Analysis

  • max time kernel
    1797s
  • max time network
    1796s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-07-2024 13:02

General

  • Target

    http://youtube.com

Score
10/10

Malware Config

Extracted

Family

crimsonrat

C2

185.136.161.124

Signatures

  • CrimsonRAT main payload 1 IoCs
  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

  • Executes dropped EXE 3 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Program crash 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 33 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7e7b46f8,0x7ffb7e7b4708,0x7ffb7e7b4718
      2⤵
        PID:5008
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        2⤵
          PID:1356
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3000
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
          2⤵
            PID:1088
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:5116
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
              2⤵
                PID:4400
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                2⤵
                  PID:4440
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                  2⤵
                    PID:2708
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5272 /prefetch:8
                    2⤵
                      PID:3712
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 /prefetch:8
                      2⤵
                        PID:4904
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
                        2⤵
                          PID:644
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:216
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
                          2⤵
                            PID:4380
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                            2⤵
                              PID:1784
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
                              2⤵
                                PID:644
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                                2⤵
                                  PID:4992
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                                  2⤵
                                    PID:1904
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
                                    2⤵
                                      PID:1112
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
                                      2⤵
                                        PID:2316
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5828 /prefetch:8
                                        2⤵
                                        • Modifies registry class
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3644
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
                                        2⤵
                                          PID:3256
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
                                          2⤵
                                            PID:5076
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
                                            2⤵
                                              PID:4620
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
                                              2⤵
                                                PID:2232
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2584 /prefetch:8
                                                2⤵
                                                  PID:2320
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1468 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1332
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,14586243876677359047,7887881561406546227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 /prefetch:8
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4876
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:644
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:1712
                                                  • C:\Windows\system32\AUDIODG.EXE
                                                    C:\Windows\system32\AUDIODG.EXE 0x470 0x504
                                                    1⤵
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:2964
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:1988
                                                    • C:\Windows\System32\rundll32.exe
                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                      1⤵
                                                        PID:5084
                                                      • C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe
                                                        "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe"
                                                        1⤵
                                                          PID:2616
                                                          • C:\ProgramData\Hdlharas\dlrarhsiva.exe
                                                            "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:2024
                                                        • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe
                                                          "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe"
                                                          1⤵
                                                            PID:4144
                                                            • C:\ProgramData\Hdlharas\dlrarhsiva.exe
                                                              "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:1160
                                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe
                                                            "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe"
                                                            1⤵
                                                              PID:4568
                                                              • C:\ProgramData\Hdlharas\dlrarhsiva.exe
                                                                "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                PID:4612
                                                            • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe
                                                              "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"
                                                              1⤵
                                                                PID:180
                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 180 -s 1560
                                                                  2⤵
                                                                  • Program crash
                                                                  PID:5104
                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 180 -ip 180
                                                                1⤵
                                                                  PID:1140
                                                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe
                                                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"
                                                                  1⤵
                                                                    PID:4848
                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 1528
                                                                      2⤵
                                                                      • Program crash
                                                                      PID:116
                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4848 -ip 4848
                                                                    1⤵
                                                                      PID:3444
                                                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe
                                                                      "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe"
                                                                      1⤵
                                                                        PID:4296
                                                                      • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\WindowsUpdate.exe
                                                                        "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\WindowsUpdate.exe"
                                                                        1⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious use of SendNotifyMessage
                                                                        PID:2444
                                                                      • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\rickroll.exe
                                                                        "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\rickroll.exe"
                                                                        1⤵
                                                                          PID:3880
                                                                        • C:\Windows\system32\NOTEPAD.EXE
                                                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Browser Hijackers\BabylonToolbar.txt
                                                                          1⤵
                                                                            PID:1948
                                                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe
                                                                            "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
                                                                            1⤵
                                                                              PID:4012
                                                                            • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\CookieClickerHack.exe
                                                                              "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\CookieClickerHack.exe"
                                                                              1⤵
                                                                                PID:4940
                                                                              • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Curfun.exe
                                                                                "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Curfun.exe"
                                                                                1⤵
                                                                                  PID:972
                                                                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ChilledWindows.exe
                                                                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ChilledWindows.exe"
                                                                                  1⤵
                                                                                  • Enumerates connected drives
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:2008
                                                                                • C:\Windows\system32\AUDIODG.EXE
                                                                                  C:\Windows\system32\AUDIODG.EXE 0x470 0x504
                                                                                  1⤵
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:3156
                                                                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Hydra.exe
                                                                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Hydra.exe"
                                                                                  1⤵
                                                                                    PID:2980
                                                                                  • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Flasher.exe
                                                                                    "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Flasher.exe"
                                                                                    1⤵
                                                                                      PID:2536

