Resubmissions
25-05-2024 12:09
240525-pbs64saa42 623-05-2024 14:41
240523-r2rgbaef5t 823-05-2024 13:11
240523-qe56hscc21 1023-05-2024 13:11
240523-qe3qdscd66 123-05-2024 13:03
240523-qat8fsbh47 1Analysis
-
max time kernel
816s -
max time network
790s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
13-05-2024 12:47
General
-
Target
https://youtube.com
Malware Config
Extracted
darkcomet
hack1
95.29.239.221:1604
DC_MUTEX-DQ4JKWR
-
InstallPath
Skype
-
gencode
Y8R2Ckhqgq7k
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
SkypeApp
Signatures
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
ModiLoader Second Stage 4 IoCs
-
Sets file to hidden 1 TTPs 2 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
ASPack v2.12-2.42 1 IoCs
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 3 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 48 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 33 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe6c446f8,0x7ffbe6c44708,0x7ffbe6c447182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5392 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5208 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3428 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3908 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,18290902352239813889,1901166733865398075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x460 0x40c1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap11708:108:7zEvent173131⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\WinLocker-Builder--master\WinLockerBuilder v1.4.exe"C:\Users\Admin\Desktop\WinLocker-Builder--master\WinLockerBuilder v1.4.exe"1⤵
- Modifies WinLogon for persistence
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\Desktop\WinLocker-Builder--master\WinLockerBuilder v1.4.exe" +s +h2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Desktop\WinLocker-Builder--master\WinLockerBuilder v1.4.exe" +s +h3⤵
- Sets file to hidden
- Views/modifies file attributes
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\Desktop\WinLocker-Builder--master" +s +h2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Desktop\WinLocker-Builder--master" +s +h3⤵
- Sets file to hidden
- Views/modifies file attributes
-
C:\Users\Admin\AppData\Local\Temp\WINLOCKER BUILDER V1.4.EXE"C:\Users\Admin\AppData\Local\Temp\WINLOCKER BUILDER V1.4.EXE"2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Users\Admin\Desktop\123.exe"C:\Users\Admin\Desktop\123.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\explorer.exeexplorer.exe1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Modify Registry
2Hide Artifacts
2Hidden Files and Directories
2Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD56d57650e65a3327e257fbb1a3a3539f3
SHA15bec61174385620b2daf78e2d71f313e7558c9c6
SHA256fea6e6853f8dfff89f13dae5e89eac2984d25a09d0a4ddb4af68827c8ff93885
SHA5123d13f79ae8a5e1aee690b3277fe46e8b10de29b69e032c7304669937fecc82e7511cc0a762915562f7d16a2d21a25044ac5a5348494c7babd6de0ebb476f8841
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD55179df42be430d75fd81ac7492447cca
SHA1cd73d7c439cb74a63fcdec8163e033e9534e2fba
SHA256e0bb3ceb2e9f0cc41193a260b143f7fda753e0b8a9ccc0aea81726665af9d47e
SHA512943e158f5fb8ac38246b83f37ec55c4e0962ee55b05c409e81d9be1339826092c24558fb5094e0067762805183be56368b2e001bf1b7525ca673b3ff5141df4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
