Analysis
-
max time kernel
508s -
max time network
583s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23-04-2024 17:33
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Signatures
-
Modifies firewall policy service 2 TTPs 9 IoCs
Processes:
Digital Keylogger 3.3.exewinsrv.exeSilent Keylogger v1.6 Public Version By BUNNN.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" winsrv.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" winsrv.exe -
Processes:
Digital Keylogger 3.3.exeSilent Keylogger v1.6 Public Version By BUNNN.exewinsrv.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" winsrv.exe -
Processes:
winsrv.exeDigital Keylogger 3.3.exeSilent Keylogger v1.6 Public Version By BUNNN.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UacDisableNotify = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UacDisableNotify = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UacDisableNotify = "1" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe -
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\rhj4BB2.tmp acprotect -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
winsrv.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation winsrv.exe -
Executes dropped EXE 32 IoCs
Processes:
9LOG.exeAux Logger v3.exeRapZo Logger v 1.5 ( Public Edition ).exeAux Logger v3.exeAnonymous Keylogger.exeDigital Keylogger 3.3.exeDracula Logger.exeecodsoft-keylogger.exeecodsoft-keylogger.tmpwinsrv.exeRunOnce.exeecodsoft-keylogger.exeecodsoft-keylogger.tmpFungus Keylogger v0.1.1.exeGalaxy Logger.exeGhostMsn_Builder.exeupx.exeHBStub.exeEditor.exeiks2k20d.exeiksinstall.exeJoDeDoR Keylogger 1.0.exeKeyLogger.exeVulcan Logger.exeTTiger Keylogger v1.0.exeTotalLoggerBuilder.exeSyslogger Builder.exeTotalLoggerBuilder.exeTotalLoggerBuilder.exeSilent Keylogger v1.6 Public Version By BUNNN.exeRinLogger.exeRinLogger.exepid process 2900 9LOG.exe 2708 Aux Logger v3.exe 5152 RapZo Logger v 1.5 ( Public Edition ).exe 3880 Aux Logger v3.exe 2936 Anonymous Keylogger.exe 3000 Digital Keylogger 3.3.exe 4176 Dracula Logger.exe 4696 ecodsoft-keylogger.exe 2164 ecodsoft-keylogger.tmp 2960 winsrv.exe 4044 RunOnce.exe 1992 ecodsoft-keylogger.exe 6032 ecodsoft-keylogger.tmp 4364 Fungus Keylogger v0.1.1.exe 3552 Galaxy Logger.exe 4628 GhostMsn_Builder.exe 2700 upx.exe 3448 HBStub.exe 6064 Editor.exe 5088 iks2k20d.exe 812 iksinstall.exe 1684 JoDeDoR Keylogger 1.0.exe 376 KeyLogger.exe 3640 Vulcan Logger.exe 5476 TTiger Keylogger v1.0.exe 4604 TotalLoggerBuilder.exe 3720 Syslogger Builder.exe 5540 TotalLoggerBuilder.exe 4664 TotalLoggerBuilder.exe 5432 Silent Keylogger v1.6 Public Version By BUNNN.exe 4524 RinLogger.exe 5664 RinLogger.exe -
Loads dropped DLL 64 IoCs
Processes:
winsrv.exeRunOnce.exeecodsoft-keylogger.exeecodsoft-keylogger.tmpFungus Keylogger v0.1.1.exeGalaxy Logger.exeGhostMsn_Builder.exeHBStub.exeEditor.exeiks2k20d.exeiksinstall.exeJoDeDoR Keylogger 1.0.exeKeyLogger.exeVulcan Logger.exeTTiger Keylogger v1.0.exeTotalLoggerBuilder.exeSyslogger Builder.exeTotalLoggerBuilder.exepid process 2960 winsrv.exe 2960 winsrv.exe 2960 winsrv.exe 2960 winsrv.exe 2960 winsrv.exe 2960 winsrv.exe 2960 winsrv.exe 2960 winsrv.exe 4044 RunOnce.exe 4044 RunOnce.exe 4044 RunOnce.exe 1992 ecodsoft-keylogger.exe 1992 ecodsoft-keylogger.exe 1992 ecodsoft-keylogger.exe 6032 ecodsoft-keylogger.tmp 6032 ecodsoft-keylogger.tmp 6032 ecodsoft-keylogger.tmp 4364 Fungus Keylogger v0.1.1.exe 4364 Fungus Keylogger v0.1.1.exe 4364 Fungus Keylogger v0.1.1.exe 3552 Galaxy Logger.exe 3552 Galaxy Logger.exe 3552 Galaxy Logger.exe 4628 GhostMsn_Builder.exe 4628 GhostMsn_Builder.exe 4628 GhostMsn_Builder.exe 3448 HBStub.exe 3448 HBStub.exe 3448 HBStub.exe 6064 Editor.exe 6064 Editor.exe 6064 Editor.exe 5088 iks2k20d.exe 5088 iks2k20d.exe 2960 winsrv.exe 2960 winsrv.exe 5088 iks2k20d.exe 5088 iks2k20d.exe 5088 iks2k20d.exe 812 iksinstall.exe 812 iksinstall.exe 812 iksinstall.exe 812 iksinstall.exe 812 iksinstall.exe 1684 JoDeDoR Keylogger 1.0.exe 1684 JoDeDoR Keylogger 1.0.exe 1684 JoDeDoR Keylogger 1.0.exe 376 KeyLogger.exe 376 KeyLogger.exe 376 KeyLogger.exe 3640 Vulcan Logger.exe 3640 Vulcan Logger.exe 3640 Vulcan Logger.exe 5476 TTiger Keylogger v1.0.exe 5476 TTiger Keylogger v1.0.exe 5476 TTiger Keylogger v1.0.exe 4604 TotalLoggerBuilder.exe 4604 TotalLoggerBuilder.exe 4604 TotalLoggerBuilder.exe 3720 Syslogger Builder.exe 3720 Syslogger Builder.exe 3720 Syslogger Builder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe -
Processes:
resource yara_rule behavioral1/memory/3000-970-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/3000-973-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/3000-976-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/3000-979-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/3000-983-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/3000-984-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/3000-985-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/3000-986-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/3000-987-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/3000-988-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/3000-989-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/3000-990-0x0000000002A30000-0x0000000003ABE000-memory.dmp upx behavioral1/memory/2700-1470-0x0000000000400000-0x0000000000546000-memory.dmp upx C:\Users\Admin\AppData\Local\Temp\7zO42585E9C\Editor.exe upx behavioral1/memory/6064-1492-0x0000000000400000-0x00000000005AB000-memory.dmp upx behavioral1/memory/6064-1493-0x0000000000400000-0x00000000005AB000-memory.dmp upx -
Processes:
Digital Keylogger 3.3.exeSilent Keylogger v1.6 Public Version By BUNNN.exewinsrv.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UacDisableNotify = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UacDisableNotify = "1" winsrv.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UacDisableNotify = "1" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" Digital Keylogger 3.3.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" Digital Keylogger 3.3.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
winsrv.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iSafeCW = "C:\\Program Files (x86)\\Ecodsoft Keylogger\\winsrv.exe" winsrv.exe -
Processes:
winsrv.exeDigital Keylogger 3.3.exeSilent Keylogger v1.6 Public Version By BUNNN.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" winsrv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Silent Keylogger v1.6 Public Version By BUNNN.exe -
Drops desktop.ini file(s) 2 IoCs
Processes:
9LOG.exedescription ioc process File created C:\Windows\assembly\Desktop.ini 9LOG.exe File opened for modification C:\Windows\assembly\Desktop.ini 9LOG.exe -
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
winsrv.exedescription ioc process File opened (read-only) \??\E: winsrv.exe -
Drops file in System32 directory 2 IoCs
Processes:
Silent Keylogger v1.6 Public Version By BUNNN.exedescription ioc process File opened for modification C:\Windows\SysWOW64\MSWINSCK.OCX Silent Keylogger v1.6 Public Version By BUNNN.exe File opened for modification C:\Windows\SysWOW64\comdlg32.ocx Silent Keylogger v1.6 Public Version By BUNNN.exe -
Drops file in Program Files directory 64 IoCs