                                                                                    Network

                                                                                    MITRE ATT&CK Enterprise v15

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\ProgramData\Hdlharas\dlrarhsiva.exe

                                                                                      Filesize

                                                                                      9.1MB

                                                                                      MD5

                                                                                      64261d5f3b07671f15b7f10f2f78da3f

                                                                                      SHA1

                                                                                      d4f978177394024bb4d0e5b6b972a5f72f830181

                                                                                      SHA256

                                                                                      87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

                                                                                      SHA512

                                                                                      3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

                                                                                    • C:\ProgramData\Hdlharas\mdkhm.zip

                                                                                      Filesize

                                                                                      56KB

                                                                                      MD5

                                                                                      b635f6f767e485c7e17833411d567712

                                                                                      SHA1

                                                                                      5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

                                                                                      SHA256

                                                                                      6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

                                                                                      SHA512

                                                                                      551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\CrimsonRAT.exe.log

                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      2d2a235f1b0f4b608c5910673735494b

                                                                                      SHA1

                                                                                      23a63f6529bfdf917886ab8347092238db0423a0

                                                                                      SHA256

                                                                                      c897436c82fda9abf08b29fe05c42f4e59900116bbaf8bfd5b85ef3c97ab7884

                                                                                      SHA512

                                                                                      10684245497f1a115142d49b85000075eb36f360b59a0501e2f352c9f1d767c447c6c44c53a3fb3699402a15a8017bdbd2edd72d8599fdd4772e9e7cb67f3086

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                      Filesize

                                                                                      152B

                                                                                      MD5

                                                                                      75c9f57baeefeecd6c184627de951c1e

                                                                                      SHA1

                                                                                      52e0468e13cbfc9f15fc62cc27ce14367a996cff

                                                                                      SHA256

                                                                                      648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

                                                                                      SHA512

                                                                                      c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                      Filesize

                                                                                      152B

                                                                                      MD5

                                                                                      10fa19df148444a77ceec60cabd2ce21

                                                                                      SHA1

                                                                                      685b599c497668166ede4945d8885d204fd8d70f

                                                                                      SHA256

                                                                                      c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

                                                                                      SHA512

                                                                                      3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                      Filesize

                                                                                      226KB

                                                                                      MD5

                                                                                      0ae4c56464f58fe912493510c3236af8

                                                                                      SHA1

                                                                                      473d41c11ad75d984280e46f990e1e13b5d80ee8

                                                                                      SHA256

                                                                                      30cb0a52f7003bdda2d89effe9f51b651c999f8a125155f1f776381d65183a57

                                                                                      SHA512

                                                                                      5ad2f139c3d9f106d795414e7b085d10d13589298d58267c5b899aee3e538a885d5cb5a955a5946894633e709efa9e5b3476299aaaf99f2cb9383a2aec58d2d8

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                                                                      Filesize

                                                                                      19KB

                                                                                      MD5

                                                                                      0fadb81cd19768045e1748cde783d989

                                                                                      SHA1

                                                                                      0f73cdfea02ed437a0cd0cea7c9801e870dccf6c

                                                                                      SHA256

                                                                                      ddee237d978f3bc9423eacd4b50d64ba0b931cd66c728caee66b7741d23dc567

                                                                                      SHA512

                                                                                      c9b55f0448e8574da12cf9e9050eb721d87a42c705ebf35586f6a7764565734b6cf43def419867ab9fa460ea5ce2666f3fea871637684364c13b99f86b84eb59

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

                                                                                      Filesize

                                                                                      47KB

                                                                                      MD5

                                                                                      8022856cf695b8e2b0d1152c58b87253

                                                                                      SHA1

                                                                                      059204afc0ae40aebdbb652ef6d08ac3df9e9a0c

                                                                                      SHA256

                                                                                      2cfc89d052c9928ec0459b4c2d2a53cb48a87441072a60d30c624c9d4a833ba6

                                                                                      SHA512

                                                                                      8015ca969f2e9941cfc9356ffa03083ce186d602f0c3bd188563676fb3a9d901584b33d22e7625eb620308f2d3d426e283861862abdd984bc0dafc4461a66998

