Malware Analysis Report

2024-12-07 02:15

Sample ID 241117-gm2cvsshke
Target https://github.com/Da2dalus/The-MALWARE-Repo
Tags
wannacry warzonerat bootkit defense_evasion discovery infostealer persistence ransomware rat rezer0 upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Known bad.

Malicious Activity Summary

wannacry warzonerat bootkit defense_evasion discovery infostealer persistence ransomware rat rezer0 upx worm

WarzoneRat, AveMaria

Warzonerat family

Wannacry family

Wannacry

ReZer0 packer

Warzone RAT payload

Executes dropped EXE

Modifies file permissions

Drops startup file

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Suspicious use of SetThreadContext

UPX packed file

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Program crash

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Uses Task Scheduler COM API

Enumerates system info in registry

Uses Volume Shadow Copy WMI provider

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Scheduled Task/Job: Scheduled Task

Suspicious use of AdjustPrivilegeToken

Views/modifies file attributes

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-17 05:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-17 05:56

Reported

2024-11-17 06:13

Platform

win10ltsc2021-20241023-en

Max time kernel

700s

Max time network

1053s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

Signatures

Wannacry

ransomware worm wannacry

Wannacry family

wannacry

WarzoneRat, AveMaria

rat infostealer warzonerat

Warzonerat family

warzonerat

ReZer0 packer

rezer0
Description Indicator Process Target
N/A N/A N/A N/A

Warzone RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD97B1.tmp C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD97B8.tmp C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Windows\SysWOW64\WIN5FFB.pif N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\@[email protected] N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WIN5FFB = "C:\\Windows\\system32\\WIN5FFB.pif" C:\Windows\SysWOW64\WIN5FFB.pif N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Whistler = "C:\\Windows\\system32\\whismng.exe -next" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Whiter.a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Netagent = "c:\\windows\\system\\sysfile.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\WawGifxf = "\"C:\\Windows\\WawGifxf.exe\"" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Winevar.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Winevar.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WIN5FFB = "C:\\Windows\\system32\\WIN5FFB.pif" C:\Windows\SysWOW64\WIN5FFB.pif N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Seftad.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\whismng.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Whiter.a.exe N/A
File created C:\WINDOWS\SysWOW64\MSDRM\MSOIRMPROTECTOR.XLS C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\SysWOW64\RASCTRNM.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\Windows\SysWOW64\WIN63A6.tmp C:\Windows\SysWOW64\WIN5FFB.pif N/A
File opened for modification C:\Windows\SysWOW64\WIN6481.tmp C:\Windows\SysWOW64\WIN5FFB.pif N/A
File opened for modification C:\Windows\SysWOW64\WIN601A.tmp C:\Windows\SysWOW64\WIN5FFB.pif N/A
File created C:\WINDOWS\SysWOW64\MSDRM\MSOIRMPROTECTOR.DOC C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\SysWOW64\MSDRM\MSOIRMPROTECTOR.PPT C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Windows\SysWOW64\ZippedFiles.a.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Windows\SysWOW64\WIN5FFB.pif C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JDWPTRANSPORT.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.DOC C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.PPT C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.PPT C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SAMPLES\SOLVSAMP.XLS C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241117055627.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\JAWT_MD.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\SPLITREPAIR.DOC C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\JNI_MD.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.XLS C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Program Files\7-Zip\Uninstall.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.XLS C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\CLASSFILE_CONSTANTS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Program Files\7-Zip\7z.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGEPACKAGES.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Program Files\7-Zip\7zG.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLBACKS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JAWT.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Program Files\7-Zip\7zFM.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\939cbadd-9eae-4e61-a3a8-700f3ac59f7a.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JVMTICMLR.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JNI.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Program Files\7-Zip\7zG.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JVMTI.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.DOC C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLS.C C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WawGifxf.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe N/A
File opened for modification C:\WINDOWS\INF\WMIAPRPL\WMIAPRPL.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-BITS-PERF-V1-COUNTERS_31BF3856AD364E35_10.0.19041.1_NONE_17C681FDED11FC67\BITSCTR.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Windows\notepad.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Windows\bfsvc.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe N/A
File created C:\WINDOWS\INF\.NET CLR NETWORKING\_NETWORKINGPERFCOUNTERS_V2.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\WINDOWS\INF\SMSVCHOST 3.0.0.0\_SMSVCHOSTPERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\WINDOWS WORKFLOW FOUNDATION 4.0.0.0\PERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE_PERF.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Windows\system\host.tmp C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe N/A
File created C:\WINDOWS\INF\.NET MEMORY CACHE 4.0\NETMEMORYCACHE.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\UGATHERER\GSRVCTR.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\UGTHRSVC\GTHRCTR.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_STATE_PERF.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Windows\system\xanstart.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe N/A
File created C:\WINDOWS\INF\LSM\LAGCOUNTERDEF.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\REMOTEACCESS\RASCTRNM.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\TAPISRV\PERFCTR.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\WSEARCHIDXPI\IDXCNTRS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-C..GEMENT-PERFCOUNTERS_31BF3856AD364E35_10.0.19041.1_NONE_DB48407B484FA757\MSDTCPRF.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Windows\notedpad.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe N/A
File created C:\WINDOWS\INF\.NET CLR DATA\_DATAPERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\RDYBOOST\READYBOOSTPERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\WINDOWS\INF\SERVICEMODELSERVICE 3.0.0.0\_SERVICEMODELSERVICEPERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\USBHUB\USBPERFSYM.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_PERF.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\Windows\bfsvc.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe N/A
File created C:\WINDOWS\INF\.NET DATA PROVIDER FOR ORACLE\_DATAORACLECLIENTPERFCOUNTERS_SHARED12_NEUTRAL.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\.NETFRAMEWORK\CORPERFMONSYMBOLS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\BITS\BITSCTR.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\WINDOWS\INF\SERVICEMODELOPERATION 3.0.0.0\_SERVICEMODELOPERATIONPERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_PERF.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_PERF.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_STATE_PERF.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\Windows\notepad.dll.sys.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
File created C:\Windows\system\xanax.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe N/A
File created C:\WINDOWS\INF\MSDTC BRIDGE 4.0.0.0\_TRANSACTIONBRIDGEPERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\SMSVCHOST 4.0.0.0\_SMSVCHOSTPERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_PERF.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_STATE_PERF.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Windows\Start Menu\Programs\Startup\Scare.hta C:\Windows\SysWOW64\mshta.exe N/A
File created C:\Windows\notepad.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe N/A
File created C:\WINDOWS\INF\.NET CLR NETWORKING 4.0.0.0\_NETWORKINGPERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\.NET DATA PROVIDER FOR SQLSERVER\_DATAPERFCOUNTERS_SHARED12_NEUTRAL.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\MSDTC\MSDTCPRF.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\WINDOWS\INF\MSDTC BRIDGE 3.0.0.0\_TRANSACTIONBRIDGEPERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\WINDOWS\INF\SERVICEMODELENDPOINT 3.0.0.0\_SERVICEMODELENDPOINTPERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\TERMSERVICE\TSLABELS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File opened for modification C:\WINDOWS\INF\WINDOWS WORKFLOW FOUNDATION 3.0.0.0\PERFCOUNTERS.H C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
File created C:\Windows\kerneI32.daa C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Whiter.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SpySheriff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Seftad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xyeta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trood.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WinNuke.98.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SporaRansomware.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WIN5FFB.pif N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\White.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] C:\Windows\SysWOW64\WIN5FFB.pif N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] C:\Windows\SysWOW64\WIN5FFB.pif N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] C:\Windows\SysWOW64\WIN5FFB.pif N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] C:\Windows\SysWOW64\WIN5FFB.pif N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] C:\Windows\SysWOW64\WIN5FFB.pif N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Software\Microsoft C:\Windows\SysWOW64\WIN5FFB.pif N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Software\Microsoft\DataFactory C:\Windows\SysWOW64\WIN5FFB.pif N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\DataFactory\[email protected] C:\Windows\SysWOW64\WIN5FFB.pif N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\White.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Seftad.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\@[email protected] N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4944 wrote to memory of 1224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 1224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x24c,0x250,0x254,0x248,0x258,0x7ff754935460,0x7ff754935470,0x7ff754935480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5940 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\BubbleBoy.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Jer.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7264 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x510 0x344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\San.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Scare.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe"

