Analysis Overview
Threat Level: Known bad
The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Known bad.
Malicious Activity Summary
WarzoneRat, AveMaria
Warzonerat family
Wannacry family
Wannacry
ReZer0 packer
Warzone RAT payload
Executes dropped EXE
Modifies file permissions
Drops startup file
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Suspicious use of SetThreadContext
UPX packed file
Drops file in System32 directory
Sets desktop wallpaper using registry
Drops file in Program Files directory
Drops file in Windows directory
Program crash
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Uses Task Scheduler COM API
Enumerates system info in registry
Uses Volume Shadow Copy WMI provider
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Scheduled Task/Job: Scheduled Task
Suspicious use of AdjustPrivilegeToken
Views/modifies file attributes
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 05:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 05:56
Reported
2024-11-17 06:13
Platform
win10ltsc2021-20241023-en
Max time kernel
700s
Max time network
1053s
Command Line
Signatures
Wannacry
Wannacry family
WarzoneRat, AveMaria
Warzonerat family
ReZer0 packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Warzone RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD97B1.tmp | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD97B8.tmp | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe | N/A |
Executes dropped EXE
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WIN5FFB = "C:\\Windows\\system32\\WIN5FFB.pif" | C:\Windows\SysWOW64\WIN5FFB.pif | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Whistler = "C:\\Windows\\system32\\whismng.exe -next" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Whiter.a.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Netagent = "c:\\windows\\system\\sysfile.exe" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\WawGifxf = "\"C:\\Windows\\WawGifxf.exe\"" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Winevar.exe" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Winevar.exe" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WIN5FFB = "C:\\Windows\\system32\\WIN5FFB.pif" | C:\Windows\SysWOW64\WIN5FFB.pif | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Seftad.exe | N/A |
Drops file in System32 directory
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4980 set thread context of 548 | N/A | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| PID 2316 set thread context of 2248 | N/A | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JDWPTRANSPORT.H | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.DOC | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.PPT | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.PPT | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SAMPLES\SOLVSAMP.XLS | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241117055627.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File created | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\JAWT_MD.H | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\SPLITREPAIR.DOC | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\JNI_MD.H | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.XLS | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File created | C:\Program Files\7-Zip\Uninstall.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.XLS | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\CLASSFILE_CONSTANTS.H | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File created | C:\Program Files\7-Zip\7z.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File created | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGEPACKAGES.H | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File created | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLBACKS.H | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JAWT.H | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File created | C:\Program Files\7-Zip\7zFM.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\939cbadd-9eae-4e61-a3a8-700f3ac59f7a.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JVMTICMLR.H | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JNI.H | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File created | C:\Program Files\7-Zip\7zG.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JVMTI.H | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.dll.sys.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.DOC | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File created | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLS.C | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLS.H | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
Drops file in Windows directory
Browser Information Discovery
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Whiter.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SpySheriff.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Seftad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xyeta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trood.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WinNuke.98.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SporaRansomware.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WIN5FFB.pif | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\White.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] | C:\Windows\SysWOW64\WIN5FFB.pif | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] | C:\Windows\SysWOW64\WIN5FFB.pif | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] | C:\Windows\SysWOW64\WIN5FFB.pif | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] | C:\Windows\SysWOW64\WIN5FFB.pif | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] | C:\Windows\SysWOW64\WIN5FFB.pif | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Software\Microsoft | C:\Windows\SysWOW64\WIN5FFB.pif | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Software\Microsoft\DataFactory | C:\Windows\SysWOW64\WIN5FFB.pif | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] | C:\Windows\SysWOW64\WIN5FFB.pif | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x24c,0x250,0x254,0x248,0x258,0x7ff754935460,0x7ff754935470,0x7ff754935480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5940 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\BubbleBoy.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Jer.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7264 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x344
