Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows10-2004-x64

10

Resubmissions

06-09-2024 10:00

240906-l1pcnszelk 3

06-09-2024 09:45

240906-lq8zbszamr 10

06-09-2024 09:39

240906-lm22lszbmb 10

06-09-2024 09:39

240906-lmxrwsygrq 3

Analysis

  • max time kernel
    220s
  • max time network
    205s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    06-09-2024 09:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
10/10
adwaredefense_evasiondiscoveryevasionmacropersistenceprivilege_escalationstealerupxxlm

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies firewall policy service 3 TTPs 16 IoCs
    evasion
  • Modifies security service 2 TTPs 11 IoCs
    evasion
  • Adds policy Run key to start application 2 TTPs 6 IoCs
    persistence
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 26 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Boot or Logon Autostart Execution: Port Monitors 1 TTPs 13 IoCs

    Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.

    persistence
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 47 IoCs
    persistence
  • Manipulates Digital Signatures 1 TTPs 64 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

    macroxlm
  • Boot or Logon Autostart Execution: Print Processors 1 TTPs 2 IoCs

    Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    persistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 12 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs
    defense_evasion
  • Modifies system executable filetype association 2 TTPs 54 IoCs
    persistence
  • UPX packed file 22 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Indicator Removal: Clear Persistence 1 TTPs 47 IoCs

    remove IFEO.

    defense_evasion
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Maps connected drives based on registry 3 TTPs 3 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Modifies WinLogon 2 TTPs 13 IoCs
    persistence
  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 28 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Detects application with GUI, possible interaction required
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 11 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 62 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 14 IoCs
    evasion

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:996
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe383646f8,0x7ffe38364708,0x7ffe38364718
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      PID:3092
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
      2⤵
        PID:2192
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2740
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
        2⤵
          PID:4404
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
          2⤵
            PID:2552
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
            2⤵
              PID:3544
            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
              2⤵
                PID:3524
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2788
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5684 /prefetch:8
                2⤵
                  PID:2536
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
                  2⤵
                    PID:3524
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
                    2⤵
                      PID:4408
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
                      2⤵
                        PID:2012
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                        2⤵
                          PID:2488
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                          2⤵
                            PID:2876
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
                            2⤵
                              PID:5736
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5952
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7052 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5340
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2820 /prefetch:2
                              2⤵
                                PID:1588
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2949791131673196891,14589263173671372184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4060 /prefetch:2
                                2⤵
                                  PID:1316
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2916
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1240
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:3752
                                    • C:\Program Files\7-Zip\7zG.exe
                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap27911:108:7zEvent30355
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:6096
                                    • C:\Program Files\7-Zip\7zG.exe
                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap6715:108:7zEvent23545
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4224
                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Nople.exe
                                      "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Nople.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:2968
                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Netres.a.exe
                                      "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Netres.a.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:5500
                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Mantas.exe
                                      "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Mantas.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • Adds Run key to start application
                                      • Drops file in System32 directory
                                      • Drops file in Program Files directory
                                      • System Location Discovery: System Language Discovery
                                      PID:2840
                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Heap41A.exe
                                      "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Heap41A.exe"
                                      1⤵
                                      • Checks computer location settings
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:5968
                                      • C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe
                                        "C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe" MicrosoftPowerPoint\install.txt
                                        2⤵
                                        • Adds policy Run key to start application
                                        • Executes dropped EXE
                                        • Drops autorun.inf file
                                        • System Location Discovery: System Language Discovery
                                        PID:4888
                                        • C:\heap41a\svchost.exe
                                          C:\heap41a\svchost.exe C:\heap41a\std.txt
                                          3⤵
                                          • Executes dropped EXE
                                          • System Location Discovery: System Language Discovery
                                          PID:2128
                                          • C:\heap41a\svchost.exe
                                            C:\heap41a\svchost.exe C:\heap41a\script1.txt
                                            4⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            PID:6108
                                          • C:\heap41a\svchost.exe
                                            C:\heap41a\svchost.exe C:\heap41a\reproduce.txt
                                            4⤵
                                            • Adds policy Run key to start application
                                            • Executes dropped EXE
                                            • Enumerates connected drives
                                            • System Location Discovery: System Language Discovery
                                            • System policy modification
                                            PID:1884
                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Fagot.a.exe
                                      "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Fagot.a.exe"
                                      1⤵
                                      • Adds autorun key to be loaded by Explorer.exe on startup
                                      • Modifies WinLogon for persistence
                                      • Modifies firewall policy service
                                      • Modifies security service
                                      • Adds policy Run key to start application
                                      • Boot or Logon Autostart Execution: Active Setup
                                      • Boot or Logon Autostart Execution: Port Monitors
                                      • Event Triggered Execution: Image File Execution Options Injection
                                      • Manipulates Digital Signatures
                                      • Boot or Logon Autostart Execution: Print Processors
                                      • Executes dropped EXE
                                      • Impair Defenses: Safe Mode Boot
                                      • Modifies system executable filetype association
                                      • Adds Run key to start application
                                      • Indicator Removal: Clear Persistence
                                      • Installs/modifies Browser Helper Object
                                      • Maps connected drives based on registry
                                      • Modifies WinLogon
                                      • Drops file in System32 directory
                                      • Drops file in Windows directory
                                      • Event Triggered Execution: Netsh Helper DLL
                                      • System Location Discovery: System Language Discovery
                                      • Checks SCSI registry key(s)
                                      • Checks processor information in registry
                                      • Enumerates system info in registry
                                      • Modifies Internet Explorer settings
                                      • Modifies Internet Explorer start page
                                      • Modifies registry class
                                      • Modifies system certificate store
                                      • Suspicious behavior: EnumeratesProcesses
                                      • System policy modification
                                      PID:1460
                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Bumerang.exe
                                      "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Bumerang.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • Drops file in System32 directory
                                      • System Location Discovery: System Language Discovery
                                      PID:1660
                                      • C:\Windows\SysWOW64\ddraw32.dll
                                        C:\Windows\system32\ddraw32.dll
                                        2⤵
                                        • Executes dropped EXE
                                        PID:1840
                                        • C:\Windows\SysWOW64\WerFault.exe
                                          C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 324
                                          3⤵
                                          • Program crash
                                          PID:1100
                                      • C:\Windows\SysWOW64\ddraw32.dll
                                        C:\Windows\system32\ddraw32.dll :C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Worm\Bumerang.exe
                                        2⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:4276
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1840 -ip 1840
                                      1⤵
                                        PID:3024
                                      • C:\Windows\System32\smss.exe
                                        \SystemRoot\System32\smss.exe 000000e4 00000084
                                        1⤵
                                          PID:1588
                                        • C:\Windows\System32\smss.exe
                                          \SystemRoot\System32\smss.exe 0000012c 00000084
                                          1⤵
                                            PID:1316