456B
MD5ca8d6d038421a999d7d13c90fef7766b
SHA13f827143fd3e2f34d145c2fb2b64252d8834da9e
SHA25668fb23ae2dc21c6880717a292275b165ffab8b0a53cd81f8b4403d7220fc6b48
SHA512f3bc46c89fcb43b64bb98f11510246207d0e7e634f7608e0b999cfc979c8824f4e23e1d5ac9c89ca8f89be1eece67788291933e362f71c05ea992583be7c8de4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD595947f80cdc18d0ad3205fa5d72baae8
SHA1ecb9649fea172158a4f26eb5299cc1645ff5e8ee
SHA256f71a0cd5eac00e459200fd2a5a82529fef401eeeecb4296eeeb881e810ba74bf
SHA512b77854c508a8ec8ac6e51cb448e7c23f7dd3cb9bb8653ae95444033e4eeb2d4334526ad4e0e3b74e956ad8549be8327de3a9d0a76aed52c01281bec754816c3d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5aaeceee2fe07ad5e9d0fabf6fdfbcb4d
SHA113bf83253baf10c6f00503d77d999e2ba6e0f298
SHA256bfccd4d152ef37e597ccf5542ed6794d4836705a766980e8d25519bceeee782b
SHA512f98dc902a0228d8a2a7c5336b5857b381d05b72751afff079369665e3542833b9a9b1d3d2576ce5e196cf43eebaf5ae2c096e0fda2603414fcef6a237ef610b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5defa2d7cb34f65f0f0a0df22cce90e4e
SHA1086b7deccf55781b11b58a144a5002aa4ef559c4
SHA2563c99d454ccd1a2869317db2b99a4a8b199b32897b690c0c07b38b16edb270e1f
SHA512e69a439f8267251e086443eedca19bd3515f759fd43cdfd49fc4d4c83ad1f94102413de2307eab66de57b38c96e425ada9ab016b4990a3c9c3897a3b095dfc95
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5ee4d57e598d1b010d71b412a3d95fb56
SHA12e19b4980c53065dc10d84e72864be165ec7b334
SHA2564dc6099e7118651d164a3992cc3e03f74075808e5e1b74b55a6e70cc2e8e13e0
SHA512fb784fa7c205cb6987a0f74f5f6efa06f9db7134929f0b7cee2cf1c6a0eff095703d67462993d19a845561a58895f05f70fa4e3865c3ded17c411b020ce86826
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD59259d2982fc420346fe6ab52bc9e68b1
SHA19b52e060397c4ac3b735e99ea053acd9f145bcd9
SHA2560f2e7b093af0db1f48c06da04c1a8314c52105a825dafa8d7569898a1697319d
SHA512b6ec3537b5ad078c740a6c528013e19f21f1747cc0177f9230fb63b3d2fc788968279de5686576a08f9fc550e724604ee464f458872edb495ecf7b9738bcc36c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5015ff3064d2dcce5d4279e1eb8381583
SHA10285b4f58dfc0983b880350ad7939086b662e130
SHA2566c951e165f8a85cd21d6e9faeead8f163fea466b4facdae2ad63fd82c697b3a0
SHA512158fa1479c9e44e335957b249598018148cafffd167bc6c155a9121dc525a7403d71e2faecc0cfbb9cf7d39a657ef529b450642ef642fe2576f94857518d7416
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5a466fce4375e50c05d3f17c38a82d1de
SHA12d6f0d29706260e67f7bf4795b19d8fce005b495
SHA256401adfd6e7c004ff4fb4bc11d558760f166005d00a48da6a2f2ba830cb4a3df1
SHA512d0d20c5e0b99000ddd4e42d354123cba61dd13bcf42fd1b9885a863b7b8dbbd814ca422a0a50e84a3b3ab5794e7058813673a272a918a6ee58206c2fe2f6e988
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5a9bc0c078f724eab89062d63359c24dd
SHA1b52fe9dd1fc67f9e07d3486a9004a27b4964c3d6
SHA2568557c9ac60725dab323f89c64a6a39fca1d1324a597479c3ebc3b9c4c5918517
SHA51277c611e14125c7f9b0510ddc98ce8deba975be7e78f6811a2584f032bb37afa5a4886e785b4030dbb46f1c9e3f5a3ebf098165b53156e3ebdbcca08d0855a436
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD52b09ae3c168097c7dee0372f26f427b2
SHA1e82d573565b3d3b034781f031a6995fa77bf3c61
SHA256821e75d50327cb70b459438cfd8405eec514245e7e180fe714ab523f90d440d9
SHA512ed168ae9d0bf4d8d4446c70b87fb314ee9f33b331f046380d85542142d68df85d0cab811c4b9f83c20a091a70a5db0b213654e1bd1d1bfd53e00ab2703c94b5b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD50cac8673c5328a34178883f25444d6ec