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\San.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Scare.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe"
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\7z.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\7zFM.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\7zG.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe"
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\Uninstall.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -addoverwrite C:\Program Files\7-Zip\Uninstall.exe", "C:\Program Files\7-Zip\Uninstall.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res, icongroup,,
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xyeta.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xyeta.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 4768 -ip 4768
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 484
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3232 -ip 3232
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 416
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe"
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WinNuke.98.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WinNuke.98.exe"
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe"
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe
"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res
C:\Windows\SysWOW64\WIN5FFB.pif
"C:\Windows\system32\WIN5FFB.pif" ~~241131515
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\White.a.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\White.a.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Whiter.a.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Whiter.a.exe"
C:\Windows\SysWOW64\notepad.exe
notepad.exe C:\Users\Admin\AppData\Local\Temp\~sn8352.tmp
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8621.tmp"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 238501731823519.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Seftad.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Seftad.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SporaRansomware.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SporaRansomware.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SpySheriff.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SpySheriff.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskse.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskse.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trood.a.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trood.a.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 412
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Windows\SYSTEM32\mountvol.exe
mountvol c:\ /d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.11.108.188:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.towns.com | udp |
| US | 216.24.57.4:80 | www.towns.com | tcp |
| US | 216.24.57.4:80 | www.towns.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| US | 216.24.57.4:443 | www.towns.com | tcp |
| US | 216.24.57.4:443 | www.towns.com | tcp |
| US | 8.8.8.8:53 | 4.57.24.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.rdr.towns.com | udp |
| BE | 18.239.208.98:443 | api.rdr.towns.com | tcp |
| BE | 18.239.208.98:443 | api.rdr.towns.com | tcp |
| US | 8.8.8.8:53 | 98.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sdk.rdr.towns.com | udp |
| BE | 18.239.208.10:443 | sdk.rdr.towns.com | tcp |
| US | 8.8.8.8:53 | 110.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data.rdr.towns.com | udp |
| BE | 18.239.208.93:443 | data.rdr.towns.com | tcp |
| US | 8.8.8.8:53 | 93.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | 239.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hushmail.com | udp |
| US | 172.65.90.6:80 | hushmail.com | tcp |
| US | 172.65.90.6:80 | hushmail.com | tcp |
| US | 172.65.90.6:443 | hushmail.com | tcp |
| US | 8.8.8.8:53 | www.hushmail.com | udp |
| US | 172.65.90.7:443 | www.hushmail.com | tcp |
| US | 172.65.90.7:443 | www.hushmail.com | tcp |
| US | 172.65.90.7:443 | www.hushmail.com | tcp |
| US | 172.65.90.7:443 | www.hushmail.com | tcp |
| US | 172.65.90.7:443 | www.hushmail.com | tcp |
| US | 172.65.90.7:443 | www.hushmail.com | tcp |
| US | 8.8.8.8:53 | 6.90.65.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.90.65.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| BE | 18.239.208.38:443 | widget.trustpilot.com | tcp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| GB | 2.19.252.133:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | script.tapfiliate.com | udp |
| US | 104.16.137.209:443 | js.hs-scripts.com | tcp |
| BE | 18.239.208.96:443 | script.tapfiliate.com | tcp |
| US | 172.65.90.5:443 | www.hushmail.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.137.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.90.65.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 8.8.8.8:53 | js.hsleadflows.net | udp |