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      87770974291caeeb0bdb84ede0847445

                                                                                      SHA1

                                                                                      7df601cc9fecede9c1935ca9d2d613f0487e112e

                                                                                      SHA256

                                                                                      2965f9bab587ae755aae79c871ee71e92896d84c59acff25d5ab226adc380596

                                                                                      SHA512

                                                                                      e7fa1fe58f3ca1b9df2d9763074f359141915ca098994618f76d64b3dba0aa9e819e2e0da4f54063f684cde58a5031c9304d8918372189f99aa4ea14f90e23c6

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      64e54522d2585c098a4223fe853dd6ff

                                                                                      SHA1

                                                                                      4baa4ada40f5153f34336711726d7adfba3b2aba

                                                                                      SHA256

                                                                                      3b88a9a2a03972ec7d74a71a79f641f68292ea8ac5baadcff8e69e6c0d52d781

                                                                                      SHA512

                                                                                      c359f68431521b035bcb9c5240dd96d7f276ac1d15d35bed8539b4bb5435899afd3ebd1e27284a588d0bca81edaaa123342514f05df948c76e64b8dd833db119

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      6KB

                                                                                      MD5

                                                                                      9522ac2a2727fea84b1da2aad4b5cddf

                                                                                      SHA1

                                                                                      afd743aa2857e5169f9b93b6f74da62ed04de276

                                                                                      SHA256

                                                                                      b2f23e1322f0ddadafb8f340c6e52438f0b7e3be6d8d564372761f32e8fa4621

                                                                                      SHA512

                                                                                      d53a678e3145d7baa11570df01022a28b84a24580435ca4bc56ca0d9cad5f0eb04a90c750c6f21ad585b2def5d57944e4a5ca672f2673aceddeae3180735bb29

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      6KB

                                                                                      MD5

                                                                                      2e38e9540b2563755b9ed30f6f3da0d6

                                                                                      SHA1

                                                                                      090436e6321322d10de84bfec0686821f5044def

                                                                                      SHA256

                                                                                      14c0639a552c28f4578db66d63042cbfaf7d8e68ef1dcb5ec34ef68f20a8710d

                                                                                      SHA512

                                                                                      fa9556554266f56eba6b2d1679ed91fc1895c24aabd60027a71be49f65b0bdbcffb7b0403a3889f7ab227e637aa4a16887d3b9c026344efb05556174edd3a38b

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      192d1cab8f373c01cbbcff01b5103a4b

                                                                                      SHA1

                                                                                      beae5146b211880cd55115a26988920aefe926b9

                                                                                      SHA256

                                                                                      15a2611c9859f923b16739b3832d1566c520d2a6601cf59649b044616c0afce7

                                                                                      SHA512

                                                                                      6381417f71516f53dead67252482b17b048b3cbcdde42802547fc0773ec3f03f6d1407c7d2862c0855e0131285f481314d18509a7dae15d43c2fec002566afb2

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      8KB

                                                                                      MD5

                                                                                      db60ea2666328eb8ee645a6ef1cfecb3

                                                                                      SHA1

                                                                                      ad1c0f96764782e34c9023bfa556a4533bce9163

                                                                                      SHA256

                                                                                      ade2ca412c7aa79ccecde2904567462b7655728aa5741c0cefdc7f7bd9f8eebd

                                                                                      SHA512

                                                                                      e94b02784bc48469632b7e86fdbffa4e8c059dd5b2b6ef97ed6bf118eafdb81ee3f90894c785ebfa9006331d88a4bce6a75e7615c2c5292da589f051f068a56b

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      8KB

                                                                                      MD5

                                                                                      5b3b6662b5615ee88dea61e8cd578534

                                                                                      SHA1

                                                                                      a4ff9fce7fc171e166105220cb2418eab46c5fa8

                                                                                      SHA256

                                                                                      adc5c35e62a822e63164bb7bd5ef7d68252cb838f81acdec4e1a9247c1d4b381

                                                                                      SHA512

                                                                                      6bae24b7d98f4eb367d7dd0aab615acc629c4a2dc4764bbcf36545ee4c1db04574eba7ce70b00a32e58602c11eab13b7b7c1b9f81e2aac3e3643e6cd2471ba73