SHA10660b273b09db3fb296545e37cfca11c3a161998
SHA25691ed97686c159813606aca74ba1300a17e4413c6a86537c9db9b042d4badd0f3
SHA5123a9b7a7f8db2ef2ecd78bd6090d9c763ca7a61a36d2f8b0049938f99fd6bfb0369c417c928ae1801c012ee0d8060af0c17d8b38c90fbcd3ba1d38aaa79041c34
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5387c59768259b42c537a3fd20c6a8019
SHA1b0fe07a7e64a39eab8d79a6bf0ac1610e6c110d0
SHA2563f8ba0966ab269cc1f1a7725febe942f4ee9b524cebb9a0527238d8f4b689909
SHA512f056ff60e2d65979c02f8e26cdbe381443fad5fe3944c25d45fc572eb1e463531d9ffc5666cbfc04bc02ca04496dc6a749256141983a0e87ca424f8ad8440625
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\22cceed8-494d-414d-83c5-44c6b0031543\index-dir\the-real-indexFilesize
2KB
MD52998b32564bc29542a0c48ff06a0f86c
SHA11382a23a1d328228d99f53f3eef517e4cc57288e
SHA2569b7ca85a85d133f270c74dae3a792b1c531455da57aa9548d94f870867d8843b
SHA51246ad05b11866072dbf069af7f530a9be2681786b361bbd01e03802202389c29e8fc36bfc81d52f0c5cee6ab71a96be153008dd3936c0b1b41152b8870cdb7cfc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\22cceed8-494d-414d-83c5-44c6b0031543\index-dir\the-real-index~RFe57d87e.TMPFilesize
48B
MD506836a334b015b23e2fdfc0b28818689
SHA146a759c21f53c1ed83721405ed11ad632318d610
SHA256ef08328c31ce17af0d98f5c9c28dcc3b2649875fd717c90e08106d7b74283fa9
SHA512d454ddaf8f58e177ca5a17d92c69a567067bbf3c9e0ff1992d8b8d1dcc3b14da8acf9e874a080593f8caa37ab7558074b44e459c2421fc6d5c523209fa1ac876
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
89B
MD52773a51818206834bbab2c5e86054ad6
SHA12fc2dfdd68863aee9675910a319cdfe35d34e8ec
SHA25691e2a6d637f41c778ba15a54b6609bfb4d8d5f9d57827936b8b35ff1a973d34c
SHA51258660809890d85d66bc93b360395accae501f1fe538100176c85cb657aeac79c1939f1610e0d1d1bdb47ae1146c79ff8c02a2d7070f6e53b66555518382b003e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
146B
MD5040d8b2b1473db1beb32698636957ad0
SHA13d1306871640779220dbbb8798f0a46239008209
SHA256a639f8cc43ad59b23601da5caf070243bba45ac2d7f2fa65a38055c3c62de2a4
SHA512b7645d47655740f15005760802ec29b61f2ef50cf1347a24e7152f907786c3b27e4f2aee6694a266a4a7f8cb8ea55e731e2d00b5c5d8617f53d308f8af5108a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
84B
MD5856309a57516c7cce219af01e18198d9
SHA14f0fb00bf588d9860ee2c9b617a3550724687017
SHA2569fb26a9c6ec327c52a62ff7546e8190504faca61ab0d3a65c15f44601ab86b49
SHA512e5cc64fd7bf1209f7cdde49a9652a59cd619881ba7aaac580b6e7925622e7d245039a5823a5659fb92cd4f297826a9a38d9b4daed81f7338be552678c90a19b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
82B
MD50171e6683982eb368a71df662f81b049
SHA11e2e99020287a54b8836cbf119d353ddfb8c70fd
SHA256ef0b26ee7f572e7abc83ccc248c0f36deee9e7e8f12ebd7ec21adb5e36496795
SHA5126d7442ccf8e07f085a54032a8f6efb8c5eb8dbff87b194b1ef40e26b7bbd072198582acbfb921db5f95f75a68196e730f1349e30a11a0aac82b9a24c91ed8219
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
48B
MD57f547a3042d1eaf6362251376a6a5ace
SHA1c0361dc9bfb06b50e8c8b8e7dea062cfc96befcb
SHA25620657ac51b1c8491503c471702bbad669e16e276a6be3510da5e6b8e46a17f04
SHA512f0bbebf8c0530ee89eab3275bde8622dbe05d78b0143386ccb1532934af3ebb0a86583774329cdab5b9656540e6e955926b3bc98a49ca97f265bcd3ed0633e21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD5fb97819f4fd5c005477f2ded4fc103ac
