Resubmissions
25-02-2024 02:03
240225-cg45caaa33 1025-02-2024 01:59
240225-cesnjahh97 825-02-2024 01:31
240225-bxq2zshg26 1025-02-2024 00:49
240225-a6gdgaab3x 7Analysis
-
max time kernel
104s -
max time network
132s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
-
submitted
25-02-2024 01:59
General
-
Target
http://google.com
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 5 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1e043cb8,0x7ffe1e043cc8,0x7ffe1e043cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1712 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5464 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6484 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6952 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1788,15537242083145818396,80143135732040612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe"C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\wscript.exe"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\F8C4.tmp\F8C5.vbs //Nologo3⤵
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\mbr.exe"C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\mbr.exe"4⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\tools.cmd" "4⤵
- Drops file in Windows directory
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f5⤵
- Sets desktop wallpaper using registry
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\jeffpopup.exe"C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\jeffpopup.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\bobcreep.exe"C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\bobcreep.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\gdifuncs.exe"C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\gdifuncs.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 17525⤵
- Program crash
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1340 -ip 13401⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5341f6b71eb8fcb1e52a749a673b2819c
SHA16c81b6acb3ce5f64180cb58a6aae927b882f4109
SHA25657934852f04cef38bb4acbe4407f707f137fada0c36bab71b2cdfd58cc030a29
SHA51257ecaa087bc5626752f89501c635a2da8404dbda89260895910a9cc31203e15095eba2e1ce9eee1481f02a43d0df77b75cb9b0d77a3bc3b894fdd1cf0f6ce6f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD588e9aaca62aa2aed293699f139d7e7e1
SHA109d9ccfbdff9680366291d5d1bc311b0b56a05e9
SHA25627dcdb1cddab5d56ac53cff93489038de93f61b5504f8595b1eb2d3124bbc12c
SHA512d90dabe34504dde422f5f6dec87851af8f4849f521759a768dfa0a38f50827b099dfde256d8f8467460c289bdb168358b2678772b8b49418c23b882ba21d4793
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003Filesize
195KB
MD5873734b55d4c7d35a177c8318b0caec7
SHA1469b913b09ea5b55e60098c95120cc9b935ddb28
SHA2564ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA51224f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
144B
MD5e08332d25aad82c8dbc65484091dd033
SHA135d05350691d77611685b3b6ec8dac13ca0f77b3
SHA2561107a30026876665fb1832390e4c0abf65d7e15b52a7232019970ac42f79811f
SHA51294399844cef8e881b68e2eb71db0e2e3233df64cb0e19b2fc7b5b81cec57c91c3543df7d4663aba86fecd679f3c023b9bbb618cc6bbc98fbdaa00c0701f4c334
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD5734d96481d090b650e0386ead892dff6
SHA1f14b9e1539adda41da34e4d59e8792545076f9d4
SHA256db6c8ca234ac90b6f181b340ab8081e1e7010fed4fc8230bf200b26a26742a25
SHA512931394bab635e9151a027e31d1decbfd309be3bdea77b6f6f7b33193ffc3aa489f96935ce2d84a54002fb32b116331751232bea6eee778f94c1136c7a892464f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD54efbc25cb7b3b27a7409eacc305837f6
SHA1ba42d2ecfe7565bc2120cbc76d75a5951b0aa18a