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Reconnaissance

                                          Resource Development

                                          Initial Access

                                          Replication Through Removable Media

                                          1
                                          T1091

                                          Execution

                                          Persistence

                                          Boot or Logon Autostart Execution

                                          8
                                          T1547

                                          Active Setup

                                          1
                                          T1547.014

                                          Port Monitors

                                          1
                                          T1547.010

                                          Print Processors

                                          1
                                          T1547.012

                                          Registry Run Keys / Startup Folder

                                          3
                                          T1547.001

                                          Winlogon Helper DLL

                                          2
                                          T1547.004

                                          Browser Extensions

                                          1
                                          T1176

                                          Create or Modify System Process

                                          2
                                          T1543

                                          Windows Service

                                          2
                                          T1543.003

                                          Event Triggered Execution

                                          3
                                          T1546

                                          Change Default File Association

                                          1
                                          T1546.001

                                          Image File Execution Options Injection

                                          1
                                          T1546.012

                                          Netsh Helper DLL

                                          1
                                          T1546.007

                                          Privilege Escalation

                                          Boot or Logon Autostart Execution

                                          8
                                          T1547

                                          Active Setup

                                          1
                                          T1547.014

                                          Port Monitors

                                          1
                                          T1547.010

                                          Print Processors

                                          1
                                          T1547.012

                                          Registry Run Keys / Startup Folder

                                          3
                                          T1547.001

                                          Winlogon Helper DLL

                                          2
                                          T1547.004

                                          Create or Modify System Process

                                          2
                                          T1543

                                          Windows Service

                                          2
                                          T1543.003

                                          Event Triggered Execution

                                          3
                                          T1546

                                          Change Default File Association

                                          1
                                          T1546.001

                                          Image File Execution Options Injection

                                          1
                                          T1546.012

                                          Netsh Helper DLL

                                          1
                                          T1546.007

                                          Defense Evasion

                                          Impair Defenses

                                          2
                                          T1562

                                          Disable or Modify System Firewall

                                          1
                                          T1562.004

                                          Safe Mode Boot

                                          1
                                          T1562.009

                                          Indicator Removal

                                          1
                                          T1070

                                          Clear Persistence

                                          1
                                          T1070.009

                                          Modify Registry

                                          14
                                          T1112

                                          Subvert Trust Controls

                                          2
                                          T1553

                                          Install Root Certificate

                                          1
                                          T1553.004

                                          SIP and Trust Provider Hijacking

                                          1
                                          T1553.003

                                          Credential Access

                                          Discovery

                                          Browser Information Discovery

                                          1
                                          T1217

                                          Peripheral Device Discovery

                                          3
                                          T1120

                                          Query Registry

                                          7
                                          T1012

                                          System Information Discovery

                                          7
                                          T1082

                                          System Location Discovery

                                          1
                                          T1614

                                          System Language Discovery

                                          1
                                          T1614.001

                                          Lateral Movement

                                          Replication Through Removable Media

                                          1
                                          T1091

                                          Collection

                                          Command and Control

                                          Exfiltration

                                          Impact

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\07e99a77-d2f9-4b6a-a9d9-06a25be93601.dmp
                                            Filesize

                                            825KB

                                            MD5

                                            63c4772457731ffaf135318b9ffbc495

                                            SHA1

                                            e6fc464f85140c29b5261a3be3f5acfa3c8cdca4

                                            SHA256

                                            20679ca1ce0c6c0a72ccae1f351bab2c1e55b4c44509195d37349a0d9e35ec2d

                                            SHA512

                                            7e20a86e6e8fc03f4761e1854981f2a66b7d824af0f2c997d645331c073c6a03efa5321059bf74c936d7a7ddeadd90d8323691fc94bfd2a48a12ac098d6031e8

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            9b008261dda31857d68792b46af6dd6d

                                            SHA1

                                            e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

                                            SHA256

                                            9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

                                            SHA512

                                            78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            18fdb8553bb0632f1a471caefa110246

                                            SHA1

                                            d93de70549c1343e85a1e6f507a01489ac24f2c5

                                            SHA256

                                            d9490946cf2e0d59b49143e852f94639f3debf4ebf10b1cd111caca8dfc189b4

                                            SHA512

                                            42278efc108397ff8e169581b0e9ebf75efcf87d52c98c395fbadfd27c9f33fbdb4551dea2f96696042330dd291a724457d38ebf7afe0b7de86a1a10bd2f59e4

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            0446fcdd21b016db1f468971fb82a488

                                            SHA1

                                            726b91562bb75f80981f381e3c69d7d832c87c9d

                                            SHA256

                                            62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

                                            SHA512

                                            1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            2KB

                                            MD5

                                            13114adb8bad646b4ec43bd5275b7181

                                            SHA1

                                            18ac86d8d251ca91087e9de859f99eba7e907d2c

                                            SHA256

                                            2e5bfc0952a8337da07187f02c7f01e63ac100c0c27d85910bfb57373f2550c7

                                            SHA512

                                            fc8cbdc86530ad20068815809632378b93760c8da249db65bcd9b8cf5e727a8ed583057b4dc4d21a77394e08ef1a843405f81b0d09cf1cb499b0b53641519d2a

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            573B

                                            MD5

                                            0028a1a5c441a3cd5a60c34da771564f

                                            SHA1

                                            e15d27a8322b435564ebcd36467b997d0fa8ef32

                                            SHA256

                                            8dc36283781a25af9e2ae76d255ae311b2715396f710ff0e9850b0e64525759d

                                            SHA512

                                            e26efd2be3114e733acdc00fb54150790872b10c88a7c4d3a19a16383bf58897ad89f14b3255a984f836666b98bafc099d8988532d03acda0dee7a7a7da3f40e

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            8ce528119a6c845b1e2f5afe99a3495d

                                            SHA1

                                            627e67ade7cfa04e6061c54e6b7760d995cd7511

                                            SHA256

                                            495b3dd2219dec4c3454960e9d295caaa11d3f83f704b0074fe573aa55868b8b

                                            SHA512

                                            44eff3769ef1867b6481ef77f9ee46e16c5092679d3c42f3eae3c9668fb39ea5a430049579b765228c403ff1de38380b6f315afb7e6d7d178a8c52f75f817a5c

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            5KB

                                            MD5

                                            e19aeb21c6505401784a72619ece8e51

                                            SHA1

                                            2762552387ba483b69ee641a4f6f33d55378947b

                                            SHA256

                                            80fe627c25aeee48723f4e4c456d118290e6f115c0e7de4b58d9a9437a440e85

                                            SHA512

                                            53585699cefc6553a3e1de727aa23b3657448256eb0fb36c73e8ed56fc874fb845a7f2f2e934b210a12dc698e8f716c98df7edb604c4d72bb63bedca5ebd6575