SHA1b4f24680862ad22053753c2af2105957db5e56dd
SHA25634f200274c0bb453bbfca62b170708274ab05e7cb12213adebd0b13fe49c0a7f
SHA5124ad75fcfb5be08ad7fc55a4688f2543a0813b1b5c928ac4272fa32d5bc68729c02d581d9d02594881edacf0261842934f0e770439dc684422a21078b54b68558
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d2f0.TMPFilesize
72B
MD59c4b550b87df5313198bc68da415af0b
SHA195695da66841c12c2637d91e5313abbf9d6d43c1
SHA256141fc57ae775cdb8e66f51d2ad915bde60e27832a9b5bb36368a06914e70e82f
SHA512f003628c0828a7c52cb484245ffd9cdbd8807132179a0a6dba31b835a7213be1132b6ec097fb5fc66da22296c1f409a6367ba38952192a82c904ab9d360f3aa2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5be5fb024cdbca00eae4722282857ec18
SHA158d28748a448e6d3e72ceb157acbe87aa33542d5
SHA256992819ab04890c8be0d430d28baa70e9fb29a686e926b95418f2d393eddbb3ef
SHA512cf2fa131bf515357149723e34d5f52f064d067cfaff492b9e9493e48f235d3efc9e1e3c876ba20b705abd96932e5e23ec2ad1623326f05ef09de9d775d7cff1a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD51538bb1b3badd83c52b7a36dc9644303
SHA1d374185ad6a1cadd38cc1ce410d67eacccec87f0
SHA256ad7f7dc74ae2d2df16efae7287214914b5ac9b28b13b1107909c181bdc808c83
SHA512ffc4f9d8599f7314357c03a2d90211b22573adebdd993ef6a20a5ab55b2fa153606b86470612c5cfcb67c51d0ada55098f6f37d93a98988c66655977f8f63f74
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5c37c834de3f99b7c63fe55eea086fc43
SHA1f724d3a109a7013471dae7cc906732616e771d7c
SHA25669f99b0e29a24a5935a73ea2a5afd5fa083270fe122cbc42f53a7f1114fa355c
SHA5129b36bf58db3fc98ab156a1749f5d00a0b7f776c4c3d8bd6484247042505ec94a065ee8cd3f6e947f00b503a3032a067ee9ae9ca4a4b0d290a514f58a54ffbf34
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD59337fd306a6b17ce0bdaba63f2c5de9e
SHA1f051b378b15de5d3966d1c1f47f850ef7d2a4170
SHA256f243c7b9f30a19af490c43c84eb20b961f99fae15578fb87daa7e13cac0e3639
SHA5128a1cff189ffc6cdf6a4534ff0bc2251877c58a82cf4b8079e8f922624354ca3ea3ff7da9428c686cddab430fc3f63d51e41c0e6d64b6c71c92d8cb9fdedd6844
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5411e8931d390f40eb802fa04650ce9f6
SHA15092c0a72c531f69b1ab7c6dc4b4f09d1a9f3ad1
SHA256a3542804c02bd04c32ad00cac8a6ed61441d085c4821a58f3ddde772e9ab7ef8
SHA5127f98b17cc2e78e4bfe2fc696d2eaae47c96f796a4cb9ef8d19837bfff65075b025043773d3547f1779412aa12564ff3027aaeadb3377d2110046498a59e26b90
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d4f2c.TMPFilesize
706B
MD5aa8f1661426ee890723ff637854a7010
SHA17b45a01542f70c2b81881b1eaded35ee26fccb36
SHA256a852924099723554d7cd5318fdb7e6b0ddd69b4991dcfa5d92fa315d5acf417c
SHA51226ebaac2fb025f588861a8e2f1feefa1dcd078d0896c216d87bba9ae700fcc11db11e5dfa1fb15494f924909bac3f2cabfc8419d9d09419511e30f022c220b1a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD55fa081d9a4800cbc33b1d0689b5758ab
SHA18610e53aebb5a20573b7ea92eb2d1feaadf09c10
SHA25640cc810aa31f56d49e1e698e216d6f4392672434efb0c574688dde8081363a90
SHA512f5a76882ea1842d49e7062c66451db57b26b4790975388a276de4e2a53ffe1dd555942b76e48ec219e350516f4e599c2023751a8e5d34f8bec9fc160e90b6292
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5a974cb15785121dafa4cb37e23fd7635
SHA154977ca21cec0e5121db7fd9065be355da0b764c
SHA2561cfec81f5ed3dded202a67ede352709fa9d4712f30e1c069b35c7aed06763aa2
SHA512eb1725689717b0a59e6279833ac9b9a79f1513cfbc2da096d6d8a41f9f8931f9d290e566761250bba9a5ed21ff4c34d1bb6c4dd1df60a724a93cb65640a23737