Processes:
ecodsoft-keylogger.tmpwinsrv.exeecodsoft-keylogger.tmpdescription ioc process File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\itemkey.png ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\data.mdb winsrv.exe File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-CHR87.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\cdrom60.png ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-UVEPL.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\stkBk.png ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-P99V8.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\iSafeProtect.dll ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-S4T4C.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-9NPD0.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-7C2LG.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\logo.png ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\hotbg.png ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-2D3TK.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-JF2LR.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-EUT3F.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\logviewicn.png ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-2E7L9.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\RunOnce.exe ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-1N1BM.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-P73M7.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-IFECM.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\zlib1d.dll ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\hotkey.gif ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-QNR30.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\updater.png ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-NLO2B.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\LogTag.png ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-IQ36O.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-BBU16.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\yahoo60.png ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Activity.dll ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\unins000.dat ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\scanstop.png ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-3BE0G.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-6B691.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\doc60.png ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\system.mdb winsrv.exe File created C:\Program Files (x86)\Ecodsoft Keylogger\is-N9J02.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-0UD3C.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-0C2HT.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\PasswordTip.png ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-I5RS3.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\log.png ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-MRIRD.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\facebook.png ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\data.mdb ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-R00M4.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-49UL7.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\register.png ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-O62VS.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-GNLNQ.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-LH6OE.tmp ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-M7OMV.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\uninstall.png ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\quit.png ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\Skin\is-AUH6S.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\MainScan.gif ecodsoft-keylogger.tmp File created C:\Program Files (x86)\Ecodsoft Keylogger\is-3KHFA.tmp ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\smartsense.png ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\pswdbtn.png ecodsoft-keylogger.tmp File opened for modification C:\Program Files (x86)\Ecodsoft Keylogger\Skin\usb60.png ecodsoft-keylogger.tmp -
Drops file in Windows directory 5 IoCs
Processes:
9LOG.exeDigital Keylogger 3.3.exeiksinstall.exedescription ioc process File created C:\Windows\assembly\Desktop.ini 9LOG.exe File opened for modification C:\Windows\assembly\Desktop.ini 9LOG.exe File opened for modification C:\Windows\SYSTEM.INI Digital Keylogger 3.3.exe File opened for modification C:\Windows\iksinstall.INI iksinstall.exe File opened for modification C:\Windows\assembly 9LOG.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 64 IoCs
Processes:
Silent Keylogger v1.6 Public Version By BUNNN.exeOpenWith.exedescription ioc process Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB} Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ = "ICommonDialog" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB} Silent Keylogger v1.6 Public Version By BUNNN.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB} Silent Keylogger v1.6 Public Version By BUNNN.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB} Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Windows\\SysWow64\\comdlg32.ocx" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\Version = "1.2" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ = "ICommonDialogEvents" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1\ = "132499" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\ = "Microsoft Common Dialog Control 6.0" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\FLAGS\ = "2" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CLSID Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Windows\\SysWow64\\comdlg32.ocx" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR\ Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Windows\\SysWow64\\comdlg32.ocx" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32 Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\VersionIndependentProgID\ = "MSComDlg.CommonDialog" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32 Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB} Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\CLSID\ = "{F9043C85-F6F2-101A-A3C9-08002B2F49FB}" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\ = "Common Dialog Color Property Page Object" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CurVer Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CurVer\ = "MSComDlg.CommonDialog.1" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\ = "Common Dialog Font Property Page Object" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2 Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\Version = "1.2" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB} Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB} Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}" Silent Keylogger v1.6 Public Version By BUNNN.