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            eb60617d0bc0a9a5017e323017653219

                                            SHA1

                                            d29fe2fd685fbfae25e700bd485828eee2ed55c6

                                            SHA256

                                            f01231961564eabce4ad2fe72ec3048b7f899d5f8e6777baec68a3ccb2bee185

                                            SHA512

                                            b0429b45a8412edc1fa8526b47452992ebd06387addb83f4ef4f55050133b70979241fa04eeed84087753b577be67249a083583f1ea12e1de9af3ef05ded01e0

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                            Filesize

                                            1KB

                                            MD5

                                            1c3c6b42e34bd2634040df55b2b68650

                                            SHA1

                                            775f5bd517fdca67d20d15b10e44d7ff3dc866c5

                                            SHA256

                                            fe6afc0a8fc2334e3629387d07c307002300e9d965b3d4a3f54e36aad1359529

                                            SHA512

                                            5ac665a28b0f4bdf8a93bb5bcf1d88ba522eba287874446c760c7df9a9bc310a8ad9d1e763a50f633ad92f2dcbe7675ee6bb296316302829b3a27206e586fd48

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                            Filesize

                                            1KB

                                            MD5

                                            08b51e7d228cff92c5d8dd53f61234b2

                                            SHA1

                                            8ed24b09902aa0dbdbc30e21796a38d43733c019

                                            SHA256

                                            f53fb68c8f2af913dc7e0688d1a3c746fb3d8a0a663ad79306ce1183fee2fb8f

                                            SHA512

                                            d7b42000ba57f25836d8bd977b5bc7a0dc8c36d310556c6aed60ed1eb79c9ca6a659c686cd7e854ead37dae684351b1815126f73693725a25b717b110a8aef22

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e4a3.TMP
                                            Filesize

                                            1KB

                                            MD5

                                            ef6d397aa05250730869d3cfa1aaf2d0

                                            SHA1

                                            c4ffc54299c67e192e7f4dfb13194d7ad69b9f26

                                            SHA256

                                            a407149ab3237e984942226808db5667d19de8185eacdd481edf50be942b54ef

                                            SHA512

                                            afd9fb5177924019935db321067d34af55e7baa0fe470a012088f68907cf568da3177b9c73d71793a2b5406c4a270fa3c04900e194297a1b1e06120fafbeaf77

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            206702161f94c5cd39fadd03f4014d98

                                            SHA1

                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                            SHA256

                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                            SHA512

                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            46295cac801e5d4857d09837238a6394

                                            SHA1

                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                            SHA256

                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                            SHA512

                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            10KB

                                            MD5

                                            a72ff730f304572a69f9771af35b0c91

                                            SHA1

                                            3580465cca35580374c0f3ba23dc48d36558e335

                                            SHA256

                                            045b8bacd52efa12bf4516b96a8b2fac11a68ca4747c445d45441e8a67144ece

                                            SHA512

                                            eca4fd7d462ff69d912c325ec450b580ac0d75b9c28b1ce2beee13865f3c89ba6b9b4642a3282e6ce30868dd809be5f1514693200f87503df11d940db7b77b79

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            11KB

                                            MD5

                                            ea758030ef3c68867be4af3cb50db829

                                            SHA1

                                            011d35a06eb18edc2d1269fba8a114beabbbe69f

                                            SHA256

                                            a998b69607c66c9b29055720e061d6c108a8921997ee57a4e963aa6ec68d8d63

                                            SHA512

                                            ed8dc8de3477687300973df03842dcdf91db46058b488139e747e6935063bf1e280bc3e55a41beff000b3979638cffa0ab7ee72cd8998dd363cceac67a9cb2f4

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            10KB

                                            MD5

                                            de33e5f25085e272b9d90dba8796114a

                                            SHA1

                                            71ae7a5cad9452986a4983504233cad1955fc10d

                                            SHA256

                                            4f268c439ea671866005b99878bd461b13b7ca2b109717c9154b1c59dee7f4f2

                                            SHA512

                                            039f5f73637016f01e1b93e5d696d80ecf75b43e904ac1ce709dcf110b0ad0a91a69177d76cdecf4f3179d1b3fb44a9d029136248965021173d249bc6f4f83f3

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                            Filesize

                                            264KB

                                            MD5

                                            11cbce754ca62c48bb64a6eb638b4c7a

                                            SHA1

                                            3560230c21a3c680f47719e113c1db2e06ec6263

                                            SHA256

                                            af3d2503bdac4b969de57a59f7cd68391a3217d3da80da28a7c07ab692a3eef1

                                            SHA512

                                            f04ca72868355c6ee6d95eae7368f7d98230832ace3a8fc43f1df62971dff8801315b906d331796114550d1c7ab061de12279066f5c4123d275e82be2f04bad9

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe
                                            Filesize

                                            233KB

                                            MD5

                                            155e389a330dd7d7e1b274b8e46cdda7

                                            SHA1

                                            6445697a6db02e1a0e76efe69a3c87959ce2a0d8

                                            SHA256

                                            6390a4374f8d00c8dd4247e271137b2fa6259e0678b7b8bd29ce957058fd8f05

                                            SHA512

                                            df8d78cf27e4a384371f755e6d0d7333c736067aeeb619e44cbc5d88381bdcbc09a9b8eeb8aafb764fc1aaf39680e387b3bca73021c6af5452c0b2e03f0e8091

                                            Download Submit

                                          • C:\Users\Admin\Documents\sweet.jpg
                                            Filesize

                                            23KB

                                            MD5

                                            58b1840b979ae31f23aa8eb3594d5c17

                                            SHA1

                                            6b28b8e047cee70c7fa42715c552ea13a5671bbb

                                            SHA256

                                            b2bb460aa299c6064e7fc947bff314e0f915c6ee6f8f700007129e3b6a314f47

                                            SHA512

                                            13548e5900bddc6797d573fcca24cec1f1eefa0662e9d07c4055a3899460f4e135e1c76197b57a49b452e61e201cb86d1960f3e8b00828a2d0031dc9aa78666a

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe
                                            Filesize

                                            2.7MB

                                            MD5

                                            48d8f7bbb500af66baa765279ce58045

                                            SHA1

                                            2cdb5fdeee4e9c7bd2e5f744150521963487eb71

                                            SHA256

                                            db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

                                            SHA512

                                            aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Banking-Malware\Dridex\Dridex.JhiSharp.dll.9d75ff0e9447ceb89c90cca24a1dbec1_
                                            Filesize

                                            148KB

                                            MD5

                                            9d75ff0e9447ceb89c90cca24a1dbec1

                                            SHA1

                                            ebae1054d69619e9e70c9b2e806edb9000d7feb9

                                            SHA256

                                            f2b33edb7efa853eb7f11cb8259243238e220fdc0bfc6987835ba1b12c4af1eb

                                            SHA512

                                            6df94dbe3681c1cb572d63e54a6753b3bae7075b86507f33f152795c6e61f1feac6742986d7c72a2834f28c85d0a1890bb31b5888b98b29754300dceb63e210d