| US | 8.8.8.8:53 | js.hubspot.com | udp |
| US | 8.8.8.8:53 | js.usemessages.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 104.17.175.201:443 | js.hs-analytics.net | tcp |
| US | 104.16.118.116:443 | js.hubspot.com | tcp |
| US | 104.18.138.17:443 | js.hsleadflows.net | tcp |
| US | 104.16.76.142:443 | js.usemessages.com | tcp |
| US | 8.8.8.8:53 | js.hsadspixel.net | udp |
| US | 104.17.223.152:443 | js.hsadspixel.net | tcp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 104.18.40.240:443 | js.hs-banner.com | tcp |
| US | 8.8.8.8:53 | api.hubspot.com | udp |
| US | 8.8.8.8:53 | cta-service-cms2.hubspot.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | api.hubapi.com | udp |
| US | 104.18.242.108:443 | api.hubapi.com | tcp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 8.8.8.8:53 | perf-na1.hsforms.com | udp |
| US | 8.8.8.8:53 | forms.hubspot.com | udp |
| US | 104.19.175.188:443 | perf-na1.hsforms.com | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.175.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.118.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.138.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.76.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.223.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.242.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.175.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.hubspot.com | udp |
| US | 8.8.8.8:53 | static.hsappstatic.net | udp |
| US | 104.17.174.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.174.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.174.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.174.91:443 | static.hsappstatic.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | exceptions.hubspot.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 91.174.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | metrics-fe-na1.hubspot.com | udp |
| US | 8.8.8.8:53 | www.symantec.com | udp |
| US | 104.18.37.111:80 | www.symantec.com | tcp |
| US | 104.18.37.111:443 | www.symantec.com | tcp |
| US | 8.8.8.8:53 | www.broadcom.com | udp |
| US | 104.18.37.111:443 | www.broadcom.com | tcp |
| US | 8.8.8.8:53 | openssl.org | udp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| DE | 142.251.9.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 168.61.222.215:5400 | tcp | |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | smtp.google.com | udp |
| GB | 64.233.166.27:25 | smtp.google.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | izenpe.com | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.153.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | gmail.com | udp |
| US | 8.8.8.8:53 | alt2.gmail-smtp-in.l.google.com | udp |
| DE | 142.251.9.27:25 | alt2.gmail-smtp-in.l.google.com | tcp |
| US | 168.61.222.215:5400 | tcp | |
| CA | 216.113.14.106:25 | tcp | |
| US | 8.8.8.8:53 | intercepted.com | udp |
| US | 8.8.8.8:53 | intercepted.com | udp |
| NL | 86.105.245.69:25 | intercepted.com | tcp |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | primary.com | udp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| FI | 142.250.150.27:25 | alt3.aspmx.l.google.com | tcp |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | chrome.com | udp |
| US | 8.8.8.8:53 | chrome.com | udp |
| US | 216.239.32.27:25 | chrome.com | tcp |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 64.233.166.27:25 | smtp.google.com | tcp |
| US | 8.8.8.8:53 | chromium.org | udp |
| NL | 142.250.153.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 168.61.222.215:5400 | tcp | |
| NL | 142.250.153.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 64.233.166.27:25 | smtp.google.com | tcp |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | android.com | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| GB | 74.125.133.26:25 | aspmx.l.google.com | tcp |
| US | 168.61.222.215:5400 | tcp | |
| US | 168.61.222.215:5400 | tcp | |
| US | 168.61.222.215:5400 | tcp | |
| US | 168.61.222.215:5400 | tcp | |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 168.61.222.215:5400 | tcp | |
| US | 168.61.222.215:5400 | tcp | |
| US | 168.61.222.215:5400 | tcp | |
| US | 168.61.222.215:5400 | tcp | |
| US | 168.61.222.215:5400 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d9a93ee5221bd6f61ae818935430ccac |
| SHA1 | f35db7fca9a0204cefc2aef07558802de13f9424 |
| SHA256 | a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968 |
| SHA512 | b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44 |
\??\pipe\LOCAL\crashpad_4944_JYUBRBJWTDWKYLTQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b9fc751d5fa08ca574eba851a781b900 |
| SHA1 | 963c71087bd9360fa4aa1f12e84128cd26597af4 |
| SHA256 | 360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb |
| SHA512 | ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f2c6eb5f2a4c971d80d92e2718824a1 |
| SHA1 | f02f3f79c76348867c3be4c6fee669dd48539f10 |
| SHA256 | 46f8fe94d49330d0e9dd62440323a76748540add56c7014017d1a4b65f3a62ea |
| SHA512 | 24a9ee1cc85cb9c9d9d988f5990f334032ddc032f2bfe3914f9002d7f972faa1c74d7d91a0d67ef033b36fc54503697d306aadf637bbb19cc8a580daf9688dcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | f9055ea0f42cb1609ff65d5be99750dc |
| SHA1 | 6f3a884d348e9f58271ddb0cdf4ee0e29becadd4 |
| SHA256 | 1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348 |
| SHA512 | b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | b3f384059d101e86ccf932b5a8789a39 |
| SHA1 | 7f88ebec8ef231c1955dbf0db4862bf560acba17 |
| SHA256 | 66e6f762ff3156e7d57a9c3c3140386163c6102b50acc8e122bf9af8a8ba1919 |