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5a68153093186eb58b4db7abf520c9d06
SHA10987f71d57374fa1a5ffc7c35d2763cc839d6092
SHA256b849834ebc38b93c0b85ce9382d46facb188923344ff9346f24434da287e58c9
SHA512432a8ec90e5783131938ab4d6850c2c6bc5b9740b3d7682cd6f6ef7d991369d1adb24b4677b468ccc52c40a2729733e19082c3248cd81b16295b42b33c40b310
-
C:\Users\Admin\AppData\Local\Temp\WINLOCKER BUILDER V1.4.EXEFilesize
699KB
MD581dd862410af80c9d2717af912778332
SHA18f1df476f58441db5973ccfdc211c8680808ffe1
SHA25660e76eda46185d1d2e9463d15e31d4c87eb03535d368cc3471c55992bc99ad5f
SHA5128dd014b91fb1e2122d2e4da444db78dd551513c500d447bb1e94ceb7f2f8d45223a8a706e2156102f8c8850d2bb02ae6b8ea0c9282abd7baaa2c84130112af15
-
C:\Users\Admin\Desktop\123.exeFilesize
382KB
MD597eb6f7ec0586fe37b82dbe2f522da35
SHA17b9995845a89aec0a6eabe7e9eeb446abe8e5d58
SHA256f738afbd4c316267d35e2f4d7b818139a55d8ef6b636c3bf736f1672cb4c8ea1
SHA512888850fe4ea693a5168d6c0f2ab638862dc1a09a1e25f1de8cbfb373753cad982f2461826f5fa54144ba04ff6ed2c19c5850d70a3a2edc3bbb2024cf42710c49
-
C:\Users\Admin\Desktop\RCXF491.tmpFilesize
387KB
MD5048a83f8d6f626179c92df89407a8037
SHA1635f0187aa78e45be4c929feab9c80c5f04333d8
SHA256202cb1864d650c382d3cb9b493b6ea485e2ea8c91b9c2434400836e800575520
SHA512913da842da023b9b590f812fc221e04dfa031e074586b656b8404be778835cdb2fc4e0bd46a8b06323423042a220b118b6add5094747fc8ab50bb41378fd09a1
-
C:\Users\Admin\Desktop\WinLocker-Builder--master\WinLockerBuilder v1.4.exeFilesize
973KB
MD53ecdaf2b83adcf4a81b71581d4b4b579
SHA136c08e0a7ee29249229c53c222a4ead1736d02e9
SHA25653ddd00dcf6a8034f9a84ed478dfe3a9a6c55636cebadb392fd3b314dea6d092
SHA512ce994c3bce800fc3a12fa929879ebfb513985f38512a5d55b8eecb3e4e95cdd28434c78421fde6b07f582f1de2fffad868f670f18502d5b3f7c5df43c5729857
-
C:\Users\Admin\Downloads\WinLockerBuilder-v1.4-main.zipFilesize
957KB
MD54c6097c187916fff55befee86074f80d
SHA176defaa4d14503581e849a3ac50e627f79b52130
SHA256061d30c16aba6550a5cc2a5e4778e9dc88fc35a403b5a4357982bbe9967f0789
SHA5124c478257d44ea10f9378cb1cc4aacef0836cc6cdd9005b012f8b131095494b9629630eb53c48f4b9a82a8d8f4f453075bb41b059ee216f6f4b249fb983ba2999
-
\??\pipe\LOCAL\crashpad_1192_JRJOOSXMSFKFUCUMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3332-323-0x000001BEC0D80000-0x000001BEC0D81000-memory.dmpFilesize
4KB
-
memory/3332-324-0x000001BEC0D80000-0x000001BEC0D81000-memory.dmpFilesize
4KB
-
memory/3332-329-0x000001BEC0D80000-0x000001BEC0D81000-memory.dmpFilesize
4KB
-
memory/3332-319-0x000001BEC0D80000-0x000001BEC0D81000-memory.dmpFilesize
4KB
-
memory/3332-318-0x000001BEC0D80000-0x000001BEC0D81000-memory.dmpFilesize
4KB
-
memory/3332-327-0x000001BEC0D80000-0x000001BEC0D81000-memory.dmpFilesize
4KB
-
memory/3332-328-0x000001BEC0D80000-0x000001BEC0D81000-memory.dmpFilesize
4KB
-
memory/3332-317-0x000001BEC0D80000-0x000001BEC0D81000-memory.dmpFilesize
4KB
-
memory/3332-325-0x000001BEC0D80000-0x000001BEC0D81000-memory.dmpFilesize
4KB
-
memory/3332-326-0x000001BEC0D80000-0x000001BEC0D81000-memory.dmpFilesize
4KB
-
memory/4016-857-0x0000000000400000-0x0000000000567000-memory.dmpFilesize
1.4MB
-
memory/4016-840-0x0000000000400000-0x0000000000567000-memory.dmpFilesize
1.4MB
-
memory/4236-883-0x0000000000400000-0x0000000000466000-memory.dmpFilesize
408KB
-
memory/4472-856-0x0000000000400000-0x0000000000545000-memory.dmpFilesize
1.3MB
-
memory/4472-880-0x0000000000400000-0x0000000000545000-memory.dmpFilesize
1.3MB