SHA256cc49be615c800df099f4981a425d43756809c05976915f6f18e9242c8c93487f
SHA51283bad899d14b8f568404548d4a4c64880b0ed83ee5ebdbca9d783b4202293c40cf7e06ceaacfa06a20f2d5eca171aadcb973a4b880777b9448ed1f4143580e3c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5294db3c322ab7002ef7e373d44fa935a
SHA1f662f781ecd8a3d1be0dd6253ef56229ea4eacb3
SHA256f4db568fe3afd6e26305c261152d744e55c37c34a278ef92e9387e2686bd93f8
SHA5123f21f2805d97f9b100b0d61e66d9a79d106593fd0b04c410fa12a3397844dd9acd62ddaf37f1bbe7d020fd6816336cb4c8612258e5dcdc04710c4b9ba1194227
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD530404e32c5b0f8e470bce75d219b9103
SHA12f5fc8967e39fab9bfbb91da5aa645fdd816bbda
SHA25697ec83940b4b7446536234380cec1b3e74af38be8663570e6b7ee0c73633f03f
SHA51263af0eea4677038f2450e3287016d9679b12bc560da51d60a72fd81891b70c36c3a005c95d60b619e491d1e82ec8e4d0981aaac5ecfc23f9756be552d519c12a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f19a86a3fb063830a414e4bef44e70d1
SHA1236cc60f2b660a3a072753020345f67123d1244c
SHA2562cb86183e2f9a8a95e7f4923d8040d6671ac0c6f96085064efde94167ace63e5
SHA512280af80ded1f33caf994fa7459f43a592361772446b07f788173f5865f3dde114f50ca5b2faa0062506ef337c01b240481d32f2907d89b0cf77d518cdb510a1c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a09bb54a99041af74ec2c9c147d2af16
SHA18a4b88d93e6f26928e0e22f933505e96e7bafb95
SHA2568bab4f1e79e0a866a836f8b4d849a396fecf8a32e3a18b17effb166351fb547d
SHA512eb2acbf2a3f32437bfd25318a7eaff3c594f50c673495d1db46b870c7226d0f4fe149367694377143d2ba560de73e6513689857f7b5722731bb15842f8b6e876
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d7767048365fc7dc9fe91174064e66c5
SHA1dc801a5c2ee1b84201e95dcc63ce6cac878c923f
SHA2565630a783ba3c8ffc2067ef4650dac5061c23e4020a73432aa24d5f8073b7484c
SHA51228e36b2f937fc51cd4eaf4ee7f961caec5e6441f1848108172435dc7ba945e7dd00ef9492d0d6785a88799cacf28741fac93a1022d82f19e12508cff9b25205a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5bccd3a22ead4ef4c4a2b7d1893d90820
SHA1d15f4f757705d2b63db175bdd086c54fecea122c
SHA256aaa137947cae1effbc426ce8f00c26a23e900bf5b76622abf5ba9643b7a384bb
SHA512e5465e04c40a69cd6fe48db19bf7a0f9727049d5f06d8095ec29a42ea61eebdaaef767c8a180141e7592a5a96d70a508cdd63c877e1aa2ad96401c93f5532d99
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD58c62b1153e8e50d34778fff01a76d2de
SHA108bd0b18f373f357749a9d22f358c08ce904a151
SHA25660ad677152b3e02bd2c5359bbdb3a8539e27fde2a5e73d481a1c70d187192c06
SHA512e14a9299e185f7d0a8e696b17b75f7504233690e2beb703b44f38f5e3f1cd063610a1244fa8cffb3a663f3a54805c14eaaa6f923aa0c414d47a25f226fda40b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c5fb.TMPFilesize
1KB
MD5fc4360d0610f7722ef41a3e5d9ba8207
SHA14ba72c51be68182bd247e83b6dcba41d1daa8d6f
SHA25618d41fabce1eac8accbcc2468ed4b63a7010c895c6578774e49fc95df95c1af8
SHA5129258d55ac91b14c0ef057360b1cee6b2fb920867046bf30b506a8e845230453c636bb9b9ab6cb7eb9f6d4ad017ca91ceece86c0b83add6d184bd99060032ccb8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD573662513920b8a72b9a6e0de29eb507a
SHA103997696dbb4aabe462703eec03c2fee433592d1
SHA25649b19b93f743ebde97d5be77c9d59ea21e7d77e5f80928977e759e6455ae57a6
SHA512a3f736e5a4b7b2e7878848028ef80b6cf2acc03c24e8f45dfdf602801ffa44315e375b9f5a87bcc08e86c6fe41da19f42ce29914e62d13816981ab2e6f835d5c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD59490e855e76d54a74d2f76a8c902628b
SHA1f6d8af65c9eef5ce082eb536654374a8da5934bf
SHA256d3ce9912c615e75c69e163d4a36f04e131dc306be400799996edac736b016581
SHA512ac51833866c645133edf1f21a5ba7b392bfca52670007d6523cfa112a1958cbed2054deca9ce0787c53157387dc10a504707bb9d713d667c96a09eb616bd2484