| SHA512 | 74787b17213708d7539eac45c34f7d18b5617eb820fc4d62240a6c1f5e642f06e0ffcef58e33ff6c530429acf18f56331c6243c8e6dd0c308250c0e44e1f1f83 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 352c2e9d079ed83145230f070c61f4b1 |
| SHA1 | 6390056fec40a35ba148170c6b651a5311b87485 |
| SHA256 | ef6a68d16a6a0932724a2238868f998ea4ac2ab5d4994bbf9387547e46ab61ff |
| SHA512 | ab1408ac5d519134348795b918e9ef93ebb36f5174be53dd40dbce53870352f512876aa9617521b932f1e20dc1ba15d1d9619f39bbf012adceb6042516d1c2dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8518541e96f862e010c810807465443a |
| SHA1 | aad8ef95cbae2592c5589af68fbafb3b637544bb |
| SHA256 | 17214a2bc0ebb693cb0f8f55755c870f027a6c0026cc36d01938d9a7432c933d |
| SHA512 | 662f8875e58443800a81b86c9353c7b93f78e55ef6794a859c419c2ed520092cfe415ff184ffa477ce75fda9c2a05b1633dcc11d52284dbc25d9e1b969f1a8e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eaa153260cb8861fa47f88f74694e16c |
| SHA1 | e13609e44e77a73bf50aa987187f990e54aa6ecf |
| SHA256 | 23a3d1121e282e85e59e36d1289e4769775a631834aaff2e20328ed2db2c48b5 |
| SHA512 | 741b4ab762bf7426933a589189b080768c39e7ed3fefc958995f8cb4e7ca46741a5b415b2fed8f3fde7415a27a20fd9879379d70d6003e794ff4d4cd749ba27c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | d3412a01d4c3df1df43f94ecd14a889a |
| SHA1 | 2900a987c87791c4b64d80e9ce8c8bd26b679c2f |
| SHA256 | dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be |
| SHA512 | 7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 81bdc442ec71e5c2be2c19d36fbaba5e |
| SHA1 | ba7749752c0af136281b5d43cebe836dd7d01f65 |
| SHA256 | 7a4ce5a9ed6f2876864ee91d010eb69bb7f1776e2fd7ce2e20b5b476c21c6466 |
| SHA512 | 6ff64e6a4e1793fdf90edbb5a34b18b50ecafce0459c695649c72e941eb7455d58335e7f1141d06b0a1b13c54dc0c7527ce715dc73a185c9a47fc3c20d5c7c91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c4a5ff598c3e6bed58c4c657ced85ad |
| SHA1 | 294ebbaf3ac96ca5222c158ff9f7317031d991bb |
| SHA256 | f8e2c28a09e3ff8fd7fdffd35613df288045f90fc35cc708e50779effc06372e |
| SHA512 | d24d52c695f7b35d63957694de514fb3086df6e867fcce197225fee08f20e09a5859f4a557b090f226d40f738279c74aa9591e0a5506b792a4036043749d9ab6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1193ce3618be8666d5f6d8b5c3f6ee51 |
| SHA1 | 245f683d46ca74732ba14a160ff6cc5282b14ae0 |
| SHA256 | 1fab4a52982a092e62648c0663668f4bb8bf01f55d8e90260b8e1c510282dd45 |
| SHA512 | 921e2c073098fd62a9735fe6f4791b97472d017f9a807ad2b20d6dbbb312f956cc497a2025640aadd2c3b2363373eb6f70e2d150b558940d2e5918205414ee81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a335.TMP
| MD5 | 5c0d4bf6110ac732c02ac4620855cbda |
| SHA1 | 005556fbdbdabc9f6fabb0f862406dc4c68da25c |
| SHA256 | 07d5692e331b2b57232b016be06a468435c746dfea682d05f8e929df850805cb |
| SHA512 | b5382723fcec0a042baf114cd7b1d379b0b19bda2952ea668e39e81e45843266cf5a09c473db0cfd2370a4781c5c14720194f1ef3095a8a9418b16162d4384ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57abff.TMP
| MD5 | 69555d75ea2c0a13ab012b974360ef1d |
| SHA1 | bab29e52342c27caa7dd730de01cf630e7d0a04e |
| SHA256 | d00f7e4c9917d00b9d2a4f9499e156a0960db66ce8855a46c8edda6b01525f96 |
| SHA512 | a174a1a65d9496d6f25905873fd8387e75681ea0f9d8e1ecd2f0f973bf3ea896afcdd5e9bbacc452626dcb11474463a54a8aa9948c6be35c284709fa83df9449 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c5d46dba659247099f0e6b2f0756ac38 |
| SHA1 | f5945b0ab6352de7f19afd010ec32836deddd8e5 |
| SHA256 | a0ade09691c614b2d74e946e84222a9b046db1b1c32f69e64c497b94c84a4350 |
| SHA512 | 1f5e74b955b5c845f65d3fe4eaf9a819218e7c21223c5cdf67ea418e173c8c75e46b2127f27c9f3304f2603355307621b6ac74497a41697d219517e2a4eecefa |
C:\Users\Admin\Downloads\ConfirmSend.dll
| MD5 | 7d15445438c715a1f0ffca8d34ef220b |
| SHA1 | 4aa41a13c16018ee23236bec60897cdaa69cece3 |
| SHA256 | 9cf195272e8306b67b50a7c31a664cd90059c35ef524afed76ffb49d1050e549 |
| SHA512 | 5dadde07b6d2a2c5f94f18f8552808ea6f5b916af81d519e9c70395493f59c121552de52b9c8eec3f0aa20781f65661db4c0a311aadf1dcea3c3ea66cd8ab61e |
C:\Users\Admin\Downloads\JoinPush.lnk
| MD5 | 99d766dad7883a1bd9e80114419adfa5 |
| SHA1 | 237e31147204511c9c2cf7cd7cab01da97ac0851 |
| SHA256 | b6a672dd8cf9499b1d45eff13558ae7530cdc8d6f5e81700448bda1c5e775deb |
| SHA512 | 4005b11bef100706b98b37da685a84d9fea6527b9546ae6937daab36f8b850b70ebd7a04b3053a90453114ae8059b477acd1686722b4ed615a2bbe0467f7d322 |
C:\Users\Admin\Downloads\SuspendReceive.temp
| MD5 | 809d681e9314172c284851e2bde64411 |
| SHA1 | b2e4a1ffc680280b52c84d96a5024c1d20b8d95a |
| SHA256 | 59cddab8f6e9fc6d8b27018732952b49c2658bf8445d5ca65131113251d4a8f0 |
| SHA512 | ca4e210246cc326a7c46730e3d4673d1860328c0ecc0f686ca997a238eac859267c617657225a61df0a803daab4b3963cdbd89b3299bc9642b5f156b442f0229 |
C:\Users\Admin\Downloads\AddEdit.emz
| MD5 | 15a43ab68e372101d9b9f0d115d1c228 |
| SHA1 | 684c1b3ef813f73c1a862529a75a820cdc261cbd |
| SHA256 | 9524b97d029d87575b42e74738d93d597219ce189ba110cdfe874ee4fe85ec6f |
| SHA512 | bce4637a77534db6ee108b231d16f44165da3e3898650261bb138104557ceeb7dfbb96094af1d0347d22309d8ec9a7b4bf893eeb4ef1dc3d6a7b3cdc76eeb5ac |
C:\Users\Admin\Downloads\TraceUnprotect.vsw
| MD5 | 4231a46a57d2b28c7ef5de166cdf6c08 |
| SHA1 | 3b152b4a6100b4b0ad951c2886e5a551594ba3c9 |
| SHA256 | 6750b786d5c299bb4ebb1807818d6d1b8f303ff861d67d2d5296cb78976d7732 |
| SHA512 | 5e7e6337e536cb23c41788835735d71b7cbe41872194ad7ff5bb0bc83f061d3e55e4497ddb96f6b376ce5384ee2fa7763460a7fdc974bdb64ca1693a5ab8d1fd |
C:\Users\Admin\Downloads\CompleteUnprotect.cfg
| MD5 | d81f2edf9ac00bad7a0e000d686fb317 |
| SHA1 | 1749e3884f694fc5d140289f564651b716f23132 |
| SHA256 | d134740507e2e934ab49b9fec9821f17aae26d3a32ee2f5c961db2182f9ede30 |
| SHA512 | 3289127eefa792b0296622f475abe7d6bec90584217a98a6b70fd796f678c7275ad7bf6c9ad2dd6ec6902ce5e4d627e14d366638d76797c5ad58fdea9a7aa404 |
C:\Users\Admin\Downloads\HidePing.jpeg
| MD5 | 6fca7bd575c40f0ebffa8eb448d2189a |