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Banking-Malware\Dridex\DridexDroppedVBS.925da3a10f7dde802c8d87047b14fda6
                                            Filesize

                                            140KB

                                            MD5

                                            925da3a10f7dde802c8d87047b14fda6

                                            SHA1

                                            1fc59fbf692f690b9fe82cfafc9dcbd5aac31a68

                                            SHA256

                                            c94fe7b646b681ac85756b4ce7f85f4745a7b505f1a2215ba8b58375238bad10

                                            SHA512

                                            82588188de13f34cd751da7409f780c4fc5814da780fe8cad1fa73370414fb24b9822fc56f1f162d0db4a5c27159c225bc4d4fb061a87cb3c0d89b067353a478

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Banking-Malware\Dridex\DridexLoader.bin.exe.c26203af4b3e9c81a9e634178b603601
                                            Filesize

                                            212KB

                                            MD5

                                            c26203af4b3e9c81a9e634178b603601

                                            SHA1

                                            5e41cbc4d7a1afdf05f441086c2caf45a44bac9e

                                            SHA256

                                            7b8fc6e62ef39770587a056af9709cb38f052aad5d815f808346494b7a3d00c5

                                            SHA512

                                            bb5aeb995d7b9b2b532812be0da4644db5f3d22635c37d7154ba39691f3561da574597618e7359b9a45b3bb906ec0b8b0104cbc05689455c952e995759e188b6

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Banking-Malware\Dridex\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_
                                            Filesize

                                            132KB

                                            MD5

                                            dbf96ab40b728c12951d317642fbd9da

                                            SHA1

                                            38687e06f4f66a6a661b94aaf4e73d0012dfb8e3

                                            SHA256

                                            daab430bb5771eaa7af0fbd3417604e8af5f4693099a6393a4dc3b440863bced

                                            SHA512

                                            a49cc96651d01da5d6cbb833df36b7987eafb4f09cc9c516c10d0d812002d06ae8edee4e7256c84e300dc2eadad90f7bb37c797bccdee4bad16fcaf88277b381

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Banking-Malware\Dridex\Trojan.Dridex.A.6164228ed2cc0eceba9ce1828d87d827
                                            Filesize

                                            152KB

                                            MD5

                                            6164228ed2cc0eceba9ce1828d87d827

                                            SHA1

                                            cea5bc473c948a78ce565b6e195e6e25f029c0c6

                                            SHA256

                                            7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195

                                            SHA512

                                            b53ac27397ce5453fa008d1a2e98f9f66be7d7f08375b92c88007544c09ab844d6c8eeceb2221c988e0a0d6ffc2a8a290e49715e3062a74bcd2310d41bffcc37

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Banking-Malware\Dridex\Trojan.Dridex.A.97a26d9e3598fea2e1715c6c77b645c2
                                            Filesize

                                            628KB

                                            MD5

                                            97a26d9e3598fea2e1715c6c77b645c2

                                            SHA1

                                            c4bf3a00c9223201aa11178d0f0b53c761a551c4

                                            SHA256

                                            e5df93c0fedca105218296cbfc083bdc535ca99862f10d21a179213203d6794f

                                            SHA512

                                            acfec633714f72bd5c39f16f10e39e88b5c1cf0adab7154891a383912852f92d3415b0b2d874a8f8f3166879e63796a8ed25ee750c6e4be09a4dddd8c849920c

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Banking-Malware\Emotet.zip
                                            Filesize

                                            102KB

                                            MD5

                                            510f114800418d6b7bc60eebd1631730

                                            SHA1

                                            acb5bc4b83a7d383c161917d2de137fd6358aabd

                                            SHA256

                                            f62125428644746f081ca587ffa9449513dd786d793e83003c1f9607ca741c89

                                            SHA512

                                            6fe51c58a110599ea5d7f92b4b17bc2746876b4b5b504e73d339776f9dfa1c9154338d6793e8bf75b18f31eb677afd3e0c1bd33e40ac58e8520acbb39245af1a

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Banking-Malware\Zloader.xlsm
                                            Filesize

                                            93KB

                                            MD5

                                            b36a0543b28f4ad61d0f64b729b2511b

                                            SHA1

                                            bf62dc338b1dd50a3f7410371bc3f2206350ebea

                                            SHA256

                                            90c03a8ca35c33aad5e77488625598da6deeb08794e6efc9f1ddbe486df33e0c

                                            SHA512

                                            cf691e088f9852a3850ee458ef56406ead4aea539a46f8f90eb8e300bc06612a66dfa6c9dee8dcb801e7edf7fb4ed35226a5684f4164eaad073b9511189af037

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
                                            Filesize

                                            8.7MB

                                            MD5

                                            799c965e0a5a132ec2263d5fea0b0e1c

                                            SHA1

                                            a15c5a706122fabdef1989c893c72c6530fedcb4

                                            SHA256

                                            001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859

                                            SHA512

                                            6c481a855ee6f81dd388c8a4623e519bfbb9f496dada93672360f0a7476fb2b32fd261324156fd4729cef3cbe13f0a8b5862fe47b6db1860d0d67a77283b5ad8

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
                                            Filesize

                                            8.7MB

                                            MD5

                                            76fe4fdd628218f630ba50f91ceba852

                                            SHA1

                                            6e90f2fe619597115e5b8dd8b0d1fb0c8ad33fa4

                                            SHA256

                                            041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742

                                            SHA512

                                            7956505ae0d8479a92ddf97bb09a757566ef526934ee06b4273f0fc450e4da9204808ffa4f4674f4e6e313eb718a7c65f258ef8d23b9769b8aa12d47610d8011

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
                                            Filesize

                                            8.7MB

                                            MD5

                                            0263de27fd997a4904ee4a92f91ac733

                                            SHA1

                                            da090fd76b2d92320cf7e55666bb5bd8f50796c9

                                            SHA256

                                            0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732

                                            SHA512

                                            09ef02532eb7c3a968c1d04bf1f3aa9a4bf400f8485d3be596d7db3aed5f705fc1f85a1f6218397a70830ad747aa03c61b9c5b1cca24c2620cdbb3e5361db194

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
                                            Filesize

                                            8.6MB

                                            MD5

                                            ae747bc7fff9bc23f06635ef60ea0e8d

                                            SHA1

                                            64315e834f67905ed4e47f36155362a78ac23462

                                            SHA256

                                            103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046

                                            SHA512

                                            e24914a58565a43883c27ae4a41061e8edd3d5eef7b86c1c0e9910d9fbe0eef3e78ed49136ac0c9378311e99901b1847bcfd926aa9a3ea44149a7478480f82b2