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB} Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ = "ICommonDialogEvents" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\Version = "1.2" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ToolboxBitmap32 Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB} Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32 Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\ = "Microsoft Common Dialog Control, version 6.0" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ProgID\ = "MSComDlg.CommonDialog.1" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0 Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Windows\\SysWow64\\comdlg32.ocx" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1} Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Windows\\SysWow64\\comdlg32.ocx" Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ProgID Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib Silent Keylogger v1.6 Public Version By BUNNN.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version\ = "1.2" Silent Keylogger v1.6 Public Version By BUNNN.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exeDigital Keylogger 3.3.exeSilent Keylogger v1.6 Public Version By BUNNN.exewinsrv.exepid process 1660 msedge.exe 1660 msedge.exe 4192 msedge.exe 4192 msedge.exe 2500 identity_helper.exe 2500 identity_helper.exe 5716 msedge.exe 5716 msedge.exe 3000 Digital Keylogger 3.3.exe 3000 Digital Keylogger 3.3.exe 5432 Silent Keylogger v1.6 Public Version By BUNNN.exe 5432 Silent Keylogger v1.6 Public Version By BUNNN.exe 2960 winsrv.exe 2960 winsrv.exe -
Suspicious behavior: GetForegroundWindowSpam 10 IoCs
Processes:
7zFM.exeGalaxy Logger.exe7zFM.exe7zFM.exe7zFM.exe7zFM.exe7zFM.exe7zFM.exeKeyLogger.exeTotalLoggerBuilder.exepid process 6048 7zFM.exe 3552 Galaxy Logger.exe 5340 7zFM.exe 4908 7zFM.exe 1316 7zFM.exe 540 7zFM.exe 5384 7zFM.exe 5956 7zFM.exe 376 KeyLogger.exe 5540 TotalLoggerBuilder.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
7zFM.exeDigital Keylogger 3.3.exedescription pid process Token: SeRestorePrivilege 6048 7zFM.exe Token: 35 6048 7zFM.exe Token: SeSecurityPrivilege 6048 7zFM.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe Token: SeDebugPrivilege 3000 Digital Keylogger 3.3.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exe7zFM.exeDigital Keylogger 3.3.exe7zFM.exeecodsoft-keylogger.tmpecodsoft-keylogger.tmp7zFM.exe7zFM.exe7zFM.exe7zFM.exe7zFM.exeiksinstall.exepid process 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 6048 7zFM.exe 6048 7zFM.exe 3000 Digital Keylogger 3.3.exe 5192 7zFM.exe 5192 7zFM.exe 2164 ecodsoft-keylogger.tmp 6032 ecodsoft-keylogger.tmp 2500 7zFM.exe 2500 7zFM.exe 5340 7zFM.exe 5340 7zFM.exe 4908 7zFM.exe 4908 7zFM.exe 1316 7zFM.exe 1316 7zFM.exe 540 7zFM.exe 540 7zFM.exe 812 iksinstall.exe 812 iksinstall.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exeDigital Keylogger 3.3.exeiksinstall.exeTotalLoggerBuilder.exeTotalLoggerBuilder.exeTotalLoggerBuilder.exepid process 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 4192 msedge.exe 3000 Digital Keylogger 3.3.exe 812 iksinstall.exe 812 iksinstall.exe 812 iksinstall.exe 812 iksinstall.exe 4604 TotalLoggerBuilder.exe 4604 TotalLoggerBuilder.exe 4604 TotalLoggerBuilder.exe 4604 TotalLoggerBuilder.exe 4604 TotalLoggerBuilder.exe 4604 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 4664 TotalLoggerBuilder.exe 4664 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 4664 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 4664 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 4664 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 4664 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 4664 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 4664 TotalLoggerBuilder.exe 4664 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe 5540 TotalLoggerBuilder.exe -
Suspicious use of SetWindowsHookEx 29 IoCs
Processes:
Digital Keylogger 3.3.exeecodsoft-keylogger.exeecodsoft-keylogger.tmpwinsrv.exeRunOnce.exeecodsoft-keylogger.exeecodsoft-keylogger.tmpFungus Keylogger v0.1.1.exeGhostMsn_Builder.exeOpenWith.exeHBStub.exeOpenWith.exeiks2k20d.exeiksinstall.exeOpenWith.exeJoDeDoR Keylogger 1.0.exeKeyLogger.exeSyslogger Builder.exeSilent Keylogger v1.6 Public Version By BUNNN.exepid process 3000 Digital Keylogger 3.3.exe 3000 Digital Keylogger 3.3.exe 4696 ecodsoft-keylogger.exe 2164 ecodsoft-keylogger.tmp 2960 winsrv.exe 2960 winsrv.exe 2960 winsrv.exe 2960 winsrv.exe 2960 winsrv.exe 4044 RunOnce.exe 4044 RunOnce.exe 4044 RunOnce.exe 1992 ecodsoft-keylogger.exe 6032 ecodsoft-keylogger.tmp 4364 Fungus Keylogger v0.1.1.exe 4628 GhostMsn_Builder.exe 4628 GhostMsn_Builder.exe 4240 OpenWith.exe 3448 HBStub.exe 3644 OpenWith.exe 5088 iks2k20d.exe 812 iksinstall.exe 812 iksinstall.exe 4864 OpenWith.exe 1684 JoDeDoR Keylogger 1.0.exe 376 KeyLogger.exe 3720 Syslogger Builder.exe 3720 Syslogger Builder.exe 5432 Silent Keylogger v1.6 Public Version By BUNNN.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4192 wrote to memory of 4872 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4872 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 3916 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 1660 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 1660 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe PID 4192 wrote to memory of 4004 4192 msedge.exe msedge.exe -
System policy modification 1 TTPs 3 IoCs
Processes:
Digital Keylogger 3.3.exeSilent Keylogger v1.6 Public Version By BUNNN.exewinsrv.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Digital Keylogger 3.3.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Silent Keylogger v1.6 Public Version By BUNNN.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" winsrv.exe
Processes
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/bST3VE2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8a3746f8,0x7ffa8a374708,0x7ffa8a3747183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5256 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,9100567294469044556,1467103746894282159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\#keyloggers.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\#keyloggers\9Log\9LOG.exe"C:\Users\Admin\Desktop\#keyloggers\9Log\9LOG.exe"2⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Drops file in Windows directory
-
C:\Users\Admin\Desktop\#keyloggers\Aux Logger v3.0.0.0 Monitor\Aux Logger v3.exe"C:\Users\Admin\Desktop\#keyloggers\Aux Logger v3.0.0.0 Monitor\Aux Logger v3.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\#keyloggers\RapZo Logger 1.5 Public Edition\RapZo Logger v 1.5 ( Public Edition ).exe"C:\Users\Admin\Desktop\#keyloggers\RapZo Logger 1.5 Public Edition\RapZo Logger v 1.5 ( Public Edition ).exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\#keyloggers\Aux Logger v3.0.0.0 Monitor\Aux Logger v3.exe"C:\Users\Admin\Desktop\#keyloggers\Aux Logger v3.0.0.0 Monitor\Aux Logger v3.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\#keyloggers\Anonymous Keylogger.exe"C:\Users\Admin\Desktop\#keyloggers\Anonymous Keylogger.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Desktop\#keyloggers\Digital Keylogger 3.3.exe"C:\Users\Admin\Desktop\#keyloggers\Digital Keylogger 3.3.exe"2⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\Desktop\#keyloggers\Dracula Logger.exe"C:\Users\Admin\Desktop\#keyloggers\Dracula Logger.exe"2⤵
- Executes dropped EXE
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\#keyloggers\Ecodsoft_Keylogger.rar"2⤵