| SHA1 | 6902e2a6c3464ce8227b9a3e892b3f88d3c89ea1 |
| SHA256 | 6dba44bc599ca8273b3fc001dd096c42e23ba3fd20c51faa51a0bf85924adab8 |
| SHA512 | f4f0bb16cf1cdfb792740565b799b31d8beedd51d5927921255339b91212842c1f995dd22d9f14f0de95d004fc559ba79edfec64fe2abec08c173ff9d56ace22 |
C:\Users\Admin\Downloads\DisableCheckpoint.MTS
| MD5 | 71536f424efc614350e107dedf224f0c |
| SHA1 | d04b69f4a2fa0b956211751f01a164863b928101 |
| SHA256 | 40f046135bf28577cbc8b9567ed523c5a86b51a9e01198182681a76a3f1602d5 |
| SHA512 | bd3eda5b37a2d04f5ad3d8adeb29b83adeabcd90487ef37a4b87d9df49f1b5993075609d414277d1e214234c63c102220622b6b0e3b5a0e325f772cd737ee27e |
C:\Users\Admin\Downloads\UpdateExport.jfif
| MD5 | 17b72d38b368deae6e8a6b9eb648dd71 |
| SHA1 | 2dce600ae20ea5c3ca3665ff312a8dedd7bdf71f |
| SHA256 | b7d56f1dfc364f905b57ef6fff276e7e29adf4dd769c454a140184fc7d5b8b14 |
| SHA512 | 27ed7ecd8126ace4543d8557680930c342a317aa150931c4cf247fc80874b3f4f95a2a134e3edb86425846a1a962debb7c111841b55843ed3ca08ebf04d3ffd9 |
C:\Users\Admin\Downloads\PushSplit.docx
| MD5 | e1ddec89a97899da02b6068e226a64db |
| SHA1 | d7b87bde6234bef3557dda4f68e97b4a04df6ea6 |
| SHA256 | cbbb6c780243a5428b1642b93d02d8ea522229499926d77d24d36cecae588054 |
| SHA512 | 078e15f7ca7f5370e75c22fe6fd7c96590122c4c09cbb6ffdde838dc777d8a5ea619597f221f755392a79cc91572015b2a3c2bd79679ede9faaf34187329f5c0 |
C:\Users\Admin\Downloads\SendNew.m3u
| MD5 | 1f18ff184d53312d9fdc184de1c2931e |
| SHA1 | 7612d8adeb987170e0f2de29373d766408ce5b44 |
| SHA256 | df923c10e01ecd54bb0418eb5acd121ad3998e18e3cd3cf80ebf95232927155a |
| SHA512 | 00c54611e285e15f8473bb640e771e2e3c4dc564944992d137a107cd8569c90927df942f4498563160b2b003f7a224ccff3a85f2be76c9b61dbf472117a47fed |
C:\Users\Admin\Downloads\AssertEnter.mpe
| MD5 | 30767084dae915565f4ce9da76f8997c |
| SHA1 | e6bd168796571f188bc22caeebeb3a1a2040d595 |
| SHA256 | c5d25506d780c4d9ba2a9d5f179545cd81883d3a99b56fad729d494b0fbb6a19 |
| SHA512 | 6de7b90dcea3c3a95a71f47602f6c411fe600c02538e31663bd0aef226ae358cfcd9c33faeab4081ddf4752c638131b69a53f0759c1651c9e7151cc4af604837 |
C:\Users\Admin\Downloads\CheckpointEnter.jpeg
| MD5 | 2f0655ab5647850a41edfc67f63fbbab |
| SHA1 | a8b865fe69d23b5a0258a0b1066c29063f99b2b9 |
| SHA256 | 9abfaeabe4b3cec943dc5218567e2c064fd49e385999411f05afd683865ce8b6 |
| SHA512 | af96ab2814a2942ba58030228294801ca63b44f9ec55e4756f2dff8b24c4fa40cfdd52ecf540f113f5481f017775cc7d653db5784309f52f9659985747ba1875 |
C:\Users\Admin\Downloads\DisableConvertTo.jtx
| MD5 | 5b1b5ae4fbd084ece75e80cd78f4ee3c |
| SHA1 | 90ba05787d3103e8d3e660d7fe710e6c91765215 |
| SHA256 | 963f78e6ebf64775f7cdbcfb3abcf38ba8f6db859f7679ee137b9b1011ea9891 |
| SHA512 | 5bbea588584fe9db69cc780eb3d0afb645de23696d8067bbc48a5046b4801edfb99959eaa9a7e9c169325c56f5146b8c515bdb04a53e00d0ac22e07e132a12b4 |
C:\Users\Admin\Downloads\UnlockRedo.wm
| MD5 | f342ce53e4779f4f86e085c845ecfa4d |
| SHA1 | 55ab9d5516230b6e87d3665d085b78e306cffa39 |
| SHA256 | efa8f437547cad7b24498318f7fdd082430c60693e330d468eb41ddc2ac6defc |
| SHA512 | 60736bd43ab8b017b524c034ff07a023fb81d267ec0d40db758ae41df94539c4b714d0cdd100e3f267177f0b08671a358b8c4505ef49f650c13f023d1efb1133 |
C:\Users\Admin\Downloads\FormatConvert.temp
| MD5 | a029ebec21a713866e54f8d6bb040460 |
| SHA1 | 43df4c73083925505ef4930ad9f3e1265b624c16 |
| SHA256 | aa07807206ccdce496a266417a72b6cc1090e12ad0502f37cf50e4c95deb6e76 |
| SHA512 | edf7381d6313565a12d288fba09653a601fd977d2985d973d16924cbf75b73396682d84cb3308a5a3973fc04910d15b137bcbc009e96203079610453caefa755 |
C:\Users\Admin\Downloads\SendConvertFrom.temp
| MD5 | 5078908e5be05d89f15c0c3621fb0b15 |
| SHA1 | d3036bf3e2cae25f25b141113b1687f155d26fc6 |
| SHA256 | 7f72c6d414fe940fdf6482d99ebd313ddab3effae2703a1eb6d2dd04e6a5fdad |
| SHA512 | 0531c998378e30ab4c33139a3818f41ee77c17f34801ec0ccf7f2bc184b7e933672affec335a476741ed57ea9f81e839f512a29f44adebe7a54c2e7d7a0c8f14 |
C:\Users\Admin\Downloads\SaveOptimize.wmx
| MD5 | fd15a4ffd32a5f50e3ff2be186251c26 |
| SHA1 | b146c573719e80ded65f262dc00888218036d4d9 |
| SHA256 | 0a794b66d03e42534d01ea9c861a107261ec0c6548b363a21e23735ebe5c0e33 |
| SHA512 | a85d1cf362b2d06c1f55b4a9c652d2ef301d00a2c51921b645a6a8941abbc5cd919779476de581cd43a47e9ce965bd5ecdaefcc4aca1ecf558530b03f671e2e3 |
C:\Users\Admin\Downloads\CloseSearch.vsx
| MD5 | b2395ea672bf6c5e0bd67e75a15baac8 |
| SHA1 | 237f023f90d76cbf633a2ae008c581a282df075a |
| SHA256 | c548ec5eecc1553d89c84bb15c123c5655811f232e509ae549b5447255e0acc8 |
| SHA512 | 6229c82cc60f09730181c0f4cd9ec12a5d8e93cd6824b84c204c7b5b6049cad7560ce1942d8398d2489ea0dc4b7ade306a2ba8d8d58cbd0b9d443063a91daafa |
C:\Users\Admin\Downloads\ReceiveBackup.tiff
| MD5 | 178a44489dcb5cabea13e5d4debddffd |
| SHA1 | 1d9046e4a318bebb52f9b883478277623388a29d |
| SHA256 | 20d95c8d696ebc25a345d9b5d851af91b07e70888d648cebb7c51aa66f01248f |
| SHA512 | b914a9fdb52b365e3be236f091c1ac1c76cba37fc5fe0261039110e087028158ad5a11316ffbe56077142f47b388357f0a06d90c8570a132cf8254b990c6a503 |
C:\Users\Admin\Downloads\BlockSubmit.dotx
| MD5 | eef9dca59d4f87133fbfd1ba493847d0 |
| SHA1 | 76254421b4d718a2c303a7a012723fc38b9fbc61 |
| SHA256 | f31af155d09eeedcb398907284d442d18e881fbc68b135d9bbff592e29f96c09 |
| SHA512 | c6fee4acbef7f96d17d8582fa8e2e08613a2ec87b6b36a482919046dd1bd6065d729e1c7ce22b49f3146afab89720e445ab39d11c74a41b28fa6e1a716c496b1 |
C:\Users\Admin\Downloads\StepUpdate.bat
| MD5 | 10e2a5f0ceee1072a6c9d56fa0fcba21 |
| SHA1 | 02775d3daa05a5d6c6a3355a19bc64c5040cab12 |
| SHA256 | deb09817d2c5287d1f796d848cb6e689b29a8dff7c5814bbab566c66899261f6 |
| SHA512 | 15d6f4d476dbf5b4cfdc2b1d43a70a664469d78b782b66601bd1adf447f2ddb2f99938eb537d3acf30eefdf94f453929d15c68b77a8a9319925917e70d5cc148 |
C:\Users\Admin\Downloads\ApproveWrite.mpg
| MD5 | 971e24bba5f3ab0b3936ed68d1b93d08 |