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      8KB

                                                                                      MD5

                                                                                      5a636c17ef176b36039af3ded5dc040c

                                                                                      SHA1

                                                                                      65e9159afe22bd93f3166d8c46f8117c81fbe68e

                                                                                      SHA256

                                                                                      1d7d4bb88a7569dd714d61f701d67b9c539982c5af7cbe63df596c0ce1c23ab3

                                                                                      SHA512

                                                                                      a66e917e390e727f0e1ccef6fb38a2f9f57750a444114cb871fd66adaad2f0f5e44b5bacae2df11401484c81cc66e87f27cb8b8503e3ee1af5e158ccd471c856

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\21217d9a-8778-440b-993e-70e19cc67356\index-dir\the-real-index

                                                                                      Filesize

                                                                                      624B

                                                                                      MD5

                                                                                      e42d8c33a17d14292041ceddc51d5ddf

                                                                                      SHA1

                                                                                      6d218b68d711275901e39abde3c2f0e2a91b5d6d

                                                                                      SHA256

                                                                                      0d05b30082e77b681a2265a14bec90df0682e1f7e839cbaef4c18f9417dae9a5

                                                                                      SHA512

                                                                                      acfe23a4b3df1cd980eced02a2b46f8c492c948ff9b60f581426eddbedac316dcd7e68de741885263a7c2bc3ebff9eb7415130ff3e69d0dc55d86569911d804e

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\21217d9a-8778-440b-993e-70e19cc67356\index-dir\the-real-index~RFe580981.TMP

                                                                                      Filesize

                                                                                      48B

                                                                                      MD5

                                                                                      471fbb8f357605be7fcc796b69a66fd4

                                                                                      SHA1

                                                                                      e8772e3e1c37ea37ad7abeaea10cc98b0d450a12

                                                                                      SHA256

                                                                                      cb4535a6e282b77e291e3f5b4e5981ff6788b45a1f199dab425be392db6d0127

                                                                                      SHA512

                                                                                      a1db2288def03c978015c89d12f9a047c079a9a5e33f4213ca41eb719f26fc0ba8a78a0981c8182f747fd479cd21ccfe3a5dd9934ac370a7188383ae69e88afc

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5e5d776d-1ba5-4f1d-80b5-ad923ca2a3dd\index

                                                                                      Filesize

                                                                                      24B

                                                                                      MD5

                                                                                      54cb446f628b2ea4a5bce5769910512e

                                                                                      SHA1

                                                                                      c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                                                      SHA256

                                                                                      fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                                                      SHA512

                                                                                      8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\964de01f-153f-4edb-a2b6-10731c68dfa8\index-dir\the-real-index

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      1a186530ab69bdc27d1b2ed883f845ff

                                                                                      SHA1

                                                                                      9b036e949e02cd57d12e148367d5547ad8dafc4c

                                                                                      SHA256

                                                                                      47f5fbf16a95a827add2f96ff0d25597b8911826ced17e5958d9f18cf255b03d

                                                                                      SHA512

                                                                                      58567c1140a6ee94800a73ac0882ea5881b32accf1bd5e052798f6d2d82841ef800266a9369f84ae68561e3ee54b2783c232ec584988acf1853db3a453e44204

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\964de01f-153f-4edb-a2b6-10731c68dfa8\index-dir\the-real-index~RFe57af2c.TMP

                                                                                      Filesize

                                                                                      48B

                                                                                      MD5

                                                                                      7d244430706bb52f68c1597a3d27d83c

                                                                                      SHA1

                                                                                      786adf46068b84106dd1c30866760df8df8ddb09

                                                                                      SHA256

                                                                                      825965a234632b3796d1f83f18bc3311d40b6619caf1570492c9de01ca855769

                                                                                      SHA512

                                                                                      940c0bc9d480a787853a4c2dca2ffa655879a76da1530a36d466bb2788ff5f3034f1618f43cf4474d5694f1e30c53c03c497cfb9ef7688bf031437c690386686

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                      Filesize