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\ecodsoft-keylogger\ecodsoft-keylogger.exe"C:\Users\Admin\Desktop\ecodsoft-keylogger\ecodsoft-keylogger.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\is-FHCFU.tmp\ecodsoft-keylogger.tmp"C:\Users\Admin\AppData\Local\Temp\is-FHCFU.tmp\ecodsoft-keylogger.tmp" /SL5="$1036A,1183210,54272,C:\Users\Admin\Desktop\ecodsoft-keylogger\ecodsoft-keylogger.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Ecodsoft Keylogger\winsrv.exe"C:\Program Files (x86)\Ecodsoft Keylogger\winsrv.exe"4⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
- Adds Run key to start application
- Checks whether UAC is enabled
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Ecodsoft Keylogger\RunOnce.exe"C:\Program Files (x86)\Ecodsoft Keylogger\RunOnce.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\ecodsoft-keylogger\ecodsoft-keylogger.exe"C:\Users\Admin\Desktop\ecodsoft-keylogger\ecodsoft-keylogger.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\is-NKDVI.tmp\ecodsoft-keylogger.tmp"C:\Users\Admin\AppData\Local\Temp\is-NKDVI.tmp\ecodsoft-keylogger.tmp" /SL5="$F003E,1183210,54272,C:\Users\Admin\Desktop\ecodsoft-keylogger\ecodsoft-keylogger.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\KeySpy\KeySpy.exe"C:\Users\Admin\Desktop\KeySpy\KeySpy.exe"2⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\#keyloggers\Fungus_Keylogger_v0.1.1.rar"2⤵
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\Fungus Keylogger v0.1.1\Fungus Keylogger v0.1.1.exe"C:\Users\Admin\Desktop\Fungus Keylogger v0.1.1\Fungus Keylogger v0.1.1.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\#keyloggers\Galaxy Logger.exe"C:\Users\Admin\Desktop\#keyloggers\Galaxy Logger.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\#keyloggers\GhostMsn_Builder.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\GhostMsn_Builder\GhostMsn_Builder\GhostMsn_Builder.exe"C:\Users\Admin\Desktop\GhostMsn_Builder\GhostMsn_Builder\GhostMsn_Builder.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\GhostMsn_Builder\GhostMsn_Builder\upx.exe"C:\Users\Admin\Desktop\GhostMsn_Builder\GhostMsn_Builder\upx.exe"2⤵
- Executes dropped EXE
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\#keyloggers\HB_v1.2.1_beta.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\HB_v1.2.1_beta\HBStub.exe"C:\Users\Admin\Desktop\HB_v1.2.1_beta\HBStub.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\#keyloggers\IKlogger_v0.1.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Temp\7zO42585E9C\Editor.exe"C:\Users\Admin\AppData\Local\Temp\7zO42585E9C\Editor.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\#keyloggers\Invisible_Keylogger_v2.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\iks2k20d.exe"C:\Users\Admin\Desktop\iks2k20d.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\iksinstall.exe.\iksinstall.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\#keyloggers\JoDeDoR_Keylogger_v1.0.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\Desktop\JoDeDoR Keylogger 1.0.exe"C:\Users\Admin\Desktop\JoDeDoR Keylogger 1.0.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\#keyloggers\Key_and_Windows_logger.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\Desktop\KeyLogger.exe"C:\Users\Admin\Desktop\KeyLogger.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\#keyloggers\Vulcan Logger.exe"C:\Users\Admin\Desktop\#keyloggers\Vulcan Logger.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Desktop\#keyloggers\TTiger Keylogger v1.0.exe"C:\Users\Admin\Desktop\#keyloggers\TTiger Keylogger v1.0.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Desktop\#keyloggers\TotalLoggerBuilder.exe"C:\Users\Admin\Desktop\#keyloggers\TotalLoggerBuilder.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Desktop\#keyloggers\Syslogger Builder.exe"C:\Users\Admin\Desktop\#keyloggers\Syslogger Builder.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\#keyloggers\TotalLoggerBuilder.exe"C:\Users\Admin\Desktop\#keyloggers\TotalLoggerBuilder.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Desktop\#keyloggers\TotalLoggerBuilder.exe"C:\Users\Admin\Desktop\#keyloggers\TotalLoggerBuilder.exe"2⤵
- Executes dropped EXE
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Desktop\#keyloggers\Silent Keylogger v1.6 Public Version By BUNNN.exe"C:\Users\Admin\Desktop\#keyloggers\Silent Keylogger v1.6 Public Version By BUNNN.exe"2⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\Desktop\#keyloggers\RinLogger.exe"C:\Users\Admin\Desktop\#keyloggers\RinLogger.exe"2⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 15443⤵
-
C:\Users\Admin\Desktop\#keyloggers\RinLogger.exe"C:\Users\Admin\Desktop\#keyloggers\RinLogger.exe"2⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\system32\WerFault.exe"C:\Windows\system32\WerFault.exe" -k -lc NDIS NDIS-20240423-1738.dmp1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
6Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Ecodsoft Keylogger\Activity.dllFilesize
42KB
MD5f97a3f5fa8f07dea567705b077d164cb
SHA19dd6c25917cf2a5de651d44586a76c66f261d08e
SHA256af2d7af97ea8e9b4e12b3e7f121b6880209b280b1162885ff4f174ca7634cca2
SHA512e01e042d6c3888e82a4d7d6917ea6dd21738406486eb8a0fc6f5076a580b5e1e25dc2cb6961d7698d82ad0e79e7ceafc23e07ce70b9d4b1fc307a1beed71f064
-
C:\Program Files (x86)\Ecodsoft Keylogger\LogTag.pngFilesize
2KB
MD57610c66abe78089bde11f9c5fa777462
SHA1bfaa9c1656858329c53da8ab3920a2b5436efe29
SHA25677773375195f203d4b80a0cc29461e702459c637c99176cd9b00fe8378394a09
SHA512c89792bb43137c971071e9b8354b3c3730fa2a6124abbae530ac15c0bdf0fb928aa5caf8801a551c4aef44be899c210fda4cc650f33c3b3b34d2bcf8d34d7752
-
C:\Program Files (x86)\Ecodsoft Keylogger\MouseHook.dllFilesize
54KB
MD5b0c520e29c72faa87fb840fbe1f7371e
SHA1bca7a7e12845f6ad85debef4ec1782858cec6684
SHA2560684360ccf1661c9f29a5d08489a3f14616a9d4bd94efc47401e6c98f884b924
SHA5121a27fce378e6a6493fef782b816d5777d87fa598eeb0461391648e0bf748b5e9e133d06a1f1845d4c16404bee08c08a153b43803157d9e1250a85825fceff281
-
C:\Program Files (x86)\Ecodsoft Keylogger\Pa.iniFilesize
947B
MD5e95ef72f83c94125a78cd62358dc93c3
SHA18ded58575bbe573f5ee8c71cac96ec62589947e0
SHA2563a810b662cd67e7b7098869d7a5ec5272be4aba9fec7e282de8efc0b5c39e698
SHA51240a6eeaa166de4ca7cbe652ae8bc152b656b17556a3bdc477212b23cba160ff0bdf905f48ad1f216c3a04ab40ea1fbfd65c1c606ea6b206b754685ffd37f0f65
-
C:\Program Files (x86)\Ecodsoft Keylogger\Pa.iniFilesize
943B
MD5f0fa3146d8a16af7ae4c3141dde58545
SHA15307f99a3dea135b0fc08c616727e9ca7f0601e4
SHA256a096ba6faae4dd92829f3ad3496a56ac038096be8ed4a84568f1e4d1b07ffab1
SHA512d8eb5de424d5eebe7f745435cb1914c9b4848169596c4907702db29d469aa475380fe16e2ceb248776455378c57b99eaa09ce718725d78d921ca57ef29efabdd
-
C:\Program Files (x86)\Ecodsoft Keylogger\Skin\keymig.pngFilesize
4KB
MD5927470edd172648865e03f2c8c8b6f02
SHA14565c67a04f776f6a21afca5f5a2659b66d7cbf8
SHA25671182f117aa039021ba1af9700fa0ada276d1357ede9cbc8376ccc4cb4660adb
SHA512083e5059724bec80fd42edcdacb3cdbbfff054789e4cc9b1af765e948d98157b5548473f6c77d0085ff0b642632e590606fe6f3f7e02cc75a34836ecbf79dc2e
-
C:\Program Files (x86)\Ecodsoft Keylogger\Skin\twitter60.pngFilesize
7KB
MD5d3793e033473bf7d2862a9b4f6d4be3a
SHA1d151047347c6d84b3b46be80045ba80006fb6cc7