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
                                            Filesize

                                            8.7MB

                                            MD5

                                            3a371a09bfcba3d545465339f1e1d481

                                            SHA1

                                            7f5712878929aab6a2ab297072a5a5f3d3c15a01

                                            SHA256

                                            2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86

                                            SHA512

                                            35efc5129316ea697f1f4591c37e70c74b643942cdb3cb1aac6a0f14f5d133da39c0c393439490bc059361e9feeacee3d4056f88700f56dfe1088ba0ab22613b

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
                                            Filesize

                                            8.6MB

                                            MD5

                                            819b0fdb2b9c8a440b734a7b72522f12

                                            SHA1

                                            f3aff7e1c44d21508eb60797211570c84a53597a

                                            SHA256

                                            30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01

                                            SHA512

                                            fee2c0dbbc91e2486e409e8b6a877c6ec500e6c7c0491d4c44d37006c30de79b95dd4640c7c8c8efcc920abccbdb659a590fde1e2526126279b7486778d08b5a

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
                                            Filesize

                                            8.7MB

                                            MD5

                                            8f0cb7af15afe40ed85f35e1b40b8f38

                                            SHA1

                                            525f97d6e7e3cbb611a1cf37e955c0656f4b3c06

                                            SHA256

                                            3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5

                                            SHA512

                                            bd9e97b4042d89e081eced5781149b0d8e28a6e9d35c2a449a21aee26765ed8eea560434ba5e9a897c4e4c89d7a2b8997e31ad4ac2202a940b8731a5f447170d

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
                                            Filesize

                                            8.7MB

                                            MD5

                                            682ac123d740321e6ba04d82e8cc4ed8

                                            SHA1

                                            088a8c8c2b7f9db92ec0ae39e1dc77c8707d3895

                                            SHA256

                                            453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619

                                            SHA512

                                            26ddc0a1b91337de2314465f82f3a02ec478f32708fa91b7cdf75fc235eda7b3cf7c495616145dc29fc081ac4398cab5aac0d42978ea694fa183518533fcf4ad

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
                                            Filesize

                                            8.7MB

                                            MD5

                                            97cfb3c26a12e13792f7d1741309d767

                                            SHA1

                                            a010f85cdda9f83cbc738eb1b41cd621f3d6018e

                                            SHA256

                                            5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59

                                            SHA512

                                            162028b9e93bb4718427304a96767880da7094c99ae6145e61a562f09dae0ce6726b2dfac95782990f50fa9bfc9f82b1aacb9e7b12442094137872fa8a3f3379

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
                                            Filesize

                                            8.7MB

                                            MD5

                                            3fe7b88a9ba6c5acee4faae760642b78

                                            SHA1

                                            bae245bc98c516604838c6ce5a233f066de44a50

                                            SHA256

                                            6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c

                                            SHA512

                                            02abc8d4fe280306a9ac6a25d28cf174a8d51a43d98b6837bc129701d8c0ab486eebaeef11062b58c455627d4de7c8782b3828aa02891fe439ca1ca617038f95

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
                                            Filesize

                                            8.7MB

                                            MD5

                                            d4e533f9c11b5cc9e755d94c1315553a

                                            SHA1

                                            9e15020cd2688b537bae18e5f291ee8cbe9a85e7

                                            SHA256

                                            7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6

                                            SHA512

                                            149226355b2e5c3fac403289b5e66bd4164a7aee76d8dc8f1d698c509db7a081bad9d4172cc950bb0e6e6909e0073d551dcde82cbeaaf61a9c1b02c9ba48fb38

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
                                            Filesize

                                            8.7MB

                                            MD5

                                            b2e0eede7b18253dccd0d44ebb5db85a

                                            SHA1

                                            ee5db9590090efd5549e1c17ec1ee956ef1ed3d1

                                            SHA256

                                            7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd

                                            SHA512

                                            5608fe7bde5072de7c98bacfe7beb928e6073be87c0fbccd8075c808d9a7c642abe254f6eb620d627f5324e35821fc9b41a31970264abcc472adfbe2c214a9fe

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
                                            Filesize

                                            8.7MB

                                            MD5

                                            100bff2f4ee4d88b005bb016daa04fe6

                                            SHA1

                                            36e5f8f70890601aa2adaffb203afd06516097f0

                                            SHA256

                                            90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5

                                            SHA512

                                            a1cb52bc6edaa7f8bb216d2a5f3deb0b8468c64b43931ef570c05e6a9872c63f00aff50d69686fdc2ea25d3d83da4bf9d78f5e6910643163570d0bd6279c6e16

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
                                            Filesize

                                            8.6MB

                                            MD5

                                            4842d5cc29c97aa611fba5ca07b060a5

                                            SHA1

                                            f93772038406f28fa4ca1cfb23349193562414b2

                                            SHA256

                                            9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948

                                            SHA512

                                            cf1cb3f0291f3e0c3b47ff3ee9074b624e2d9781f9637d14ede0628ebb4b8b0fe13e16583f6a933a3e20872ec084dc812237f021757efe2a6d527a0a1723b5c8

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
                                            Filesize

                                            8.7MB

                                            MD5

                                            c947363b50231882723bd6b07bc291ca

                                            SHA1

                                            7b9a425f09da9be5dda5facff18c5fd15eed253a

                                            SHA256

                                            985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86

                                            SHA512

                                            45f511f6fe78bba853789f85549c8ac591b7812e2fc969a13148bbd1112fa356f6a1ee88a22a907e7f62ef79a0d14d75681eecd2a17f027d105afd381f161184

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Botnets\FritzFrog\d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485
                                            Filesize

                                            8.7MB

                                            MD5

                                            aa55272ad8db954381a8eab889f087cf

                                            SHA1

                                            d7df26bf57530c0475247b0f3335e5d19d9cb30d

                                            SHA256

                                            d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485

                                            SHA512

                                            5590c039eb50708fe8fe417a5b5adf1d9019db0590dee119d0907bb588114bcbeb980c5ec7f3f77e85aefcbba76c1560e8b81069434ef5774ca60b1e28dbac20

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Browser Hijackers\BabylonToolbar.txt
                                            Filesize

                                            57B

                                            MD5

                                            2ab0eb54f6e9388131e13a53d2c2af6c

                                            SHA1

                                            f64663b25c9141b54fe4fad4ee39e148f6d7f50a

                                            SHA256

                                            d24eee3b220c71fced3227906b0feed755d2e2b39958dd8cd378123dde692426

                                            SHA512

                                            6b5048eeff122ae33194f3f6089418e3492118288038007d62cdd30a384c79874c0728a2098a29d8ce1a9f2b4ba5f9683b3f440f85196d50dc8bc1275a909260

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Amus.exe
                                            Filesize