                                                                                      89B

                                                                                      MD5

                                                                                      4bcf11b0c312d3b4887ae7059f5d0281

                                                                                      SHA1

                                                                                      ee30c77b8d47e6ca10106dbb1c14230a77205f43

                                                                                      SHA256

                                                                                      a190aa71561590657084305a71f56e08ba62f8acb932b3f8ce8eb528177d73a3

                                                                                      SHA512

                                                                                      fb39f3f381ee6067e9874cf1347c6d6cc0d5fd1e4b0e347ad2a005cb3f04220a4768a71106ddf5b8d5973ab678444aaf54e7e6b2bb9c2c1fb8dcc166d7c2b2ab

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                      Filesize

                                                                                      148B

                                                                                      MD5

                                                                                      6cc8ecaf99dc1d3247d7b95c5e411350

                                                                                      SHA1

                                                                                      eab0aba9eebee2c7778a5e56cb0814b52beb5f6a

                                                                                      SHA256

                                                                                      d742a1955606f302de3113974d479c3d15f5520e0484440838731b2aadd0a003

                                                                                      SHA512

                                                                                      b9310d6cacf272a52d3aae68b38a21fd2654c63dc81d0d93a150cffdb65b364dd4dfb6b9e773e1c7302e59b66d93662afcdd170cec8e46249168f85bd3f27950

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                      Filesize

                                                                                      157B

                                                                                      MD5

                                                                                      9375ba246be270ce025f05e32343c651

                                                                                      SHA1

                                                                                      738d16ce8305dddd5b24c567e8dec0ac7fe90336

                                                                                      SHA256

                                                                                      539d8918acf1a56b20515a9a778a28d882121dddd2c3b3ad68bf444a31aea326

                                                                                      SHA512

                                                                                      75b4d14655a608428ccc7b99cfa79fc0cda4ee54110129d8a52b932b4b4952da83fbc0709fb03bbe82c1269aa254e6041e590b3dc14950c9d3d35f3b154ad9a0

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                      Filesize

                                                                                      82B

                                                                                      MD5

                                                                                      8027c7f67ba4a75b0c0526fd11d99a55

                                                                                      SHA1

                                                                                      67e9dcd93f77f882df835153bf422a4d98133696

                                                                                      SHA256

                                                                                      69a32d5734536e4f24d2f2bbde1e76120059da3eeb4dc7c12cef8427a40a1639

                                                                                      SHA512

                                                                                      4d9d40d6698505099973e4380bb9b1de2eb21b1e2c7bfab84a531122405ebf05f37bd3e9374c9e77a58c3a65d5c32e8a160b81ac31659a950baf62c08e668a06

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                      Filesize

                                                                                      146B

                                                                                      MD5

                                                                                      a3c9ec8f83268aa852a79a0cc43d0d23

                                                                                      SHA1

                                                                                      2c365c804bf09220ca5cdec30efcded6d9f8dde8

                                                                                      SHA256

                                                                                      da3673291e3c66b9ebf74de1e337bd7fea798cf718df32e24733b3241969309a

                                                                                      SHA512

                                                                                      d88cfd11b3a170a9644d81cf89c45c0c745b683c835db1c0530176159f00473be853ad389d726026477521a75e641f4bd6e9bcaa87ee7e6ca8d60eeddfcf05f8

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                      Filesize

                                                                                      153B

                                                                                      MD5

                                                                                      698245df05b3e3d2a2c76210ab330402

                                                                                      SHA1

                                                                                      306817dca07643e937ac45567551a4726596e217

                                                                                      SHA256

                                                                                      3c37e249d2588c3d64bb943f67ac30fb190699d80d98fd895c67b0e864790502

                                                                                      SHA512

                                                                                      b3834eaeb4ebff6296cdeae7cbd576dfc05cbaec727006ef6ec4b301492bf7e1bb123e54dd84dcb687bdcacbf2480d16360c70238b08e26e0db4cacf64f1602f

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                      Filesize

                                                                                      84B

                                                                                      MD5

                                                                                      31a4da99701bd9d78884e72c99928bc9

                                                                                      SHA1

                                                                                      f11b692c1905744b66fcb136eba03b8016c18aab

                                                                                      SHA256

                                                                                      d2a63f05126ed342bd95bb3f43b2d102b501d8b2aa470e3cd058492ff12794d2

                                                                                      SHA512

                                                                                      68583a4d3cacaf0a9c15ac84efdc9fb540bd5a0c5b3b1156e8c55bb614c856ec518859eed1594152ced2b2c72b990860668abad225f04a759b92298fc587ad73