SHA2561dd47a931cd4fb60695d9ceece92016408652ae3e66c3255796192236b3a5931
SHA512918f3d56956de371cf16b4b4d0c17f7140cdecc63a44a3dc9f73267a6720af21e6cae0fcb0642e8c666ebbfd210368df4a97db689fbb1d694864e4820b59bc28
-
C:\Program Files (x86)\Ecodsoft Keylogger\USBFind.dllFilesize
69KB
MD5e4050b271f12726a3901325d107d7e7f
SHA1721215ec5d3ab6e3ad3c0f81258e1c8d205de30b
SHA256b414d1cbb5b6a1c8659a402720dee126f5392024edba869603703ec6cf241798
SHA5126de22a6689ed9f64374b2a72282ca4bbea1e2ab7beb5881401cd94aa36f19c648ef219fccd6ca990bbd2bd8cdd2eb8bf5439b1a40c5a42442a9e0c51acf057c0
-
C:\Program Files (x86)\Ecodsoft Keylogger\btnstart.pngFilesize
5KB
MD5d6863195fd833c5829665a2a75bd580d
SHA184d4977c71e09fb2ba19c6fe17e34ebd64c757bc
SHA256bd39798983aa774be3aff7724aeccb20c7e0db504d0655ccabe8044c9a6fc361
SHA5121fe548baacebff0af1f5e6fd5b7b1b39f3f3b0de2663a1d990425230851872d6c99b53f8b7f57d210ecbc9ed0596159b47dfc126f3e8e5d4ef5085eb527b226f
-
C:\Program Files (x86)\Ecodsoft Keylogger\button.pngFilesize
2KB
MD50f6282d6f3dbb1dd3d0d6a180174c364
SHA1464c50eaf125f1ff6eb285c0831ccdcaffe24d80
SHA2560bdd804de4dabe0278862caf517c7a10ee5b74937954b6c02c696ae54bb4b9ce
SHA512f1b6cf34ebfb5dc587b4d37dbe3cdc0eb3fda11efd7143550dad72ce93a37fb39586a320ddfe60b6e91744c7b19f67c219e554e0c3a8106293f9df2be70c2006
-
C:\Program Files (x86)\Ecodsoft Keylogger\data.mdbFilesize
152KB
MD53012e6b13edf174c8c5b1bc387a7e3a5
SHA16db59406e51b9a04dd0a4918b05b0cd4df7292c2
SHA25600ef3f193766e93d0881cf568d4327f71ea8fbaa6da6cc8ad75d93ce6a8e6548
SHA512b42d41261661df6e036a4b053e55a50e6970d9bae90488f3c7220561c79b68742d60a1ffb22cbf582128a93f34c670a74cfe1569b1e7fb61aed0ca9ec9073cc7
-
C:\Program Files (x86)\Ecodsoft Keylogger\iSafeProtect.dllFilesize
77KB
MD5e946ff867fc386d3ba0bdd485b14395a
SHA1314ffde0b45ef71093f3b0d869cae431508f3fa0
SHA256d344c8d6e01ed8fa25b91e3442a81dfc1f7fb0111cd8f50bc897ec6393209ad5
SHA5122f589fb406b9942bf0f402e00915273dcaa0cc79884ca807fb1b86fb8178c8908a1caa78d2b74ece7759263b8485b0a5ae414aefd2a51a23d7c8172f1cc91084
-
C:\Program Files (x86)\Ecodsoft Keylogger\open.pngFilesize
3KB
MD5c8d11272e83225d2c099bfe4bac9758b
SHA13fbde4465b9ef97c87cd727309f5edb7a013d914
SHA2564d3a9e7fb00bafe96580d92542f76000858c4045fb73ef901df19b4850901b13
SHA512edcd47f2c9d98c32dfff80b85e7b979336b19331060e0b20c95afe88dd5c6395d802167b17cf20149344105b90df255865f8fc447917cff8d86be1ffbfa84f6d
-
C:\Program Files (x86)\Ecodsoft Keylogger\setpswd.pngFilesize
1KB
MD5deda4008f6b26c8b59bf98c86cbc25e6
SHA1cc87eca2cff538f489d46c9c0ed25849642f75ad
SHA25664c1559020e824d27a07f9edf5739f07009e1f87365e6290e15eb88426b4dfd2
SHA512d55ebc78eee37aedb8baadaafeb61ccf55867a9d5d0edf18fc9a0f23c361ed45de41706e2395300627479b5a907934607e63019a2f7b8ce1b4b9cb7338466f60
-
C:\Program Files (x86)\Ecodsoft Keylogger\skin\help.pngFilesize
4KB
MD56129d55c763fdb95902c6d19b9ee9deb
SHA16c97da129f5ba63f610b736aa817bd1ab4d3d6b9
SHA256243e6ef0fcf8cc6648fc705317a90ef070b71a4398e35d36c9f7e1e88f8a3aff
SHA512346e616e18ec534ba2d8ec9bfe86ddbedfa15fbc8710ef5b86f942861f678c0d1a59b01339ebf434196301433125162a264de0e8e800317a5c089c73010e2abb
-
C:\Program Files (x86)\Ecodsoft Keylogger\skin\itembtn.pngFilesize
3KB
MD58c8f48f884d58d63893d485b31dcd5e4
SHA1b8a62306fa814ca5aae610da031476fdd10743c4
SHA2566695d507fc027a83a08793f09446ce1c638221a507fa920804a869f3ba40cc35
SHA51237496ed9dd785c0b28d6e5d01ae5fbc33b97addb278c5f1ae3add8560d66dd5c675a87bd976f8b5af640337831ec133f0fecee7efd4d1fb29883e77f458fb0d6
-
C:\Program Files (x86)\Ecodsoft Keylogger\skin\logview.pngFilesize
4KB
MD55a02060f5ff0f0a88ae0761c56beebcd
SHA1c01d1b5346a77ea463c8eb104b8e46a22932755f
SHA256b4b93c97f9bfee1835e6372f62f16a047fddd2e4ed23334e1b88e5cc82263eed
SHA5125b9250d62e8acbf1f08ae38ca2228bb605b835b327002f48a855ce8a643ac28313a625a2c576fc1bd269a7dbfb4f146c69780ac1966b8a1e88379ec8331143ae
-
C:\Program Files (x86)\Ecodsoft Keylogger\skin\quit.pngFilesize
4KB
MD552d5e858b689040260706a92ace2c3d3
SHA19e89a3c5c310774d61f08ba3ed28dca510181b4b
SHA256d1ec12ef99ce724cd2a559e67ca424864716f583094715afd20179b5d49a9b1c
SHA512ea9710fb2c557b34d7db690d1b48b1c3c5a9a1f26239089218f8b05d8c27a79b9b00743fa8eb5c9ea305329925a2640df175a47a9a1e225c2acc01d6be6bff86
-
C:\Program Files (x86)\Ecodsoft Keylogger\skin\register.pngFilesize
5KB
MD5f3d46a66e932fa1e2e36eb34b6f004e3
SHA16c18501e4c92be62614e4568be907ccbea77edac
SHA2564c8cc8202dcd2e654424bdda25149ce76749be40303eaa1c70f94df4fbc00198
SHA51254bab1e16ad228f3d066b9517d3ccdd77b2d354aeffe2f80c42e7430b8e6696106fe83eee3bdf36f141903d233e57cc21c54a42b15b4adc4617ebd071b62a946
-
C:\Program Files (x86)\Ecodsoft Keylogger\skin\tabs.pngFilesize
9KB
MD5cf2df16bef3aa29d714f6e9814290072
SHA1cb937663039c03c08862115d81ec6c5b362369c8
SHA2566ae01cb03a11fd28124de9e631d95072ed295018d707e9806c2c4b0f9ab26957
SHA51279378e45d055cf92dfe754973c6fa623a1c603f9fde1df90d9872f651e361ba7f2abca795261cd3b259b715b566cb930d5c65a101cf5133ad945a0cfd4281552
-
C:\Program Files (x86)\Ecodsoft Keylogger\skin\uninstall.pngFilesize
4KB
MD58562d2b3ec49cabff7f8b3ad8f421bb7
SHA1c7732168249eda42062a5fb732df185e2dee6ef4
SHA256df58337fd509f8e1136ca0cf0a79b3a0b03635cc877728423ee38f225672d0aa
SHA512af6c9f9f183acf77b998b6011e15c223321299747beeb06f9d85f33766c805da73469e66d0eac8120ba31225ce510f99066417ee385195d9a1fe68d78f0795bc
-
C:\Program Files (x86)\Ecodsoft Keylogger\skin\update.pngFilesize
4KB
MD5a641fbed9bd2005706165559991a9b1c
SHA12459dbc129f7faf2d9ca1d4facd0ab798be50f45
SHA256571dd4b957f066c064af59cc0a7c72775170f07f9252d87701ed8125e0884bee
SHA5123bbadd0950a44146c00bd2785666e869a83c21c9cf84028994ec97a57f28c426c5954ab6014857440a93284ee2ecac44524672e1b48f31ad813fc74b55901d1f
-
C:\Program Files (x86)\Ecodsoft Keylogger\winsrv.exeFilesize
3.0MB
MD5eb6f51fcd5979171d76d6cfea90fd697
SHA11cd1ba7aaf76154ef6e006d8c07dcd2e3f15b2b4
SHA2563beda91e9c5356beb19c2b953cfa19da8b565ccd5ee4940aa76380f35a8fe155
SHA512f762968a76a3d1084578957bff5dbc13020c2203a42cf2c7946da27b211a00adee8e2fbc9bcf3faaa90ddcf0b332cfcaa2e9daaa055807ec95ca328ec605137c
-
C:\Program Files (x86)\Ecodsoft Keylogger\zlib1d.dllFilesize
192KB
MD50d385319da3dba49656a0f4f6b8e8dfe
SHA133519585735e7e68681b77edbe2fe14c038a9332
SHA256a75b15cfa275bd74719de4b1abb3fabe2744878c68663d22305acf91463ebaba
SHA512c31cb6f88158e8c7405858576a00d7fabca90630ee62a79462cf01bf5768d4fe6683b7c5e15aba2626b819a0c9e3cf60f26c903d5ec38a241a7319fca84975d3
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Aux Logger v3.exe.logFilesize
774B
MD5b974ab087c745441cc0b092079f98f64
SHA1c0189fa183504cd38b96b93519376f246798fc25
SHA25676dfc18fae561e7a4a6966586194ffea3b975ea1515fcbd3855b51301c5d9c85
SHA5128a9ea7e7b989dd492d2ef620e5fa45cd4041b73e8bf9dc2f645664c73e124595db793c10369fedba58da6dbe41820af19c59bc48533b737a18b02fc559d6be98
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5120a75f233314ba1fe34e9d6c09f30b9
SHA1a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA5123c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5bc2edd0741d97ae237e9f00bf3244144
SHA17c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA51200f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD5cf45e50d97d92f1302b8b0d89acee52f
SHA1d6bf5cf476c8141148795db9fc626facdfce8fa1
SHA2565b7552c04568f8d4a65c26bc5b15fe5d0b604a98383cf2919a0d51f58df39e79
SHA512580b50ee11374a3326267629f98b36a2b733a9792795b3a09ae8902feccf91e4e7046ddf1097bb0d686108ae4fdaae3c82c3d8169a86892a837418a08322ae88