                                            50KB

                                            MD5

                                            47abd68080eee0ea1b95ae31968a3069

                                            SHA1

                                            ffbdf4b2224b92bd78779a7c5ac366ccb007c14d

                                            SHA256

                                            b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec

                                            SHA512

                                            c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Anap.a.exe
                                            Filesize

                                            16KB

                                            MD5

                                            0231c3a7d92ead1bad77819d5bda939d

                                            SHA1

                                            683523ae4b60ac43d62cac5dad05fd8b5b8b8ae0

                                            SHA256

                                            da1798c0a49b991fbda674f02007b0a3be4703e2b07ee540539db7e5bf983278

                                            SHA512

                                            e34af2a1bd8f17ddc994671db37b29728e933e62eded7aff93ab0194a813103cad9dba522388f9f67ba839196fb6ed54ce87e1bebcfd98957feb40b726a7e0c6

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe
                                            Filesize

                                            11KB

                                            MD5

                                            0fbf8022619ba56c545b20d172bf3b87

                                            SHA1

                                            752e5ce51f0cf9192b8fa1d28a7663b46e3577ff

                                            SHA256

                                            4ae7d63ec497143c2acde1ba79f1d9eed80086a420b6f0a07b1e2917da0a6c74

                                            SHA512

                                            e8d44147609d04a1a158066d89b739c00b507c8ff208dac72fdc2a42702d336c057ae4b77c305f4ccdfe089665913098d84a3160a834aaebe41f95f4b4bfddeb

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Brontok.exe
                                            Filesize

                                            106KB

                                            MD5

                                            d7506150617460e34645025f1ca2c74b

                                            SHA1

                                            5e7d5daf73a72473795d591f831e8a2054947668

                                            SHA256

                                            941ebf1dc12321bbe430994a55f6e22a1b83cea2fa7d281484ea2dab06353112

                                            SHA512

                                            69e0bd07a8bdbfe066593cdd81acd530b3d12b21e637c1af511b8fee447831b8d822065c5a74a477fe6590962ceff8d64d83ae9c41efd930636921d4d6567f6f

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\BubbleBoy.html
                                            Filesize

                                            12KB

                                            MD5

                                            bb7b91d1685db89b58ac01a72921e632

                                            SHA1

                                            4a1dd457983a7f1bbc7943eb5fca3da6d93d4176

                                            SHA256

                                            940a563df059604ac0dc6a92a845da2f04236b86887208b89969b70c6781c3f8

                                            SHA512

                                            09e26d197b22a4553e2e87a9ee0957700766c2dcd11157b5b71744d67abfa30d71d45c7bf1081bf9337527e3b8aabde99b09bd2bd30aa302329ebf480078307e

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Bugsoft.exe
                                            Filesize

                                            32KB

                                            MD5

                                            70f549ae7fafc425a4c5447293f04fdb

                                            SHA1

                                            af4b0ed0e0212aced62d40b24ad6861dbfd67b61

                                            SHA256

                                            96425ae53a5517b9f47e30f6b41fdc883831039e1faba02fe28b2d5f3efcdc29

                                            SHA512

                                            3f83e9e6d5bc080fb5c797617078aff9bc66efcd2ffac091a97255911c64995a2d83b5e93296f7a57ff3713d92952b30a06fc38cd574c5fe58f008593040b7f0

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Duksten.exe
                                            Filesize

                                            9KB

                                            MD5

                                            900ebff3e658825f828ab95b30fad2e7

                                            SHA1

                                            7451f9aee3c4abc6ea6710dc83c3239a7c07173b

                                            SHA256

                                            caec6e664b3cff5717dd2efea8dcd8715abdcfe7f611456be7009771f22a8f50

                                            SHA512

                                            e325f3511722eee0658cfcf4ce30806279de322a22a89129a8883a630388ab326955923fa6228946440894bd2ef56d3e6dfda3973ea16cc6e463d058dd6e25ce

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Emin.js
                                            Filesize

                                            2KB

                                            MD5

                                            d9fd66a813b647e9461e654ba80db7bc

                                            SHA1

                                            075344db68a3b4bb3f549c0cb79c672aaed70b87

                                            SHA256

                                            3db96ebba9a6875bb058a3a2a4457165103f8ed51183cf4d79a525c959602499

                                            SHA512

                                            55eafa2716d45a629aadb1422dd240609faa9f55c7ec4488569e6fb15298a586b7ed5a95060329e76dd4b272edce8954ea18be5f238d4cac70fbf59a391bb09f

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Funsoul.exe
                                            Filesize

                                            44KB

                                            MD5

                                            a13a4db860d743a088ef7ab9bacb4dda

                                            SHA1

                                            8461cdeef23b6357468a7fb6e118b59273ed528c

                                            SHA256

                                            69ee59cee5a1d39739d935701cfa917f75787b29e0b9bda9ada9e2642ade434c

                                            SHA512

                                            52909b5fcbf00ef4025f6051ee1b8a933fc2a0bd7a292fe25fac708f358e7c96d6d31ba263d07128d56bc614fcbd053b2fa1249024a8138baf30da8ac5f54806

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Gruel.a.exe
                                            Filesize

                                            100KB

                                            MD5

                                            b0feccddd78039aed7f1d68dae4d73d3

                                            SHA1

                                            8fcffb3ae7af33b9b83af4c5acbb044f888eeabf

                                            SHA256

                                            5714efd4746f7796bbc52a272f8e354f67edfb50129d5fdaa1396e920956d0d6

                                            SHA512

                                            b02b9476eeb9c43fcfef56949f867c1c88f152d65f3961a2838b8bff02df2383945aefb9a8c517ac78d79b5a9163c7677f5b6238f4624b1966994c9c09eb428d

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Happy99.exe
                                            Filesize

                                            9KB

                                            MD5

                                            02dd0eaa9649a11e55fa5467fa4b8ef8

                                            SHA1

                                            a4a945192cb730634168f79b6e4cd298dbe3d168

                                            SHA256

                                            4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18

                                            SHA512

                                            3bf69de674737ca15d6ff7ce73396194f3631dc4b8d32cc570adeeacdc210acee50fd64c97172ce7cc77f166c681d2ccd55955b3aca9188813b7ff6f49280441

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\ILOVEYOU.vbs
                                            Filesize

                                            10KB

                                            MD5

                                            8e2c097ca623ca32723d57968b9d2525

                                            SHA1

                                            dccfb092fa979fb51c8c8ca64368a6f43349e41d

                                            SHA256

                                            556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1

                                            SHA512

                                            a468476a8463c36c2db914e3fe4dc7aee67ac35e5e39292107431d68ab1553ca3c74255a741432ba71e8a650cf19eb55d43983363bfc9710e65b212fba37bbde

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Jer.html
                                            Filesize