| SHA1 | 5c803e4160fcda33638fd9e02ce7c04edd7a7d8f |
| SHA256 | 6256d18f901d3510765fff2937948c12fc7e3e5a5840aeda8953fb3ebfc7fdee |
| SHA512 | 58f04e4e44650e37b1cf4d8d2656eb0ab99093af3517d1eaf3f6a99340574e0fc95b86fec8e07951125b5f5254d84a8d93d10f827f43cfd3644a1b87916ccc62 |
C:\Users\Admin\Downloads\ConfirmWatch.crw
| MD5 | 0d80208cdabb5d6023fac5247b3819bb |
| SHA1 | 47604c3f0e692dad02ac662dd073e60299de3061 |
| SHA256 | 06555116e11cba803c03b5e714341bcaa9f84277ce32ec77a3fba69f90e2ea68 |
| SHA512 | 41793d8488ab0c3c5d340efef3c819e1a36589d2bb375a6f2f2033e6e5c31d9d0902729113c45482a25cbfe2e3e434945a83216b8256d6e3fc9372f22f97bfe1 |
C:\Users\Admin\Downloads\ResumeOptimize.vsx
| MD5 | 17fbdb240f050dcc7661b6125081d355 |
| SHA1 | 9b4d3e2cabd2117e7dc8a653bd0df3a0f0295d1e |
| SHA256 | a8459950bd019799be428c98bfa1bf4ced096b9e70bb0ec02c3d04bce83f7031 |
| SHA512 | f4dfcb5d38e79bdeefbc9ebcff58811040335b322afc5c85b8296cea96accf274b11fd03da58670ddf32f8aa17e53a7ca203aece55fef54ebae55c042bfa39fe |
C:\Users\Admin\Downloads\LimitPublish.xsl
| MD5 | f373e7790b4acac450569d773e95ef7e |
| SHA1 | 130e7cbd9c69556dd83c58f61fb28247a05b2ab0 |
| SHA256 | 0e987b09e202ddff5cb1ab6f57de692540d7f859d8fb77f973c226bb4f72946c |
| SHA512 | b2f74c1cafa444fd683a640332f5fee42ed9f7e847f7f5e128fa769798c3efda07d3d8434686585c5ae52e721303040dd6872e2dcd4607e3a59244d11725d412 |
C:\Users\Admin\Downloads\FindUnblock.odt
| MD5 | c728d77cc432c96dcf77ff97bd5b9b6f |
| SHA1 | e56b896f4a7022c17910bbd850844682b8a9e54f |
| SHA256 | c57e88f49e6e37a6325e27e91d4e57dd43bb2941467464d267b677f1ebf5a823 |
| SHA512 | f41f1612d0aff96d77a500a712e60fa7a54a4b55e7da7c038dc705a4ef7c562d7ae0c3d7b157eabb70fdfb94fb32c7d6d2b1247270e60928f8b2981e7878f2e6 |
C:\Users\Admin\Downloads\LimitMove.wmv
| MD5 | b11529f5e32147742eb8b89d3c680a47 |
| SHA1 | bf970103291028e36d91c09d77c4671ecc8cbe72 |
| SHA256 | c403551d454f82425d22c8cbfb91048783014cdb33cd6e47d73ca591673536c5 |
| SHA512 | e0645f8abb7edf420055f171dbbda386e0323de6734aa4e74abad4130b8584c1dfad48d358b4fd3573828cde2a2db0fc377f9dd95e7afb22d67b3948f0f41f45 |
C:\Users\Admin\Downloads\CompareUnblock.mpeg
| MD5 | f81d8f6c553d4112a5a81b9e5bc7fc33 |
| SHA1 | d5ee6b4d4fe728bcca55a59faddf346be9fff9fe |
| SHA256 | c326a1b3bb2ca92ae2dc7e3761798f37124ef51a4aa44e412e806882cd16927c |
| SHA512 | 0f7d83289e31f32e8ad7e758e5ee0248d56222dc09d0f9f5b1331fb8c2796ba5febbc0705581eb4d63713abcb65a02ebb2d2f0c4041e1a9f6df650183cfe7a83 |
C:\Users\Admin\Downloads\ResetPing.ram
| MD5 | 931dc9c634b255139293200bbcca549a |
| SHA1 | 66890cfb0e16a918e435676d3868f7c9d66c6be8 |
| SHA256 | db9e2e0bf80a8e314f820d2f5cf7e3f8b4dedaccf45ef1276c3f74301c7774f9 |
| SHA512 | f067b458bf0c4d7d09d362d2f78523a507e52ef9b8248e550eea56577677e2ca434a2945c7be3e1ccb49c1a751667b095f0f8912e9c366e34b707ef62a90d2e4 |
C:\Users\Admin\Downloads\SetBlock.sql
| MD5 | 40f62f4a5758f495f81dee8247954832 |
| SHA1 | db26a509aeea3a072cc923688cff3ca7501aa4ad |
| SHA256 | 92301b1601c54d82ad2309419767ca3fbd7fd1465fc3bbbec81ca792bbb76aa6 |
| SHA512 | 84efd59107d62923b7a10d374fca6d7a5597d34cce7d2bb9e922f51c973ea722832c25b294a5a2c50081fd98670052062566b2e39f7454cacb1bd591d66e2647 |
C:\Users\Admin\Downloads\CompleteBackup.tiff
| MD5 | 3958aa5737d2efd3934f4cf0263d4ba0 |
| SHA1 | 9b64798c14b563b2a06f1e9d8cd8f90bd33f00b4 |
| SHA256 | 858ddee092bd07f48a74bc8e3b9bcba97aa503a82743bc46c1c70db509d8b699 |
| SHA512 | 84696d2d23595c748277160b4dff0dfebb81466a8af0c6c7edc2f7e32f9ea2a50816839e9201ba33f412d4fb67ee7e59ba248f2743d577ea74706aee1b2e3573 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5863f5.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b6f48b29-add0-4cf1-81a2-cfc5ef660b49.tmp
| MD5 | a6d346f58cbec0a6e4015327b25f1537 |
| SHA1 | 750056e65a8b1c20b1a6051f5adcdf35821a6ac1 |
| SHA256 | 1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56 |
| SHA512 | 74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2061f7f8995a481e9d779a7d07d8e403 |
| SHA1 | 0011710c44ec76fd5d75a1b91bcc4a3775f5da2d |
| SHA256 | c29bba01ebdc26ae67e3427b0535fa84483b1378f2200e5f658c65c83e1d717a |
| SHA512 | 1411e940b141c3a31ce660f15f07b55614206ee4a7593aa49bcfb205260c17831b06c5fe26d9a5e7160c7c18a64cfd9b63c14097d67575db3cf247d63d41cbdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa191513248e7364ef27083b16258eb7 |
| SHA1 | 00d107907913ab4929b7661acafd8daefaca4ec9 |
| SHA256 | 0c7866095c62d1f1b2452784d917c575bfce84f94ef48c2d49babf5ab4b62013 |
| SHA512 | 1a0ded880e9f3d53f14bede434349472072c29a7bf0409cca327565aaa2da54769b800f8bff5c91b1151896cdeeb47b9558deb5e5d1e7071c596ec9a3f047d65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a0600a89e430e86cae72f09145d451dd |
| SHA1 | bd547e636639db73c09774af58a8ff5c25b3e605 |
| SHA256 | caf1e5f3957efca012618f13e5ad6ebce3b348070f9ef5ae3016ac24b25db279 |
| SHA512 | 29d8f2ed970e8a2c220d872425faed4b4177fd7f5365cd4ab20442588f49bdd661949f053c8f9d06cdbf0dfac4a714fc6e7dd25eff77bce6e923a9f4360ce78a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 070799389fd916292a9e75a0156bf3e8 |
| SHA1 | b2728bc415651002e01d2f846d9e4c2ff7f32f14 |
| SHA256 | e6579b1e0902f5ed9d10d4ebc894f9792b5c2bffa9d6a7ecef41bd00668fefd5 |
| SHA512 | 75709e527cbb6ba5d57c4ef51d4d8cb7a48d2355781c4c84d7ce4f7ff8f2f2848ce90b368b2029931316c1504aa72625624b3af5524190a58ee9f3094623a142 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7d5cc10ce2c3ddc5b4e043d56f21460a |
| SHA1 | 2bee1497c3a61001aa721c0f113f464e4085f05c |
| SHA256 | 0fefefdc5b0d3b78ebbf3d8b6018fe029f3aab85017fc3878c733db0faa56fd3 |
| SHA512 | 6368b99962381c14e4b0e650aae74699d0a914acf8ae9cfde737b7c812d8de708ea3fc726b691575ec6826dca3e1a06753f2de99708184fb5b017a21f6d915e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6f1d1858c8c5ec7d755729a1fcc709dd |
| SHA1 | 03372dc0d744e237975ea0773c309b3ba8b8ba1a |