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
317B
MD5afc6cddd7e64d81e52b729d09f227107
SHA1ad0d3740f4b66de83db8862911c07dc91928d2f6
SHA256b5e81a7c7d80feaaa10ee7bc8aaef9f21a5c1e4b03b3823ed115022311d674a0
SHA512844edb69585153c378a7c97709983776fc9303a32fb5ef8122ecca32adfc0b265f5ef7118ee07814da5c020ac7ba1bf2a2f66d46312e4d8e6df99aab2e5f9b2a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b5d33c34e5562a0f032e4e5565272325
SHA1fdc9dd5d2c7ea3384a8928912639f0f5829a7d9a
SHA2566f3b5eb87da36d2fca02e400f8c049abb179d163d6114e996b45f14c4a0f7eb1
SHA51248f980b1ab80f60e291bbd235fbf37684f324c2ba12364c4fcf142d4c76d4dcd82faa17280aa6d25ee116cda1b1682160bfa6920d237dc0ebbc142205911d77c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD518aa812af26a376a156bffe1247c65cc
SHA1c195c8ee03e835dace925317ac5038301fd7c5b5
SHA2567c6f97669aaa09ff24c217e09004769137155e71dbbb2048b64a2b81973ca9b5
SHA51240261144824b9c23c814f6cc3bafd4c0dbec895fbd378b938475965ebd14a7516f4b0d1419a4434be14bf77e427c59eb373ef3f613c6e64d52b44f2271d21fcd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5cce7ab49991c06c678c7981449cf3265
SHA16d79d3e0f3329771d9a02db7bc5a9493783c61bc
SHA256c0456eeca0e972d64fab4aa1bbecc11e60d4cb02a0739600480ccf41e7473dae
SHA5125963c749f16593a654493af73ba1c4f67c28b6c91bb96366ec8df70f443537d46306fc1d2c7dc44a70552ee8b3f3655bc4fee241421dbb1ee43cb25a6ea3ff52
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5085feffaba257be825bc7471c7632fc2
SHA14f92653c7ff74c1ce312c9d7cfba7ca620ecd840
SHA256728203341184167ebd21bae314188a84256f886d503df7b0d54902cf83b6f9a5
SHA5120f8adcb64279b439235598ee639d6ac485202a973aab72ef5a82731068bc8d036cf1336443d80c5602841264b5779073b47f5e2431a3996f08276f1fc9e1feb6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5f269cc26ab4277593b5fe317de03ba2b
SHA1ad1fd3487f44c103e5172ef87cead7e5407d9187
SHA2560415c20de495084c1ed8c648824110ea2b88b92c14f6d5dac8e39073fe4c37bf
SHA51215c6ea5502810e756e47e6c180f36be47287c07b974a178bf5d26273b17636481ae611b9a9f4cc52bbc5dbdbabd4b2079ea6855ef5afa78e59665d6588068ab5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5a3ffa9da4d9e069d296d78c63e4a1b72
SHA14b692d3b7df4134118543567c49990f8d6c34792
SHA256cea9115da4e4cb300039ee56b8d0751cb5ff6e45b734e3f0d6f3310b2b614d5d
SHA512dd842c0fa18fed4c43e8949c7d912f03d8bee97f519a8ef3ec30ad7aac3852e82038d545ea1d3b02a76aceceb2f000a48e33549fa3e263f29aec60e8e2dd7ee8
-
C:\Users\Admin\AppData\Local\Temp\7zE0A7107F7\#keyloggers\Unknown Logger Public V 1.2\Unknown Logger Public V 1.2 - Project\Unknown Logger Public V 1.2 - Stub\obj\x86\Debug\Unknown.Form1.resourcesFilesize
180B
MD5d85fe5b9a2e22066b1d7dc89c16ee527
SHA178147369bcac902b8aefbe59e26852e0e179bfb6
SHA256a3237a994521c1904b0367691fdafc8b4b309371b845157bd149f27b53849d76
SHA512c6db19663c1dec0d3d8c34b33f516d51ca8f9cc2710aa5d746c2cf65ee0e2ffc6a4ea2c22e98c7a8c9271daf51d0b787d2b6ad2b3b3f9298ddc9a3d4b162d37b
-
C:\Users\Admin\AppData\Local\Temp\7zE0A7107F7\#keyloggers\iSpy Keylogger V3\Keylogger\Keylogger\bin\Release\stub.exeFilesize
59KB
MD50a0dabc1bbe2f8f1fcb6de5e0bbf03bf
SHA11028485fd994fc3a6fc2aa9846ce2e7e97688348
SHA256cb8ea092b5475ac028f971f33c5faf548ddfde9e2e08e7a4e12528282db1f01b
SHA51227d1f0705b2236ac86321d2066eaf057711e1b7e806e38ada6de9f6db40afc14dff2a677e5888e36556dcd24199e33fe54e439ee66d1885952a9a5b9644f7795
-
C:\Users\Admin\AppData\Local\Temp\7zE0A7107F7\#keyloggers\iSpy Keylogger V3\iSpy Keylogger\bin\Debug\Galaxy Logger.vshost.exe.configFilesize
117B
MD5d0089718b62f6e9d91154acae007699c
SHA16b7168ae1fa2fa7cf268e36ba4678aed2b9dbb5d
SHA25683233e66d0f47f016ac44626c179f9006bdb15c22586ee737278a281a8e0a503
SHA512a498eb1505894ce30f8a518432b41c85275defccdb339fea6c0a5425fdd00583da16e3524a175292615929d5bc6ec9eba20b2c9e363a575bdb2763ac2a7cea6b
-
C:\Users\Admin\AppData\Local\Temp\7zE0A7107F7\#keyloggers\iSpy Keylogger V3\iSpy Keylogger\bin\Release\Mono.Cecil.dllFilesize
301KB
MD5e1205d6a2ed0c2de095593bf8e1ab842
SHA1e344de6c6ec8083d0fcb0d747ae5e6ed8902de96
SHA2562b7164d8f6ed8a956088740774d7f4b28bd6c1ee25962bbc716969ca5d82b24b
SHA512a048bc7db4997a07df0cb166b9479b2f0cc9a81a6376c05c20bc00dfe57626d83f738f86b38664015bcb53e7ad4d41ce346d0990a214df5972ddc36ac4dc17cf
-
C:\Users\Admin\AppData\Local\Temp\7zE0A7107F7\#keyloggers\iSpy Keylogger V3\iSpy Keylogger\bin\x64\Debug\Galaxy Logger.vshost.exe.manifestFilesize
2KB
MD50862014b15ef2c46cb5ac4f7dee42213
SHA13261cd162bda1fa4d24bd5bf18a04159f908f6c9
SHA256ab5a1eb9bcf1bdb134803099c8e31c1783868c07053583ade56f85e3887b03a3
SHA512d22173523b583e7e697c6604b919feac48bf9933de09533b0d83124dc6cdaafb439e58b508c5a7422d3bb36b196c12ded0dbf887fc192ba03299bec45a7917f5
-
C:\Users\Admin\AppData\Local\Temp\7zE0A7107F7\#keyloggers\iSpy Keylogger V3\iSpy Keylogger\bin\x64\Release\Galaxy Logger.vshost.exeFilesize
22KB
MD5da4e23aceac38213052dd9dead13571d
SHA166e689243342762dd64f9bab998505d7cc453b6b
SHA256327983cff9c61c976b1cd64386a40ca18858178a2029ff4ece2c19388d0c61bd
SHA5127b957cda964a27c2c0b3a5ecf48fe2b01710dea3d01f444c0fa865d1c2bb8a0fb50faca55cb698bfb661de33fbc9d02119029f863905c644db7c013eba4432e6
-
C:\Users\Admin\AppData\Local\Temp\7zE0A7107F7\#keyloggers\iSpy Keylogger V3\iSpy Keylogger\frmTOS.resxFilesize
11KB
MD5052acdca5e550b6d18ea908af9b68292
SHA1b263e846a7c471740df76d2cc018b60d2b5eb310
SHA256107afa8ad240c9a3abda8960deb9766f102450a99199d42b9941d6d51657003b
SHA5124c16167e3b8a28c1ac3998f38ab1f969918751824e4afdda35d7c8c73da024e86c2428d85dabeaca71547743f306216c7e2c6470cd937b4260b1079f2baf38ce
-
C:\Users\Admin\AppData\Local\Temp\7zE0A7107F7\#keyloggers\iSpy Keylogger V3\iSpy Keylogger\obj\x64\Debug\iSpy_Keylogger.frmBuilder.resourcesFilesize
91KB
MD5b3a32191eabf787a7b8212f175ffce5b
SHA1b2a1e0303692bc1d8c8513779a827ee252179714
SHA25622ce411dd8b9381b311ed6ec3db7908500bb982942435b10fac9102f5af8d815
SHA512302a6b3244aef9a42ae6727ed3831e3beefa7bf6cf6ddc628c128a6cb40045b402ec222c20341165eabeec62ce778464ec9f859e414c3e793678b8411f568b8d
-
C:\Users\Admin\AppData\Local\Temp\7zE0A7107F7\#keyloggers\iSpy Keylogger V3\iSpy Keylogger\obj\x86\Debug\Galaxy_Logger.Form1.resourcesFilesize
51KB
MD5db86d9840bf23571cc645299ffa050e5
SHA1d95d6dca3752be0127ac38de0a26ab10c070d0d0
SHA25659da81f73dc9346b999564b1eab2f3b2ba2dc677190dfc980bcc54212c3c1209
SHA51212d1979b0bd52cb15e70d39a27bbc04e61bb64b02d56a0cf6e460458fe0770b2df61acc1fa107ca2538a0067212056026bdad933d235867adea605ddc853dcd7
-
C:\Users\Admin\AppData\Local\Temp\7zE0A7107F7\#keyloggers\iSpy Keylogger V3\iSpy Keylogger\obj\x86\Debug\Galaxy_Logger.frmTOS.resourcesFilesize
5KB
MD5772dae5bbb50ba4b8fad3819e0462683
SHA1d3a7b60fb64b5a145ef9d712781427ff838a36f3
SHA256f4612803ebdd4b0bf163b81043634aa7098719e62b1730c013e6792614dd869c
SHA51241c57c2d5fa275972c2ff2c9236c6fa521ecd67fbbd1b4579bf0086b87f0cdfef86b93b7641c5a0d8e7517d2fb8ef85a07e36ce06844aef4214f8edd38a6f0cb
-
C:\Users\Admin\AppData\Local\Temp\7zE0A7107F7\#keyloggers\iSpy Keylogger V3\iSpy Keylogger\obj\x86\Debug\iSpy_Keylogger.Properties.Resources.resourcesFilesize
139KB
MD5947e286002054df452e38a088909de09
SHA15e2307909aa25d1560d141a6c66e40c3cbda5811
SHA2564a5306927f9ca7cdae2ce83f08c73320f9c62e26185033dcaf6e08961cf28955
SHA5128243adfc21ace229df6a070bb12b328d3d33b63e786c4e8dcd07015e4327150016a58caa1ff013271050a6eb612882dbb6531af228bd6f1b05579f039e9d63c1