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                                                      Filesize

                                                                                      16B

                                                                                      MD5

                                                                                      46295cac801e5d4857d09837238a6394

                                                                                      SHA1

                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                      SHA256

                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                      SHA512

                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                      Filesize

                                                                                      96B

                                                                                      MD5

                                                                                      7c87bf931cdb5adb73021174c472711b

                                                                                      SHA1

                                                                                      9d1d692650101b2e03a07fe9b737557881bca8f4

                                                                                      SHA256

                                                                                      5739725d0a1b7fdd2d4cffb8d85dd6f4da2c65412048a5908b1a930bf8fed203

                                                                                      SHA512

                                                                                      e459217c8f7d04acd9bfdfb784e0541fc4d7950e73ce9b96d0c9238267a6d5fb5a262296656df730f012fc71580cc52371ab2161e3cfa1b613502e3d80d5f47e

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5801c0.TMP

                                                                                      Filesize

                                                                                      48B

                                                                                      MD5

                                                                                      0971c03e7a3faab22b9d1bb3d563cb57

                                                                                      SHA1

                                                                                      a4e4133807d1bf0274a87392bd54d721a907ba09

                                                                                      SHA256

                                                                                      7e034c9b4d146cdd5f42b99a0c0491585a6e1ad0c51d4aac463c7404a494e5d9

                                                                                      SHA512

                                                                                      79a20c5564bae0fc3f61f0c8d7ebe327bbc1c5a0098fe712f4dcb92e8bc2e497b283e91ffcccd33690b972705f4475dd61c69a033c52727af0849a6f33180e88

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      535f22627b9af873324f020faa94e9d8

                                                                                      SHA1

                                                                                      d2118ccfaa006a8a21b589f4d10db30f201c601b

                                                                                      SHA256

                                                                                      e6af9a58aff5f1cb3d85fc327a51ae365aa471c9350124d4ea3aca19a00bdacf

                                                                                      SHA512

                                                                                      b4788efcd3811c2a5dc2616d03e2d845ef4a823530a8024afea013fd12ab9b51e3269d8f08a7ad4e9041f777ff43c0b07e2354061516c951e96cbc06c40157e5

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      d43b592bc3c9d0a46a7bffa236568cb8

                                                                                      SHA1

                                                                                      421d6d38cbac9901dd4e5aa163e39fd37537e128

                                                                                      SHA256

                                                                                      50b7622f448f6238c229f8e6d9db3cf1c032381f523b3c4cf711721e2cf7b267

                                                                                      SHA512

                                                                                      000b4726f72a7143d421588f936d84658619a06f0e894059d812dcc9e9624b15ff91fb9dadfab906ae8957159f6fb78b1a15ca67af7ab4265bb825133eb1d8e1

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                      Filesize

                                                                                      704B

                                                                                      MD5

                                                                                      a64f341ea27b135aa72c277c9f6501ae

                                                                                      SHA1

                                                                                      82d65b55f9d8acac37989ca825d1d93c2cb6b7e1

                                                                                      SHA256

                                                                                      e7f6459db6c9c1b573e191098f621f12302d6a1f71012a3ef2f045bb42a0add8

                                                                                      SHA512

                                                                                      be1570de81ee1b2271835c5cd2fd83c9fb6e9c6cb7c0b4ad11ebade8a2090ca8a3da00d837c7c941e3b1c448d2c0972ce1f5ee6876107fc289bac4342150fc8b

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      f694d8697539935f73608d63b3616663

                                                                                      SHA1

                                                                                      4ff85de125b7a9911bb343266c1aca4b52dba589

                                                                                      SHA256

                                                                                      f82271b1d42f7a0b19c05413b3e94b8476859b744167880b7799f2708d06e832

                                                                                      SHA512

                                                                                      9eb94e16eb716a8381cff3f0efe618452fe231a095414f34ca4b78467c5aa41942ebd9cddd0c3173575a29dd8b832de9c5c3b477c07e7e69b718c9882eae0262

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      b7d6d47f866c126ad4b5e88cba7ddee5

