e717741ca6a4fff1d8f6ab24cf77af8\Admin@FGVGNMBE_en-US\System\Debug.txt
| MD5 | f25e650d41f7fe53a9fff6f21315300f |
| SHA1 | 828db3e0247918b1c753a00c49d1cec695095e1a |
| SHA256 | b1df56112360ca386b9ea1149d3712de20aba277fa2e5a097ad505c7261f50ec |
| SHA512 | fdced45f03220f8e3d902c27854600edf92bf9c03273dc2cd4b8d8cbda6bedb4de3dcea7c6b06844c08579a398ee7dac3c1be4fe4707b478fb8f2e2bc93826bc |
memory/1408-305-0x00000000074A0000-0x0000000007532000-memory.dmp
memory/1408-308-0x0000000007AF0000-0x0000000008094000-memory.dmp
C:\Users\Admin\Downloads\Silly Boost\Silly Boost.exe
| MD5 | 6168cae808b3f34d187c03d9a4c975cc |
| SHA1 | cc119a9d255a2a2be791314420345e778c8655ac |
| SHA256 | 80b39b93254011afc3b601c26e848114850ea31d722a45c03daff7b4f3f606da |
| SHA512 | d6df9688e8509318fb91c0462056f4bac0dcbdfee8e9feec6aa367e8804d76fc56c0bdfdbfbe1386a2886cbdd6c2aa7566cdef20e3efffe8c0459cdcb9486454 |
memory/3788-348-0x0000000002870000-0x0000000002880000-memory.dmp
C:\Users\Admin\AppData\Local\0e717741ca6a4fff1d8f6ab24cf77af8\Admin@FGVGNMBE_en-US\System\Apps.txt
| MD5 | d32c9e7cfe54f13b21f01375c28de50e |
| SHA1 | 679e6b1b6667c7b064ca6ed4048ba6bbdf2316f9 |
| SHA256 | 5c88c2a113cc3e0b7e1f96f35121b2e5d3cd67f7317d57a23fbd7b0d649b2f6a |
| SHA512 | 119e2a4114bec6b397aece914a31e3d0fa4fc625804958dad763328dc1f9a27ecb7635047c8a1648bcc10a2367df1d160b23e67240a02e265f7e8e84d0e13ddb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | e1b08586b0b02f40fb0fa772535bb5ba |
| SHA1 | 45f7cd31a7a0ac477813f3880e0171400c4ecc54 |
| SHA256 | 522300e43298a67570a5564bda21135ddb91bda2b45686424997bb9b99ccd37e |
| SHA512 | cb132ba980d46b8a7640df7da7303d914dc11ddc535bcbefdcfbbf16aeb7ffbc60d576d3aae2eef28c8a2201b7d4d4248a8336b80636942074fd7f0170a362e8 |
memory/5076-404-0x000002C88A320000-0x000002C88A321000-memory.dmp
memory/5076-407-0x000002C88A320000-0x000002C88A321000-memory.dmp
memory/5076-405-0x000002C88A320000-0x000002C88A321000-memory.dmp
memory/5076-412-0x000002C88A320000-0x000002C88A321000-memory.dmp
memory/5076-413-0x000002C88A320000-0x000002C88A321000-memory.dmp
memory/5076-414-0x000002C88A320000-0x000002C88A321000-memory.dmp
memory/5076-417-0x000002C88A320000-0x000002C88A321000-memory.dmp
memory/5076-419-0x000002C88A320000-0x000002C88A321000-memory.dmp
memory/5076-420-0x000002C88A320000-0x000002C88A321000-memory.dmp
memory/5076-416-0x000002C88A320000-0x000002C88A321000-memory.dmp
C:\Users\Admin\AppData\Local\0e717741ca6a4fff1d8f6ab24cf77af8\Admin@FGVGNMBE_en-US\System\Process.txt
| MD5 | 30446715fef7b73ea9bedb2eda4acdb4 |
| SHA1 | 1ad6e5d32a2bb2f62292f167fb4f3cea1f15843a |
| SHA256 | 1c73e3eae46247502e19957daa7253c647f24d4fb709643540e0e119ae6c762c |
| SHA512 | 46ca6da44b140a1a502e4689208d88a7a5da7ad15afb3a1391225265628c05f018eaaaa9537135214145c86811d34545d1aaf0aef61c91584899fb52e495ded5 |