-
C:\Users\Admin\AppData\Local\Temp\7zO42585E9C\Editor.exeFilesize
310KB
MD5025ffd7cfd90a0722a453fddd0f39275
SHA17851cdfa6eff718c332e5c292684baefadebb61c
SHA2563243ee8f7323fe5e335209726f042b11dab41d85839fb50fa2a4da4594e46ba4
SHA5120a7459c1105c460317bb9eb36c82c84a3f6c541784985d4cf76b77d4047bb488a4763a28d3fd3a677c8a1b04d89cd152f3a4a20269b1c4ff8ecba90555c07ca2
-
C:\Users\Admin\AppData\Local\Temp\is-FHCFU.tmp\ecodsoft-keylogger.tmpFilesize
824KB
MD5ea7302d8cc37b6bd6c11fd41f72aab9f
SHA11d3323eb8a74c8286b948c5c681fa549acfed565
SHA256f0461055914843c0c7b178ae646bd8c72ef98f62cc965568f34092dd3198dafa
SHA51224137d830c1a8c2c3a72b33c436de869a9c3183cbb30a11145379d5a08168a1f4fad1077e8dd64d08b0cdfb141a9b79bee33005957bb343529012297e8ec8ae5
-
C:\Users\Admin\AppData\Local\Temp\is-L526V.tmp\_isetup\_shfoldr.dllFilesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
C:\Users\Admin\AppData\Local\Temp\rhj4BB2.tmpFilesize
172KB
MD5685f1cbd4af30a1d0c25f252d399a666
SHA16a1b978f5e6150b88c8634146f1406ed97d2f134
SHA2560e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4
SHA5126555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9
-
C:\Users\Admin\AppData\Local\Temp\thj4BC2.tmpFilesize
64KB
MD584111eb5a2a9acb140eef0af3933ee50
SHA1d35f95f31075c24d122ea6c7f79a2563ad10b7c4
SHA2561916561b739ca8a49c2a9694e0f2ebd43498e6fa464103761843bffdac197b35
SHA5129c66574222b8cfb83c3c6e365219accd75e7542623d0234b565dda730258eb36166ffb2da99aabe527a63bb14ed148d0c77d19d2fb6154257ec36beb8b094358
-
C:\Users\Admin\Desktop\#keyloggers\9Log\9LOG.exeFilesize
244KB
MD55235073571b66466c6e1f4933f731e4a
SHA1d58e79f1fccfd3fc9f753d76d5eec18ea6bb176a
SHA2562f8b53d847252b8e8b15ddddf96b4fb1129a902ffa91bb6b0cd08871d2bb2079
SHA5125d94dc5e532a7bbf5a61e17cc2c90de0a60f0bfe17a418930880ccb718b978f2f66322c67b39334e2e0808bfd7e3df84b9b487a542d46a731b591b46df461afd
-
C:\Users\Admin\Desktop\#keyloggers\Anonymous Keylogger.exeFilesize
318KB
MD570f7fdd57cd561a114ac03e1f50649fe
SHA1efdda56c5ee07ce3cd2acf51e5655d786d828e90
SHA2569f08561de1eb32642a366d27532450c7908d1f1fadd1667fdf49187b584f5e69
SHA512113db0056db03700027b46db11f83b0c763af10798c643c1ade655f3f8ad51b2e8afbc2a7db3133082a1c3b35bf2a236985517029eff137fb449d3e6c93a4448
-
C:\Users\Admin\Desktop\#keyloggers\Aux Logger v3.0.0.0 Monitor\Aux Logger v3.exeFilesize
156KB
MD560be32f975df64b3053b627ef404b9ea
SHA1c7dd4ee73e1640adeb0f7b19c01dbe0e8a674d22
SHA25657482272515c491763121a63dae7b71f21db2fa7bf4b38f4dfb545f204153a07
SHA5125f49c471b882e0a95b9607a2309c07d28d296591ecfaddb63a9986af115e3bb0d9a20fdf359be90e09ffc89752098056265f8de21dbc75fcede79144d600cc22
-
C:\Users\Admin\Desktop\#keyloggers\Aux Logger v3.0.0.0 Monitor\zip.dllFilesize
64KB
MD53e9abec69b8b2905d45cbaaf8463a7d2
SHA1f55c4252bf37e6959ebe4f25aec98931f6d70fe5
SHA2565e58eddc9f44696628c9d22c1b1bd5dfc4fd71bbf7e7e0bf11f1d394c0e4291b
SHA5121443d2914881028bfae86fa3f9a77f9a52b6d11b0ac798ad5d81967461f74f5c97195e716728380e594dd08574a18ab0a04f8f4660d09ce2e1e356c52ead59a5
-
C:\Users\Admin\Desktop\#keyloggers\Digital Keylogger 3.3.exeFilesize
788KB
MD51946f371b3798d06da6e05659ca5ee4a
SHA139ab80902f0ad7a5358dbf82392e8a0bf9bf0bc9
SHA256a12f45971bc5aa4c0a3429c6a13ed66c9d030c2a44a208ebbf9accc11e9f7221
SHA512d1cef03f3a6109618aebc663628145246399a3d7896e38ee0afb15d3c1e4075d201300e39a26d9f776e61205c40a7d2e4ffa3e56145e9b32be4738a498535a08
-
C:\Users\Admin\Desktop\#keyloggers\Dracula Logger.exeFilesize
501KB
MD5f51a2895a0aee4f6290de37ac8a2042f
SHA165e9110112fb60a9f0e21e4ed5a8f5dd5603de5a
SHA2560bfad1ffad03842b90fa7790f838ee78aa3ab10093cd041f6f8f0037219954a1
SHA512a6f830d2e30f2c44902d0e2b79cf1462213e7b5d1611b2a991b3216b6e6b39056b3fe0e4ea5bd679661d26d8b04ecad214a5914e69731e4c54c3258a1bcd7b61
-
C:\Users\Admin\Desktop\#keyloggers\Ecodsoft_Keylogger.rarFilesize
1.5MB
MD524e2df14bf94ea710e4dfda4a4124a62
SHA115e03e20ea6341f5ad5ba91fef3c5f630aa67bf9
SHA256bce92882d153e87785d424a012aee75e535d0c7c11ebd9c737e023bc24e4fa3f
SHA512fb3312c940c9a51e82f27d17e54b028b0c430b48f6dcbec82313d41ce30054a274b293e10c1c9d92f1fb7a2732e0d54fb9cd6400ff5875228f8b0bae5b5ed0fa
-
C:\Users\Admin\Desktop\#keyloggers\RapZo Logger 1.5 Public Edition\RapZo Logger v 1.5 ( Public Edition ).exeFilesize
364KB
MD5c6bf2f41038354e622f9ecb5dba5c9aa
SHA108f5cfda93b4da9740fc3a843ea59553d6fa5ec8
SHA256098d73f577c581b7067dfa3c9482ee6aa0735aa2aba6a7ba3a680df2baabda1f
SHA512f42aa802ced197b69b13d66a393d38680b2255d99d52af5d530a50399ffd5a2fc72de5a7595f25a5c39e531e239a141858738b4dac78ec9d06c27da98e34c26d
-
C:\Users\Admin\Desktop\ecodsoft-keylogger\ecodsoft-keylogger.exeFilesize
1.5MB
MD55c782301a427e1359ec2eb9777473ea8
SHA11ae30b9bcb0fe68dbca179b637086ec59848d81f
SHA256d3c857841b404e122ac04fc78f0d63fb1e3c462ee693a51777d63ac6bf239e67
SHA512a1394f84041c8269cfe124417a3142ad4b08e4d4c467a79a08e0e1b510a76396dac23c1ce5b584831446d21fe84525d6da8f008363f3b704a619dc914de23ee8
-
C:\Users\Admin\Downloads\#keyloggers.rarFilesize
68.7MB
MD5b98b22e6ef75ce66dcf805fbbb6dd5a7
SHA14bbb35eb286ce0772ad9a5c0229317504a2b8ade
SHA256d0e60c6e5fbbb0911bb2072c708e20ea6edd146834b94a28b4aae9373a7d84ff
SHA5127e32a8fc5cd0ca58dd496053d470f4bd2e830882eac266ce56f43ddd8288ca2025912258b85a3b296e395e96ddc97fb4984ace3a71dc51ca079471e2fcdd1d0d
-
C:\Windows\SysWOW64\MSWINSCK.OCXFilesize
152KB
MD51c4115b0ce6bb03701e9f1aca0e3e710
SHA1c9584704e5341510674d359eab2c5dd0039c8bd6
SHA256ebc1722d33d1598563d9545e3945e4d27377a3a80476ec2a5b69a6ce53d1206d
SHA512ba11afa327b62c0e33ee9c10de453b31a0d7cf1829b120f72892b09fc4eb25989fab715614d3854d55e0cdc2209ee214679be664cd5432406effc7d6b54624f2
-
C:\Windows\SysWOW64\comdlg32.ocxFilesize
136KB
MD53ec0a48ed8d8a019175cfa3952ccb3b7
SHA1075ffa431a55a272c2cdfe465ac130ab654ba9e8
SHA256f9ecca1f6718f7ab711e3f675dce438930079ca8649f101fb41a93d85977149d
SHA5120c51c31c0fa9d5b4909a5085bd72881c4e4867f90c0e576d5344b311f4e1d22ed7141ff359e43dcf53e8c84782bc34062c16dab04f63e73487e91b1db4cc33ca
-
C:\dvmbrx.pifFilesize
100KB
MD5df251cf7065ae75502009737b8e675ae
SHA15edc41ee7260abb62807e13c2938c40857da50a4
SHA2568e47d2becd70e875fda67839799c34c180d49da7eab989a5da00ebf6dc254cc3
SHA51285b16a4e1f9dc31cf6fc544c960fdb8652e528782087f93a594a6a1f4b96bb11a4503b4c6fa03b030e7f610f42792b9668bb3b9587bfc7dec9ec5f356b871e85
-
\??\pipe\LOCAL\crashpad_4192_AYIBLCAKQFUCRHHXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/376-1561-0x0000000002190000-0x000000000219F000-memory.dmpFilesize
60KB
-
memory/812-1529-0x00000000020F0000-0x0000000002163000-memory.dmpFilesize
460KB
-
memory/812-1527-0x0000000002320000-0x000000000232F000-memory.dmpFilesize
60KB
-
memory/1684-1552-0x00000000029A0000-0x00000000029AF000-memory.dmpFilesize
60KB
-
memory/1992-1431-0x0000000010000000-0x0000000010018000-memory.dmpFilesize
96KB
-
memory/1992-1430-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1992-1414-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1992-1402-0x0000000002770000-0x000000000277F000-memory.dmpFilesize
60KB
-
memory/1992-1400-0x0000000010000000-0x0000000010018000-memory.dmpFilesize
96KB
-
memory/1992-1399-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1992-1396-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/2164-1315-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/2164-1023-0x0000000002510000-0x0000000002511000-memory.dmpFilesize
4KB
-
memory/2700-1470-0x0000000000400000-0x0000000000546000-memory.dmpFilesize