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5c63944fbe1a0d873b288a7837422731d
SHA1ed132afbb7f4b849ca36b8019434bde25560bc49
SHA256ca9166b6afbc297d54147869d8f15f34e6f82c5135151bd639ed8f413d3598cb
SHA51265aa240917db8042a4f8ad75fba60024795ec888de64cd86483c03a1de374a90c6a5a7700711ddb20c0d3b50f1b7173a7287e82ff70a3697e00f2880a3e5492f
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\F8C4.tmp\F8C5.vbsFilesize
2KB
MD5a0679dce64fcf875f4208b823d4b85c0
SHA185abe3673db82bfe5b2c207dc98648e32afffea0
SHA25685a07013575a6a890c7b1d26adaa52f17616c4cca673617aa1fc0992aa29dda1
SHA5121e2740a09acc5b0d679acfd740feb3556638f1b6029078668bbb7e067b356fcecf23c5b317b02888822cc180c0eb5cb7e2caf63d92a74515ebc5a1031d80f3a6
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\bg.bmpFilesize
6.6MB
MD5a605dbeda4f89c1569dd46221c5e85b5
SHA15f28ce1e1788a083552b9ac760e57d278467a1f9
SHA25677897f44096311ddb6d569c2a595eca3967c645f24c274318a51e5346816eb8e
SHA512e4afa652f0133d51480f1d249c828600d02f024aa2cccfb58a0830a9d0c6ee56906736e6d87554ed25c4e69252536cb7379b60b2867b647966269c965b538610
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\bobcreep.exeFilesize
92KB
MD5219cd85d93a4ed65a481f353a3de5376
SHA1a38ab77caf5417765d5595b2fcd859c6354bf079
SHA25600c9fdc8b877c7fb8365709155ab28cb3dac282ae7ec9fc9d47a78b408e0d13f
SHA512367644e3bc3310207b5863b09688269c38a55540b8c87e71d66771c954d37d561ed09f3ee11b36c4c8f4a48b618b2e8debae3d93ff684d15305f93a3ade6b3d9
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\gdifuncs.exeFilesize
5.0MB
MD5c47c6a5111193af2c9337634b773d2d3
SHA1036604921b67bbad60c7823482e5e6cb268ded14
SHA2567c4f20624dd062a6c71d845d05c6328d5a903ca96398e2902506591b231ed585
SHA51256698b7b2edc0f94d0f7172c853cbe67ac682d132df768659ebca0c169091acb36ffd0a6874c26e2fb35117061c91c9eca4312532ba778312e3d63cc77ce1262
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\jeffpopup.exeFilesize
780KB
MD54151b988c9d5c550ccb6c3b49bf551d4
SHA110ff979be4a5bbacaf208bdbb8236b940208eed1
SHA2565ec45cc1a109f556d0cd44ba48d3bf11af556ee66dd8b78c94d3ef0e93735e8e
SHA512c73947b534741c29340550066cd1a6b7cbb4387f3be8303f2d1d0cb21c6f430e0415c27daabc82d32570f421934db78dc840403de18aef09d5a4f0cbe4350e4d
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\mainbgtheme.wavFilesize
13.6MB
MD51affa894b52eb1235dcbbb9995999c2d
SHA1fe7d3b6cd378dc477b13b9a56e283c82f8fb10ef
SHA2566902102f7f67aacdf41c493fb5ff695faf99f65d251fd93769091896e530a269
SHA5125bd653ec154905c0f6dd60e2ad362666549e64fa38d888e0d0088ee9fe86150e7799371b7f2748eb2ecc15d1b273f9744e964fefd97f7a3c8c18cdddbc2f82f1
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\mbr.exeFilesize
1.3MB
MD574be3afd732dc010c8266326cc32127b
SHA1a91802c200f10c09ff9a0679c274bbe55ecb7b41
SHA25603fe34795ad0f91fc8eb8c9ebe8094541e4fb4d7095095f8b48f345c2a6d0f0c
SHA51268fa03d640680e37614feccb56f4d41180724cb7c08ba25f9bea3830a44c03d635664d8e0255ab2d05d3613498f4a4dd4398b7971a2cb1c9ae3be93f944946e5
-
C:\Users\Admin\AppData\Local\Temp\F8C3.tmp\tools.cmdFilesize
2KB
MD5288bebe9f904e6fabe4de67bd7897445
SHA10587ce2d936600a9eb142c6197fe12a0c3e8472f
SHA256cf965fcc5a7ca4d9245c706c88b4d5013fb84be27b0ec262facccfadf14bdca2
SHA5127db8e7c1318bcab7cef2c02484a82f347a630443a644b546a5cc339a5a848d1a3e915255f9c357de6ee26817a55d1091d80e2a8e97f66afa5686b3d11ee56c3c
-
C:\Users\Admin\Desktop\YOUDIED 5.txtFilesize
74B
MD505d30a59150a996af1258cdc6f388684
SHA1c773b24888976c889284365dd0b584f003141f38
SHA256c5e98b515636d1d7b2cd13326b70968b322469dbbe8c76fc7a84e236c1b579c9
SHA5122144cd74536bc663d6031d7c718db64fd246346750304a8ceef5b58cd135d6ea061c43c9150334ee292c7367ff4991b118080152b8ebc9c5630b6c5186872a3a