| SHA256 | 10a53d6552a66d57fa16a997b82ed9762c5b53a4748d255fe344adfcafd7a3e2 |
| SHA512 | 8fb73405e9cd2ab4c6e8121526c3b5ff0936292eee39003e19995d11db8d5afb676be42fb7bddae79c915f5b1eccc9e35b1f159c2a9f39e4f601f259e9746093 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f9f3eb7e661d2337aa709bfb5a37b10 |
| SHA1 | 1e71c022a18a7a5962d71419d41be88059eb6cbc |
| SHA256 | 139d240e3a4f5a129f2fa427edc77db7640b67cd84818bfab98c55bb1c73ba80 |
| SHA512 | 7c03d2b5aba6e9dcd4b438ab93cf429a99529fb1fb4d122d6b3e9b2713ff9f7b79c24a0dc0a496726467fdf744ad63230c862f4c98e3706473fee1de7906fc29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2d73861268bcb45d896e7ccb0fd60442 |
| SHA1 | bbf6d6cfe7cf4a0920ee81e95cc1c9f3c19c2d76 |
| SHA256 | b00fa7c7f9aec3f8f670f6bc22829e416c993051099b5652d9464db2e6a2cb79 |
| SHA512 | 00400a32d4bb931aaa63e0664d079438a75c411125ff459968fe80ee287b3b4c73339b04fbf18b9342b00edda2b49d157b5d9ad9b1fbdc43f16eeeb43edd02c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 831fe2af47b18da1a29e6bfc17796484 |
| SHA1 | a8ebf01e0b329d65012506994f8682a99f9287e7 |
| SHA256 | aedc80665242d69b0518ffb0b787617f90a24ffc67cf8587abd9326af4c5305e |
| SHA512 | e0f08017a1555ea5d07d74bfc3576ae7de2065b68ba22b83573e25607effa078fb080c422730e656847f7bcea3bf5187ad59a5176db212dcbd3fc31689a458b9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | e8d934d57cf673b256f5e879f28bdad1 |
| SHA1 | c5057ae13d0cd254e0e248abf4ae6dc13fa584c3 |
| SHA256 | a2ea4d695c24150d0c89bdab4431e6da645c904eb3bc7871c2f555024212a686 |
| SHA512 | 1bdad654d1dc3109ee0f3e887f2301547e20bd640f285a16dc788c4cd2ffcea736c3c85be06835046c026a397d5c93300e151c69778f956d6aa28e6beb421127 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cca661ad2bd4863f4225e8e4b73bb32f |
| SHA1 | 39b520f7f4dce9ac8c6e0107baa118e4fd512b72 |
| SHA256 | 86fc1573bc136a0989bdf16db949b1770c160f151fb0477bde36a20265dbe730 |
| SHA512 | 16b69ba8b72afadbf3d6952e58613949ee304275a6b35e60b25b5c1cd7d0fc44da330509b2fa0641457fe1d7a89f9512090a57aea917a17bf9016df162c55d3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff24f1d574f84ea525223469c8abd070 |
| SHA1 | 5a3dbfa55e86b81c782047449835b9f71db9e370 |
| SHA256 | d4c8dea42a5f93827f1eaa97ca69d6a5abfca08bffc84b86008ced01f869502a |
| SHA512 | e9eb4d854b4aa3f01eeecf620eb717fedefc810b0181e8d6779785bf05503e8e2f606f66bafdd4e9b3242acd7dec1df726d07b537d65eb6558306ec72203f6b0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 79e3d17cece46d64a3eda390981f1ef4 |
| SHA1 | cecb80d2bb84c4cde1147128cc1204175f7a71ec |
| SHA256 | 8a21900e609e66aea7e3c04aee28a6b5e6e201933dfa1ebd4ba738b71f32d21f |
| SHA512 | 6aa17ba04f15d7b726c432416eb96affd34a64c44a59a3c82665778a76298dafa2f03a9a1f99a7c6fe971f0f0cd835f80ad4083b6a20c81e60080f8f1cd9be72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ad6028a386cb576176edcc759d9a859e |
| SHA1 | cc030e8fa9779eb43c68d1667016aee0ddd98d9e |
| SHA256 | 7c50775144327db3a09cc1b497f3ac5c1a7ab0e200b82385ecb441cf0c25f5b4 |
| SHA512 | 5fe56c4ad9ca7b123bb498bb3d5003b02363977ae4da278c6c3c723a1cdc1635ab22c0500456761c0569115e2ad1b5680edbcf4f572899e43a68903e204bcbf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b3ce6.TMP
| MD5 | 018faef385ccc44a2770a549b4c1abe8 |
| SHA1 | ce3c55f23568003015755a036fc1c70dd8d41805 |
| SHA256 | 27ecb8ed8cd4ac05123f1c49383ac769d405124db3861601f64fa99c83bfbcad |
| SHA512 | 0c878befcac0de02dbdcb08cc25eb89e5011b1c6d0ac866f4b7e36c5a59f6dfad708f9f0a519eedd402752421c589396ca6de88dad0cba12cc3ff28d0140d0d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ef4bfa69a3ddbe15533488843f0a5ea2 |
| SHA1 | 9330077849401a6ac6123ea4bd24a7583529ce15 |
| SHA256 | 1893da374854716432f689dba849f4e167c2b8de0dbd87ec93ecef05cd491fc6 |
| SHA512 | b6c8d5c548321a02466cfccf7cd1e85fa7c3e5a9928a53b01976ce5c351af89095211b8c358cbfa8891d8d7ebc18640406af103b84f687104ccfa9d5de34f071 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64b2a9a47fa311c659e40cad9b6093b9 |
| SHA1 | 3bd82269f9b5b3e9a890a961e6d42dcdf2b22253 |
| SHA256 | 0967883b641c4d806a7b777c0cd609099c3aeaff4200fa9491e2a48bf74cd636 |
| SHA512 | d006274d3a4d60355df8bbc61b0bcd48adaf8f7ffe72d953388745511952fcd773e0d95483231625b3ca7972c746d27a173ae80ec2a72e9cf69009b26924ce46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e2b062d4c84a37afbb330d108cccf8e6 |
| SHA1 | 6c669b78c2735665db64a1614b59794b93d1dd36 |
| SHA256 | 5b3486d63828f7f6866f24273d2f9ab236120c6d852c04d35c248d97e9b55d69 |
| SHA512 | 3447bc6d4d0e0207a74204c36866b83d53053d816d6baa7a93003c6438960912f3886796da91c49c4fcf6520624a6575ed070697d96792309fda0a8fdb86853d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bb77a2ea36f270f8b327a760b5bf7dd5 |
| SHA1 | f82d9ae7c2cd4b001773b7a64ae19abf395efe57 |
| SHA256 | b8afa45e88b185b7fead8fc071650b1b64c4a386c12893c2e3ef65109e04a385 |
| SHA512 | a4ca4841d34142abd9c68a26acf99c2a6483c0170a6e3bb7fe2443903db3f217609a52d915681b872cd84c921f314e4368a3cc543d37ac50161e21e0a606c52f |
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Walker.com
| MD5 | 93ceffafe7bb69ec3f9b4a90908ece46 |
| SHA1 | 14c85fa8930f8bfbe1f9102a10f4b03d24a16d02 |
| SHA256 | b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07 |
| SHA512 | c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144 |
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\VanToM-Rat.bat
| MD5 | 3d4e3f149f3d0cdfe76bf8b235742c97 |
| SHA1 | 0e0e34b5fd8c15547ca98027e49b1dcf37146d95 |
| SHA256 | b15c7cf9097195fb5426d4028fd2f6352325400beb1e32431395393910e0b10a |
| SHA512 | 8c9d2a506135431adcfd35446b69b20fe12f39c0694f1464c534a6bf01ebc5f815c948783508e06b14ff4cc33f44e220122bf2a42d2e97afa646b714a88addff |
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\README.md
| MD5 | da53941085b635d68bba6cfd5ec25b41 |
| SHA1 | 3a1fad738f5576ad8eeebaaad7f85aea1110136c |