                                            4KB

                                            MD5

                                            ecafc7fa4592920ca0948de98493a758

                                            SHA1

                                            6ed9a12aa6d586bdcb1b56c65411e75c539408fa

                                            SHA256

                                            390e460334ec801fdeadb511d7404ff2c8b7a0a945a0c763d0b3354e15639dbf

                                            SHA512

                                            27316d1836dfeb7b5f263d2371c3a8f4bb18ef6ee248955940a5d75a597161ab152b8e2d6092cf416bf326b629c2e6babda271b8a1e8977dd6d1f7b2317b876e

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Kiray.exe
                                            Filesize

                                            13KB

                                            MD5

                                            f22ae972aee081ec86faa30e73d9675f

                                            SHA1

                                            a559057e10f7e524688043ca283e2380739d6744

                                            SHA256

                                            166865fdb90e7964e7ea57a282343026d878230215e5694145f88a8afb56132f

                                            SHA512

                                            80c000c1ee73a402d0960ee768272096541786eacda7b938f9791ca3da067f5838c6850c74dff466cccde11851989062328b4a3d87b2eb99a6cac0efcf45f4c1

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Klez.e.exe
                                            Filesize

                                            86KB

                                            MD5

                                            f2db87b351770e5995e9fcaad47d9591

                                            SHA1

                                            4c75bd93f458096fbc27fa852e16ce25a602f267

                                            SHA256

                                            3113fa9a3cf00ed423a2c686a2ffb19586f6a047747de65a93436a7dca8fcfa7

                                            SHA512

                                            608e74274b555a239534a9d43514e07cb8aad9b13baf4cc383e8c21ea4e9ebd36162dc0b4bf30a0975c334facf23d6e63742e2bbe4ba400e80d9f191893a84fc

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Lacon.exe
                                            Filesize

                                            12KB

                                            MD5

                                            cb0f7b3fd927cf0d0ba36302e6f9af86

                                            SHA1

                                            32bdc349a35916e8991e69e9be1bd2596b6321cc

                                            SHA256

                                            9b3f73a12a793d1648f3209e1e3f10bbb548b1ec21d53b8ac060b7b95ae4ef1f

                                            SHA512

                                            e6152f3645d73c63f3f3aa9881fe8b404f9794b14a8ecaea659621828462baf042c13c88bb7f2c32277fa854ceda3056d09aa5603e92b107c6c8194464154252

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Lentin\Lentin.c.exe
                                            Filesize

                                            1.2MB

                                            MD5

                                            04ee0eff07a7e545f7052031ca0d8133

                                            SHA1

                                            56676f042cca5170a82f1fdc38648923297e8147

                                            SHA256

                                            50d60cd841a18b05e00ab4691fc1e30f6a099a65a58ba51080304205fbb0d666

                                            SHA512

                                            f4edcf31e36c94c1c568ec066edb961e7be6bdd25121cc118d5f19379cc57ab1db16ed14487c56d3838543b7668ce2b79f8ff510a646ae1216de811a23330551

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Lentin\Lentin.d.exe
                                            Filesize

                                            26KB

                                            MD5

                                            d9ce0273f791da275ed2a69446413a87

                                            SHA1

                                            38cf7ea93d74fb770bfba766845cf29bef0169df

                                            SHA256

                                            aa2e8d70654e30cf11e2b57e92cea72a9823a048f75fc9029da04e1e4d8a9810

                                            SHA512

                                            a521b2a55207c9996c0399bc0403c0865c23bf7457b5cfa80d0bec2c2eeb898a30599d99dda15ece4aa5db405c46ea4183d4b3bac20a3d5836775efccedd0f8e

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Magistr.exe
                                            Filesize

                                            107KB

                                            MD5

                                            9890349fe3c68f5923b29347bba021a4

                                            SHA1

                                            fa080a50486b205b75833a6b5c9505abb1e3b4df

                                            SHA256

                                            068f2ee28af7645dbf2a1684f0a5fc5ccb6aa1027f71da4468e0cba56c65e058

                                            SHA512

                                            aedd86837987cbe8c0b1cf3b4ca0c3a875e4cc9bcc8097c160d0d6070427ad9e1d871d5339ea95cc03499c39a6536b5a6b6d43372a49eeaf2e87bf755a3d3367

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Maldal.a.exe
                                            Filesize

                                            80KB

                                            MD5

                                            cbcd34a252a7cf61250b0f7f1cba3382

                                            SHA1

                                            152f224d66555dd49711754bf4e29a17f4706332

                                            SHA256

                                            abac285f290f0cfcd308071c9dfa9b7b4b48d10b4a3b4d75048804e59a447787

                                            SHA512

                                            09fdcb04707a3314e584f81db5210b2390f4c3f5efa173539f9d248db48ae26b3a8b240cf254561b0ecb764f6b04bb4c129832c6502d952d1960e443371ce2a9

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Mari.exe
                                            Filesize

                                            44KB

                                            MD5

                                            6513e97cffb6656fd7b5a29859fe47d3

                                            SHA1

                                            9ea95b90f501fa4b1fd4798622e7d736413d56f5

                                            SHA256

                                            efb67be90882ded2d3e53e463ae175a4b4b5229ca6929b835fa7dd4687801144

                                            SHA512

                                            87b34e2f980f446b0372815ee54942d42439c6b063f934f78b8ac1f8f04c9a8a48a2674621e83f62d0d2eae59f134a9eb6e033c698da56ddb8b3919d1f4e59ec

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\MeltingScreen.exe
                                            Filesize

                                            17KB

                                            MD5

                                            4784e42c3b15d1a141a5e0c8abc1205c

                                            SHA1

                                            48c958deba25a4763ef244ac87e87983c6534179

                                            SHA256

                                            9d355e4f9a51536b05269f696b304859155985957ba95eb575f3f38c599d913c

                                            SHA512

                                            d63d20a38602d4d228367b6596454a0f5b2884c831e3a95237d23b882abd624de59ea47835636b06a96e216f1decf8c468caacd45e5d3b16a5eb9e87bc69eb97

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\Merkur.exe
                                            Filesize

                                            44KB

                                            MD5

                                            e6f8f701d646b193139cf0a92229455f

                                            SHA1

                                            b7747d41fcf52c3611af1153e46183dacbb3c709

                                            SHA256

                                            7e89fabfdbe214bf6a6f9730f3e451e69f752b62bbd54c0a81d2aae2320abd2c

                                            SHA512

                                            135d69ed4b3acdeaf45639090cefd48fa02f9ff1fb168d249717d0e2d3295530b697d8ff3fea84fa20a66aeb99437e5b0f2a2c3936f2a109c1068816263003ae

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Email-Worm\MsWorld.exe
                                            Filesize