-
C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exeFilesize
5.8MB
MD59a553b22b77c68e3429c2b071bbeeddf
SHA122477f1ebf394e77dd4b42b0d64bd24bcc84e7e4
SHA2566900ca0d005748d1e332dda5b660068bb298125e615dca6de42aec593161e249
SHA512248ced06c878192306e4e992da90a66873b40596f165552c84be37976f5ba104ec2a4d7a11ffc195ceef601895e5eaec162233369f0417b3ef4139d7f9e5ce96
-
C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exeFilesize
12.6MB
MD59b534db5e9388c20f65a1cc87fb3cf4b
SHA193f78bd6db0a8d47580a09f7ae50cf654f5ee151
SHA256c13a9fb521b02fc1d385d7a973875144f3a6aef1fd1306e2ac3dbb78c84b3385
SHA5123c3912e896dd9253f44d80fb7d022782956b7e7b15269b5201c5fd7c548fcf08547de5a8bbd973a842a83a92453219a41bf5fc5def4a9e85262ee48fa2e3ab07
-
C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
C:\Users\Admin\Downloads\Unconfirmed 89308.crdownloadFilesize
15.0MB
MD58f5a2b3154aba26acf5440fd3034326c
SHA1b4d508ee783dc1f1a2cf9147cc1e5729470e773b
SHA256fc7e799742a1c64361a8a9c3fecdf44f9db85f0bf57f4fb5712519d12ba4c5ac
SHA51201c052c71a2f97daf76c91765e3ee6ec46ca7cb67b162c2fc668ef5ee35399622496c95568dedffbaf72524f70f6afcfe90f567fbb653a93d800664b046cd5f2
-
C:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wavFilesize
7.7MB
MD56c84444ca54e3276c06468e6e0a71185
SHA1429f63722ee9192116e12dc5bf81c4124874a7a1
SHA256ff2300b8c5b4950e3be4559f3e9239b4e828e614145b93af7e05ee3bac0b970e
SHA5121fc3700ab6d662cc42037dd291d4d24ad46870ef2813613ade251db46c67f4df28248f68b3347f3aa43255d033de12af7ab333e8b08e97741ae245e0ad0c607e
-
\??\pipe\LOCAL\crashpad_2044_VPPUNQLIWVHLTHLWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1340-748-0x000000000B690000-0x000000000B790000-memory.dmpFilesize
1024KB
-
memory/1340-751-0x000000000B690000-0x000000000B790000-memory.dmpFilesize
1024KB
-
memory/1340-739-0x00000000057D0000-0x0000000005D76000-memory.dmpFilesize
5.6MB
-
memory/1340-740-0x0000000005320000-0x00000000053B2000-memory.dmpFilesize
584KB
-
memory/1340-741-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-742-0x0000000005ED0000-0x0000000005EDA000-memory.dmpFilesize
40KB
-
memory/1340-737-0x0000000000380000-0x0000000000882000-memory.dmpFilesize
5.0MB
-
memory/1340-743-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-745-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-746-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-747-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-764-0x000000000B690000-0x000000000B790000-memory.dmpFilesize
1024KB
-
memory/1340-750-0x000000000B690000-0x000000000B790000-memory.dmpFilesize
1024KB
-
memory/1340-738-0x0000000072990000-0x0000000073141000-memory.dmpFilesize
7.7MB
-
memory/1340-752-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-749-0x0000000072990000-0x0000000073141000-memory.dmpFilesize
7.7MB
-
memory/1340-753-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-754-0x000000000B690000-0x000000000B790000-memory.dmpFilesize
1024KB
-
memory/1340-755-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-756-0x000000000B690000-0x000000000B790000-memory.dmpFilesize
1024KB
-
memory/1340-758-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-757-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-759-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-760-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-761-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-762-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/1340-763-0x0000000005590000-0x00000000055A0000-memory.dmpFilesize
64KB
-
memory/4176-690-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