                                                                                      SHA1

                                                                                      9cbfa1831843fb24bcc0ff9c0aabbbbd424ac5c0

                                                                                      SHA256

                                                                                      7f0dcd8bbc2159c95f9f95240d1a5b5bbf1ccdd9f176a7c33e2769115511e042

                                                                                      SHA512

                                                                                      dba35d289a9557e2a8c9f354840ede12db2b73f8e41916597f77458e636e817b45822a433a3455a62968850d9dd761245e0dd0781366de21875c1914a6be85fa

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e2ce.TMP

                                                                                      Filesize

                                                                                      706B

                                                                                      MD5

                                                                                      54788f2ae431037769b1c0dd07bab571

                                                                                      SHA1

                                                                                      f0390d5ba6768d6c11300c5540b39c8a994cac65

                                                                                      SHA256

                                                                                      85891c71265d74bc67b30aa70fc266f52124c007642a99b90e924e376779df49

                                                                                      SHA512

                                                                                      4d3c77034d99c1742660da0e0f7c4b5c38d55c23a334d62d4adbd3bb30ec3af3eb4636b07a771934939e2a8850ef106abfcfd3db3a12b5e358777f60d702adf1

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                      Filesize

                                                                                      16B

                                                                                      MD5

                                                                                      6752a1d65b201c13b62ea44016eb221f

                                                                                      SHA1

                                                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                      SHA256

                                                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                      SHA512

                                                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                      Filesize

                                                                                      11KB

                                                                                      MD5

                                                                                      67d1c6e78125e8a341bf2c616c709b46

                                                                                      SHA1

                                                                                      b5fdec9c4aa32e36cafcde306550639b2180fcc7

                                                                                      SHA256

                                                                                      b07368a1a2462a3870a4d0e7dddb40b330b32fdac58d8c09cffa01b3bdb3ae64

                                                                                      SHA512

                                                                                      c6352c69981c40c172e9a688da711136941748fd6d1632046a98110c51e8b23712d4317110c8ead55d4c903e56b816b951e0ba0a6083ba8bc3d75f3c5f824134

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                      Filesize

                                                                                      12KB

                                                                                      MD5

                                                                                      8ca9259ae092d77d7dfbf7778655a0c8

                                                                                      SHA1

                                                                                      fb18e6cb8653a9d7a7aa5ddabd58f2f133a22bbc

                                                                                      SHA256

                                                                                      90a1b05d1619be67432187b9c7d1bed946b70e0508e166802cf944dcdf493c3a

                                                                                      SHA512

                                                                                      ca71f92524363e4f1040799ef8520925a680adc741acadd88a1ef0bd5ea7afb5a3a80caba33b7fca80f8f6b5533f34ce1088ba93fd986923e9f5cf0e0f8197a6

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                      Filesize

                                                                                      12KB

                                                                                      MD5

                                                                                      95f76faeb27b28bea168d01312309df2

                                                                                      SHA1

                                                                                      1b17b7e2b2164563f392773c8744205126a61769

                                                                                      SHA256

                                                                                      2787d4f043b65eb6e9e626842241f0ab9a76a4bf08e188df01114c90bdcce35a

                                                                                      SHA512

                                                                                      f81d17e173cf2a636981cb2b8df0f67b0b82191f6b3a3cd15366eb7002c207131e009f4d5af04485ce7dae58e6d4c9a4d727593e348e8ec4bd37ac2b490b0be3

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

                                                                                      Filesize

                                                                                      896KB

                                                                                      MD5

                                                                                      fbc47e6c4d30aa07b0a909e03e78668f

                                                                                      SHA1

                                                                                      2cabdf19ddc27ec11c738f5b4c3c50ac8af124a6

                                                                                      SHA256

                                                                                      eef7545020aee33169c43bf59e4da1a30e9dec8c564ac4a8e2e8793547b879af

                                                                                      SHA512

                                                                                      70775ed7f6d19295a7fbb08c41bdcfbebe31eef018d298f2445aaeb4012abecc2126d53cb5d7f95c17219aa5109e4fe6e8fb075d3ba56066758e55374bf27b9c

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

                                                                                      Filesize

                                                                                      9KB

                                                                                      MD5

                                                                                      7050d5ae8acfbe560fa11073fef8185d

                                                                                      SHA1

                                                                                      5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                      SHA256