                                            128KB

                                            MD5

                                            7bd8a009b84b35868613332fe14267ab

                                            SHA1

                                            d36d4753aab27c6c5e253b9926406f7f97dc69a6

                                            SHA256

                                            56511f0b28f28c23b5a1a3c7d524ee25a4c6df9ac2b53797c95199534f86bbd2

                                            SHA512

                                            ad8e121f601f6698d720181d486da828781f729ca7880fb35c6fc70f021197e4a508dc46d980108a168ef2c6c89a62f3140e676ff71a1e40ea3e397ad0c63261

                                            Download Submit

                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Net-Worm\Blaster\Blaster.E.exe
                                            Filesize

                                            6KB

                                            MD5

                                            8676210e6246948201aa014db471de90

                                            SHA1

                                            86b30d1a8b7515dcab6c8d2781b85c6983709dbf

                                            SHA256

                                            2e481059b9bc9686c676d69a80202eed5022c9a53ecd8cac215e70c601dd7fdc

                                            SHA512

                                            5130e6ea6c5e1924af7d630a7b1c6e614b1482edcad3117a8dc56371269260b97793a7ccdbf3249054815b7c3b9c364b30e73e0f8e4cc230502b01d0d2f70bda

                                            Download Submit

                                          • C:\Windows\SysWOW64\ddraw32.dll
                                            Filesize

                                            22KB

                                            MD5

                                            f1ac5c806ed1e188c54e0861cbf1f358

                                            SHA1

                                            b2a2895a0eae5e2ef8d10ed0f079d0fcfea9585a

                                            SHA256

                                            87b7d23ab8720f1087d50a902244cbbdc25245b29da9bfa54698a4545b82afc4

                                            SHA512

                                            ddb61b46a71db7401984e1917f0ef1498883cff76f0a98ff8d65acb08b6d7181511ca57a1e23c7482fc9d26afcf48b662896375b80eff4b2e0d08b7b55d9b98f

                                            Download Submit

                                          • C:\Windows\SysWOW64\userinit32.exe
                                            Filesize

                                            373KB

                                            MD5

                                            30cdab5cf1d607ee7b34f44ab38e9190

                                            SHA1

                                            d4823f90d14eba0801653e8c970f47d54f655d36

                                            SHA256

                                            1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f

                                            SHA512

                                            b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3

                                            Download Submit

                                          • C:\Windows\SysWOW64\winmants.exe
                                            Filesize

                                            40KB

                                            MD5

                                            53f25f98742c5114eec23c6487af624c

                                            SHA1

                                            671af46401450d6ed9c0904402391640a1bddcc2

                                            SHA256

                                            7b5dec6a48ee2114c3056f4ccb6935f3e7418ef0b0bc4a58931f2c80fc94d705

                                            SHA512

                                            f460775308b34552c930c3f256cef1069b28421673d71e3fa2712b0467485861a98285925ae49f1adea1faf59265b964c873c12a3bb5de216122ac20084e1048

                                            Download Submit

                                          • C:\v1.log
                                            Filesize

                                            235B

                                            MD5

                                            96dffcb801321be215b07197a6fa8ad5

                                            SHA1

                                            47eae36636197d14e44e05ad1f01daed5aecaa5a

                                            SHA256

                                            1599287e287541fce2cdffd5c71d344253300f0170dbb2fc14aa6947cd56ee97

                                            SHA512

                                            247c0adae53d93dd0e9d838d3830f086128c48d3195509e34e03fcd1237f0e1ea501f17e01e5e52da7aeda0b893abf3bb73d7ac1fc4190114065b7c7d914ce1b

                                            Download Submit

                                          • C:\v1.log
                                            Filesize

                                            474B

                                            MD5

                                            e5d6dd71727873ddd691387afb3fbdf7

                                            SHA1

                                            9f34b97e04bcb67761e5504e3658438789fb8c0a

                                            SHA256

                                            d4c098ded8340377182afc456590a60c4ea28818c97ff780d4e089da13d71281

                                            SHA512

                                            591d8ca6a78a271fc48d3e73f4dc7995c6599adcf2066ebc7ec187f5790bfc644c44185aa9f6fa9351e2a7b9a669f9a5a4a7a81b3672c1b5e84becdce3b11b41

                                            Download Submit

                                          • C:\v1.log
                                            Filesize

                                            753B

                                            MD5

                                            711a94733e22a57e5abe068896ecd175

                                            SHA1

                                            b22ede6e2094ef99f80ae4c30a139a554b22994b

                                            SHA256

                                            5c7a1724194abdda8f373b2dcc8c863eff0081836288799b694788023c1c3b99

                                            SHA512

                                            43d0f7788522123c3214a8ee780af46995b5ce45a5feeaf13eb011226e44c62e9c0c16d18ce9bf41cf931d9f5e520555a8f0a77fb4329883f49764df6abaacd6

                                            Download Submit

                                          • memory/1460-2194-0x0000000000400000-0x0000000000463000-memory.dmp

                                            Filesize

                                            396KB

                                            Download

                                          • memory/1460-2139-0x0000000000400000-0x0000000000463000-memory.dmp

                                            Filesize

                                            396KB

                                            Download

                                          • memory/1660-2111-0x0000000000400000-0x0000000000410000-memory.dmp

                                            Filesize

                                            64KB

                                            Download

                                          • memory/1660-2116-0x0000000000400000-0x0000000000410000-memory.dmp

                                            Filesize

                                            64KB

                                            Download

                                          • memory/1840-2118-0x0000000000400000-0x0000000000410000-memory.dmp

                                            Filesize

                                            64KB

                                            Download

                                          • memory/1884-2196-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download

                                          • memory/1884-2136-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download

                                          • memory/1884-2193-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download

                                          • memory/1884-2138-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download

                                          • memory/1884-2094-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download

                                          • memory/2128-2093-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download

                                          • memory/2840-2057-0x0000000000400000-0x0000000000413000-memory.dmp

                                            Filesize

                                            76KB

                                            Download

                                          • memory/2840-1359-0x0000000000400000-0x0000000000413000-memory.dmp

                                            Filesize

                                            76KB

                                            Download

                                          • memory/4276-2125-0x0000000000400000-0x0000000000410000-memory.dmp

                                            Filesize

                                            64KB

                                            Download

                                          • memory/4888-2091-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download

                                          • memory/4888-2078-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download

                                          • memory/5500-2191-0x0000000051000000-0x0000000051064000-memory.dmp

                                            Filesize

                                            400KB

                                            Download

                                          • memory/5500-2135-0x0000000051000000-0x0000000051064000-memory.dmp

                                            Filesize

                                            400KB

                                            Download

                                          • memory/5968-2079-0x0000000000400000-0x0000000000432000-memory.dmp

                                            Filesize

                                            200KB

                                            Download

                                          • memory/6108-2192-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download

                                          • memory/6108-2137-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download

                                          • memory/6108-2122-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download

                                          • memory/6108-2198-0x0000000000400000-0x0000000000486000-memory.dmp

                                            Filesize

                                            536KB

                                            Download