1.3MB
-
memory/2708-926-0x00000000014E0000-0x00000000014F0000-memory.dmpFilesize
64KB
-
memory/2708-938-0x00007FFA753C0000-0x00007FFA75D61000-memory.dmpFilesize
9.6MB
-
memory/2708-936-0x00000000014E0000-0x00000000014F0000-memory.dmpFilesize
64KB
-
memory/2708-935-0x00000000014E0000-0x00000000014F0000-memory.dmpFilesize
64KB
-
memory/2708-934-0x000000001D0A0000-0x000000001D0EC000-memory.dmpFilesize
304KB
-
memory/2708-933-0x00000000017A0000-0x00000000017A8000-memory.dmpFilesize
32KB
-
memory/2708-932-0x000000001CE40000-0x000000001CEDC000-memory.dmpFilesize
624KB
-
memory/2708-931-0x000000001CCB0000-0x000000001CD56000-memory.dmpFilesize
664KB
-
memory/2708-930-0x000000001CBB0000-0x000000001CC06000-memory.dmpFilesize
344KB
-
memory/2708-924-0x00007FFA753C0000-0x00007FFA75D61000-memory.dmpFilesize
9.6MB
-
memory/2708-925-0x000000001C3B0000-0x000000001C87E000-memory.dmpFilesize
4.8MB
-
memory/2708-929-0x000000001C880000-0x000000001C894000-memory.dmpFilesize
80KB
-
memory/2708-927-0x00007FFA753C0000-0x00007FFA75D61000-memory.dmpFilesize
9.6MB
-
memory/2900-912-0x00000000750E0000-0x0000000075691000-memory.dmpFilesize
5.7MB
-
memory/2900-913-0x00000000750E0000-0x0000000075691000-memory.dmpFilesize
5.7MB
-
memory/2900-914-0x0000000002110000-0x0000000002120000-memory.dmpFilesize
64KB
-
memory/2900-917-0x0000000002110000-0x0000000002120000-memory.dmpFilesize
64KB
-
memory/2900-921-0x00000000750E0000-0x0000000075691000-memory.dmpFilesize
5.7MB
-
memory/2900-918-0x0000000002110000-0x0000000002120000-memory.dmpFilesize
64KB
-
memory/2900-919-0x00000000750E0000-0x0000000075691000-memory.dmpFilesize
5.7MB
-
memory/2936-966-0x0000000074F70000-0x0000000075720000-memory.dmpFilesize
7.7MB
-
memory/2936-959-0x0000000005C80000-0x0000000006224000-memory.dmpFilesize
5.6MB
-
memory/2936-960-0x00000000056D0000-0x0000000005762000-memory.dmpFilesize
584KB
-
memory/2936-961-0x00000000058C0000-0x00000000058D0000-memory.dmpFilesize
64KB
-
memory/2936-962-0x0000000005600000-0x000000000560A000-memory.dmpFilesize
40KB
-
memory/2936-963-0x00000000058D0000-0x0000000005926000-memory.dmpFilesize
344KB
-
memory/2936-964-0x00000000058C0000-0x00000000058D0000-memory.dmpFilesize
64KB
-
memory/2936-958-0x0000000005630000-0x00000000056CC000-memory.dmpFilesize
624KB
-
memory/2936-956-0x0000000000D20000-0x0000000000D76000-memory.dmpFilesize
344KB
-
memory/2936-957-0x0000000074F70000-0x0000000075720000-memory.dmpFilesize
7.7MB
-
memory/2960-1310-0x0000000000870000-0x000000000087F000-memory.dmpFilesize
60KB
-
memory/2960-1312-0x00000000009A0000-0x00000000009B8000-memory.dmpFilesize
96KB
-
memory/2960-1314-0x00000000009C0000-0x00000000009F0000-memory.dmpFilesize
192KB
-
memory/3000-990-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3000-978-0x0000000003C60000-0x0000000003C62000-memory.dmpFilesize
8KB
-
memory/3000-969-0x0000000000400000-0x00000000004C7000-memory.dmpFilesize
796KB
-
memory/3000-970-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3000-973-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3000-980-0x0000000006290000-0x0000000006291000-memory.dmpFilesize
4KB
-
memory/3000-976-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3000-997-0x0000000003C60000-0x0000000003C62000-memory.dmpFilesize
8KB
-
memory/3000-1003-0x0000000000400000-0x00000000004C7000-memory.dmpFilesize
796KB
-
memory/3000-989-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3000-988-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3000-987-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3000-979-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3000-986-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3000-985-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3000-984-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3000-982-0x0000000003C60000-0x0000000003C62000-memory.dmpFilesize
8KB
-
memory/3000-983-0x0000000002A30000-0x0000000003ABE000-memory.dmpFilesize
16.6MB
-
memory/3448-1478-0x0000000004A70000-0x0000000004A7F000-memory.dmpFilesize
60KB
-
memory/3552-1442-0x0000000072A50000-0x0000000073001000-memory.dmpFilesize
5.7MB
-
memory/3552-1447-0x00000000093D0000-0x00000000093DF000-memory.dmpFilesize
60KB
-
memory/3552-1444-0x0000000072A50000-0x0000000073001000-memory.dmpFilesize
5.7MB
-
memory/3552-1443-0x0000000001200000-0x0000000001210000-memory.dmpFilesize
64KB
-
memory/3880-952-0x0000000001600000-0x0000000001610000-memory.dmpFilesize
64KB
-
memory/3880-949-0x00007FFA753C0000-0x00007FFA75D61000-memory.dmpFilesize
9.6MB
-
memory/3880-950-0x0000000001600000-0x0000000001610000-memory.dmpFilesize
64KB
-
memory/3880-953-0x00007FFA753C0000-0x00007FFA75D61000-memory.dmpFilesize
9.6MB
-
memory/3880-951-0x00007FFA753C0000-0x00007FFA75D61000-memory.dmpFilesize
9.6MB
-
memory/4044-1392-0x0000000003250000-0x000000000325F000-memory.dmpFilesize
60KB
-
memory/4044-1391-0x0000000010000000-0x0000000010018000-memory.dmpFilesize
96KB
-
memory/4044-1395-0x0000000010000000-0x0000000010018000-memory.dmpFilesize
96KB
-
memory/4176-1010-0x0000000075160000-0x0000000075711000-memory.dmpFilesize
5.7MB
-
memory/4176-1007-0x0000000001100000-0x0000000001110000-memory.dmpFilesize
64KB
-
memory/4176-1006-0x0000000075160000-0x0000000075711000-memory.dmpFilesize
5.7MB
-
memory/4176-1008-0x0000000075160000-0x0000000075711000-memory.dmpFilesize
5.7MB
-
memory/4364-1439-0x0000000010000000-0x0000000010018000-memory.dmpFilesize
96KB
-
memory/4364-1440-0x00000000021D0000-0x00000000021DF000-memory.dmpFilesize
60KB
-
memory/4364-1441-0x0000000010000000-0x0000000010018000-memory.dmpFilesize
96KB
-
memory/4696-1016-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/4696-1328-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/4696-1018-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/5088-1512-0x0000000003AA0000-0x0000000003AAF000-memory.dmpFilesize
60KB
-
memory/5088-1542-0x00000000004F0000-0x0000000000563000-memory.dmpFilesize
460KB
-
memory/5152-942-0x0000000000FE0000-0x0000000000FF0000-memory.dmpFilesize
64KB
-
memory/5152-946-0x0000000075160000-0x0000000075711000-memory.dmpFilesize
5.7MB
-
memory/5152-941-0x0000000075160000-0x0000000075711000-memory.dmpFilesize
5.7MB
-
memory/5152-943-0x0000000075160000-0x0000000075711000-memory.dmpFilesize
5.7MB
-
memory/5152-944-0x0000000000FE0000-0x0000000000FF0000-memory.dmpFilesize
64KB
-
memory/6032-1421-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/6032-1429-0x0000000010000000-0x0000000010018000-memory.dmpFilesize
96KB
-
memory/6032-1428-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/6032-1424-0x0000000002180000-0x0000000002181000-memory.dmpFilesize
4KB
-
memory/6032-1410-0x00000000049E0000-0x00000000049EF000-memory.dmpFilesize
60KB
-
memory/6032-1419-0x0000000010000000-0x0000000010018000-memory.dmpFilesize
96KB
-
memory/6032-1415-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/6032-1404-0x0000000002180000-0x0000000002181000-memory.dmpFilesize
4KB
-
memory/6032-1403-0x0000000010000000-0x0000000010018000-memory.dmpFilesize
96KB
-
memory/6064-1493-0x0000000000400000-0x00000000005AB000-memory.dmpFilesize
1.7MB
-
memory/6064-1492-0x0000000000400000-0x00000000005AB000-memory.dmpFilesize
1.7MB
-
memory/6064-1490-0x0000000004880000-0x000000000488F000-memory.dmpFilesize
60KB