| SHA256 | f14b23fe8a5835b3451b2c099ae01afc77aa8a84067621cc80b31fcb5b827a32 |
| SHA512 | c3f2be04c0c805260372174d57db68e94039a6657c7b2ddd8c71cf07c7bbfbb6b4065beb037956b574f413a268461d7a551109c9cd2fc39113d54b13e6637556 |
memory/5772-801-0x0000000000EF0000-0x000000000149C000-memory.dmp
memory/5772-802-0x0000000006480000-0x0000000006A26000-memory.dmp
memory/5772-803-0x0000000005ED0000-0x0000000005F62000-memory.dmp
memory/1888-815-0x0000000000400000-0x00000000004DD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.ini
| MD5 | dbfea325d1e00a904309a682051778ad |
| SHA1 | 525562934d0866f2ba90b3c25ea005c8c5f1e9fb |
| SHA256 | 15a3a3303b4a77272ddb04454333a4c06aa2a113f210ba4a03314026e0821e6d |
| SHA512 | cd853c67c2b1a44c3f592ff42d207b2251e8b9bc1eb22fc12cd710329069ef75abffccd169418c4f9bd008a40f2fbbfc6904519f27fd658f316309f94b8ff59c |
memory/4764-827-0x0000000000400000-0x000000000084A000-memory.dmp
memory/560-832-0x0000000000400000-0x00000000004DD000-memory.dmp
memory/1136-835-0x0000000000400000-0x000000000084A000-memory.dmp
memory/2812-840-0x0000000000400000-0x00000000004DD000-memory.dmp
memory/3520-843-0x0000000000400000-0x000000000084A000-memory.dmp
memory/5056-850-0x0000000000400000-0x00000000004DD000-memory.dmp
memory/2164-853-0x0000000000400000-0x000000000084A000-memory.dmp
memory/4768-854-0x0000000000400000-0x000000000044F000-memory.dmp
memory/2820-860-0x0000000000400000-0x00000000004DD000-memory.dmp
memory/4772-869-0x0000000000400000-0x00000000004DD000-memory.dmp
memory/3232-866-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4768-872-0x0000000000400000-0x000000000044F000-memory.dmp
memory/636-875-0x0000000000400000-0x000000000084A000-memory.dmp
memory/3232-877-0x0000000000400000-0x0000000000415000-memory.dmp
memory/5224-884-0x0000000000400000-0x00000000004DD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res
| MD5 | 45d02203801ec5cae86ed0a68727b0fa |
| SHA1 | 1b22a6df3fc0ef23c6c5312c937db7c8c0df6703 |
| SHA256 | 5e743f477333066c29c3742cc8f9f64a8cb9c54b71dbc8c69af5025d31f8c121 |
| SHA512 | 8da0bf59066223aab96595c9fbf8532baa34f1f9c2c0dee674d310a82677b6c7d6a1cc0bbaa75262b986d2b805b049ec3a2bfb25a9ae30fe6d02e32660f15e83 |
memory/5252-887-0x0000000000400000-0x000000000084A000-memory.dmp
memory/6088-892-0x0000000000400000-0x00000000004DD000-memory.dmp
memory/6108-895-0x0000000000400000-0x000000000084A000-memory.dmp
memory/4740-900-0x0000000000400000-0x00000000004DD000-memory.dmp
memory/2844-903-0x0000000000400000-0x000000000084A000-memory.dmp
memory/4428-908-0x0000000000400000-0x00000000004DD000-memory.dmp
memory/1612-911-0x0000000000400000-0x000000000084A000-memory.dmp
memory/1692-916-0x0000000000400000-0x00000000004DD000-memory.dmp
memory/3224-917-0x0000000000400000-0x0000000000471000-memory.dmp
memory/5720-920-0x0000000000400000-0x000000000084A000-memory.dmp
memory/5184-933-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3224-947-0x0000000000400000-0x0000000000471000-memory.dmp
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
memory/4980-982-0x00000000006E0000-0x0000000000736000-memory.dmp
memory/4980-987-0x0000000005360000-0x0000000005368000-memory.dmp
memory/5512-992-0x0000000010000000-0x0000000010010000-memory.dmp
memory/4980-997-0x0000000005EB0000-0x0000000005F4C000-memory.dmp
memory/4980-998-0x0000000005E10000-0x0000000005E38000-memory.dmp
memory/548-1008-0x0000000000400000-0x0000000000553000-memory.dmp
memory/548-1009-0x0000000000400000-0x0000000000553000-memory.dmp
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\@[email protected]
| MD5 | 7e6b6da7c61fcb66f3f30166871def5b |
| SHA1 | 00f699cf9bbc0308f6e101283eca15a7c566d4f9 |
| SHA256 | 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e |
| SHA512 | e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3 |
memory/5184-1152-0x0000000000400000-0x0000000000438000-memory.dmp
memory/5844-1763-0x0000000000400000-0x0000000000407200-memory.dmp
memory/3224-1762-0x0000000000400000-0x0000000000471000-memory.dmp
memory/4880-1821-0x0000000000400000-0x000000000040E000-memory.dmp
memory/3132-1889-0x0000000000830000-0x000000000083E000-memory.dmp
memory/4880-2276-0x0000000000400000-0x000000000040E000-memory.dmp
memory/2248-2282-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2248-2281-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2248-2284-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2248-2285-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5184-2286-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3224-2295-0x0000000000400000-0x0000000000471000-memory.dmp
memory/5840-2296-0x0000000000400000-0x000000000046D000-memory.dmp
C:\Users\Admin\AppData\Roaming\US726-48XGT-XTXTX-HTXXT-AYYYY.KEY
| MD5 | bcf6b4905f02a1cb93b64888692615a3 |
| SHA1 | 3ba43dbb3adbf7417a0746961e0b47d827e088d7 |
| SHA256 | 886dba6992f4b7a8ac2fa15ae6f2c82ee2ced8b1a75da386eaf1cea9aa12558f |
| SHA512 | 1e116663343abd59ce424a5a70f42ac654dcefc3d7de203c572464ba692b1a59def575412e70b5aae55e9ed183e015c4c8a4405b8243633f9651da8a0ee6a3e7 |
memory/5184-2337-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3224-2354-0x0000000000400000-0x0000000000471000-memory.dmp
memory/5840-2355-0x0000000000400000-0x000000000046D000-memory.dmp
memory/5184-2357-0x0000000000400000-0x0000000000438000-memory.dmp
memory/5844-2360-0x0000000000400000-0x0000000000407200-memory.dmp
memory/5840-2362-0x0000000000400000-0x000000000046D000-memory.dmp
memory/5840-2365-0x0000000000400000-0x000000000046D000-memory.dmp
memory/5840-2370-0x0000000000400000-0x000000000046D000-memory.dmp
memory/3224-2372-0x0000000000400000-0x0000000000471000-memory.dmp
memory/5840-2373-0x0000000000400000-0x000000000046D000-memory.dmp
memory/5184-2374-0x0000000000400000-0x0000000000438000-memory.dmp
memory/5840-2377-0x0000000000400000-0x000000000046D000-memory.dmp