                                                                                      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                      SHA512

                                                                                      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\chilledwindows.mp4

                                                                                      Filesize

                                                                                      3.6MB

                                                                                      MD5

                                                                                      698ddcaec1edcf1245807627884edf9c

                                                                                      SHA1

                                                                                      c7fcbeaa2aadffaf807c096c51fb14c47003ac20

                                                                                      SHA256

                                                                                      cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

                                                                                      SHA512

                                                                                      a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

                                                                                    • memory/180-1058-0x00000000009F0000-0x0000000000A62000-memory.dmp

                                                                                      Filesize

                                                                                      456KB

                                                                                    • memory/180-1064-0x0000000005600000-0x000000000560A000-memory.dmp

                                                                                      Filesize

                                                                                      40KB

                                                                                    • memory/180-1062-0x0000000005320000-0x000000000532A000-memory.dmp

                                                                                      Filesize

                                                                                      40KB

                                                                                    • memory/180-1061-0x00000000053E0000-0x0000000005472000-memory.dmp

                                                                                      Filesize

                                                                                      584KB

                                                                                    • memory/180-1060-0x0000000005990000-0x0000000005F34000-memory.dmp

                                                                                      Filesize

                                                                                      5.6MB

                                                                                    • memory/180-1063-0x0000000005620000-0x0000000005676000-memory.dmp

                                                                                      Filesize

                                                                                      344KB

                                                                                    • memory/180-1059-0x0000000005340000-0x00000000053DC000-memory.dmp

                                                                                      Filesize

                                                                                      624KB

                                                                                    • memory/972-1194-0x0000000000400000-0x0000000000464000-memory.dmp

                                                                                      Filesize

                                                                                      400KB

                                                                                    • memory/2008-1172-0x00000000218E0000-0x0000000021918000-memory.dmp

                                                                                      Filesize

                                                                                      224KB

                                                                                    • memory/2008-1171-0x000000001C2C0000-0x000000001C2C8000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/2008-1159-0x0000000000A00000-0x0000000000E64000-memory.dmp

                                                                                      Filesize

                                                                                      4.4MB

                                                                                    • memory/2008-1173-0x00000000218A0000-0x00000000218AE000-memory.dmp

                                                                                      Filesize

                                                                                      56KB

                                                                                    • memory/2024-1050-0x0000020F9EE90000-0x0000020F9F7A4000-memory.dmp

                                                                                      Filesize

                                                                                      9.1MB

                                                                                    • memory/2444-1152-0x0000000000400000-0x00000000006BC000-memory.dmp

                                                                                      Filesize

                                                                                      2.7MB

                                                                                    • memory/2444-1096-0x0000000000400000-0x00000000006BC000-memory.dmp

                                                                                      Filesize

                                                                                      2.7MB

                                                                                    • memory/2444-1094-0x0000000000400000-0x00000000006BC000-memory.dmp

                                                                                      Filesize

                                                                                      2.7MB

                                                                                    • memory/2616-1018-0x000002537ECA0000-0x000002537ECBE000-memory.dmp

                                                                                      Filesize

                                                                                      120KB

                                                                                    • memory/2980-1243-0x0000000000440000-0x0000000000450000-memory.dmp

                                                                                      Filesize

                                                                                      64KB

                                                                                    • memory/3880-1098-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                      Filesize

                                                                                      136KB

                                                                                    • memory/4296-1095-0x0000000000400000-0x00000000004A6000-memory.dmp

                                                                                      Filesize

                                                                                      664KB

                                                                                    • memory/4940-1132-0x000000001C8F0000-0x000000001C93C000-memory.dmp

                                                                                      Filesize

                                                                                      304KB

                                                                                    • memory/4940-1131-0x000000001BB80000-0x000000001BB88000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/4940-1130-0x000000001C690000-0x000000001C72C000-memory.dmp

                                                                                      Filesize

                                                                                      624KB

                                                                                    • memory/4940-1129-0x000000001C0C0000-0x000000001C58E000-memory.dmp

                                                                                      Filesize

                                                                                      4.8MB

                                                                                    • memory/4940-1128-0x000000001BAD0000-0x000000001BB76000-memory.dmp

                                                                                      Filesize

                                                                                      664KB