memory/1408-436-0x00000000051D0000-0x00000000051E0000-memory.dmp
C:\Users\Admin\AppData\Local\0e717741ca6a4fff1d8f6ab24cf77af8\Admin@FGVGNMBE_en-US\Directories\OneDrive.txt
| MD5 | 966247eb3ee749e21597d73c4176bd52 |
| SHA1 | 1e9e63c2872cef8f015d4b888eb9f81b00a35c79 |
| SHA256 | 8ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e |
| SHA512 | bd30aec68c070e86e3dec787ed26dd3d6b7d33d83e43cb2d50f9e2cff779fee4c96afbbe170443bd62874073a844beb29a69b10c72c54d7d444a8d86cfd7b5aa |
C:\Users\Admin\AppData\Local\0e717741ca6a4fff1d8f6ab24cf77af8\Admin@FGVGNMBE_en-US\System\ProductKey.txt
| MD5 | 71eb5479298c7afc6d126fa04d2a9bde |
| SHA1 | a9b3d5505cf9f84bb6c2be2acece53cb40075113 |
| SHA256 | f6cadfd4e4c25ff3b8cffe54a2af24a757a349abbf4e1142ec4c9789347fe8b3 |
| SHA512 | 7c6687e21d31ec1d6d2eff04b07b465f875fd80df26677f1506b14158444cf55044eb6674880bd5bd44f04ff73023b26cb19b8837427a1d6655c96df52f140bd |
C:\Users\Admin\AppData\Local\0e717741ca6a4fff1d8f6ab24cf77af8\Admin@FGVGNMBE_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\Silly Boost\tokens.txt
| MD5 | a848dcb207336284a7879589f3f4a0d1 |
| SHA1 | 1f7cd8b2f2476038f54ab53e77a959b665f20fd0 |
| SHA256 | bca00833e24ba2891b11f6d3da58768ab2b924efb662c1c79973d840e3790542 |
| SHA512 | 2dd3c4edaf591667dda25e31fca7185cfcec79ad93fd70b19a34498607e141cd7d93d72d087ec356d9125d2e38f56d23dda78cda21af983b2d1eff6eaf2d72a8 |
C:\Users\Admin\AppData\Local\0e717741ca6a4fff1d8f6ab24cf77af8\Admin@FGVGNMBE_en-US\Directories\Videos.txt
| MD5 | 1fddbf1169b6c75898b86e7e24bc7c1f |
| SHA1 | d2091060cb5191ff70eb99c0088c182e80c20f8c |
| SHA256 | a67aa329b7d878de61671e18cd2f4b011d11cbac67ea779818c6dafad2d70733 |
| SHA512 | 20bfeafde7fec1753fef59de467bd4a3dd7fe627e8c44e95fe62b065a5768c4508e886ec5d898e911a28cf6365f455c9ab1ebe2386d17a76f53037f99061fd4d |
C:\Users\Admin\AppData\Local\0e717741ca6a4fff1d8f6ab24cf77af8\Admin@FGVGNMBE_en-US\Directories\Startup.txt
| MD5 | 68c93da4981d591704cea7b71cebfb97 |
| SHA1 | fd0f8d97463cd33892cc828b4ad04e03fc014fa6 |
| SHA256 | 889ed51f9c16a4b989bda57957d3e132b1a9c117ee84e208207f2fa208a59483 |
| SHA512 | 63455c726b55f2d4de87147a75ff04f2daa35278183969ccf185d23707840dd84363bec20d4e8c56252196ce555001ca0e61b3f4887d27577081fdef9e946402 |
memory/1408-516-0x0000000006E00000-0x0000000006E22000-memory.dmp
C:\Users\Admin\AppData\Local\0e717741ca6a4fff1d8f6ab24cf77af8\msgid.dat
| MD5 | 766c1c3c519de0b8513ba2666cc12f4e |
| SHA1 | 21b93bf41e404dab11e9f0acc6fc242652a1d5c8 |
| SHA256 | cb7a424e8ef7174bed586d93a8eaecf47d8fd8595240f1d76977b1fbd511a594 |
| SHA512 | 4b65423559cb8e901f0fb235078bdb66817fd0d9e2e4dd2ddb3b6b8f8613abdd844cd342dc4019e538f84e79f09fbd1e5fde912857bfc9f6cfb7fcec749b2b53 |
memory/1408-528-0x0000000006F80000-0x0000000006F8A000-memory.dmp
memory/1408-529-0x00000000051D0000-0x00000000051E0000-memory.dmp