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\7z.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\7zFM.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\7zG.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe"

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\Uninstall.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -addoverwrite C:\Program Files\7-Zip\Uninstall.exe", "C:\Program Files\7-Zip\Uninstall.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res, icongroup,,

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xyeta.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xyeta.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 4768 -ip 4768

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 484

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3232 -ip 3232

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 416

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe"

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WinNuke.98.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WinNuke.98.exe"

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe"

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe

"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res

C:\Windows\SysWOW64\WIN5FFB.pif

"C:\Windows\system32\WIN5FFB.pif" ~~241131515

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\White.a.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\White.a.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Whiter.a.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Whiter.a.exe"

C:\Windows\SysWOW64\notepad.exe

notepad.exe C:\Users\Admin\AppData\Local\Temp\~sn8352.tmp

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8621.tmp"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 238501731823519.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Seftad.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Seftad.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SporaRansomware.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SporaRansomware.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SpySheriff.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SpySheriff.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskse.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskse.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trood.a.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trood.a.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 412

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Windows\SYSTEM32\mountvol.exe

mountvol c:\ /d

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.11.108.188:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 www.towns.com udp
US 216.24.57.4:80 www.towns.com tcp
US 216.24.57.4:80 www.towns.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
US 216.24.57.4:443 www.towns.com tcp
US 216.24.57.4:443 www.towns.com tcp
US 8.8.8.8:53 4.57.24.216.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 api.rdr.towns.com udp
BE 18.239.208.98:443 api.rdr.towns.com tcp
BE 18.239.208.98:443 api.rdr.towns.com tcp
US 8.8.8.8:53 98.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 sdk.rdr.towns.com udp
BE 18.239.208.10:443 sdk.rdr.towns.com tcp
US 8.8.8.8:53 110.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 10.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 data.rdr.towns.com udp
BE 18.239.208.93:443 data.rdr.towns.com tcp
US 8.8.8.8:53 93.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 239.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 hushmail.com udp
US 172.65.90.6:80 hushmail.com tcp
US 172.65.90.6:80 hushmail.com tcp
US 172.65.90.6:443 hushmail.com tcp
US 8.8.8.8:53 www.hushmail.com udp
US 172.65.90.7:443 www.hushmail.com tcp
US 172.65.90.7:443 www.hushmail.com tcp
US 172.65.90.7:443 www.hushmail.com tcp
US 172.65.90.7:443 www.hushmail.com tcp
US 172.65.90.7:443 www.hushmail.com tcp
US 172.65.90.7:443 www.hushmail.com tcp
US 8.8.8.8:53 6.90.65.172.in-addr.arpa udp
US 8.8.8.8:53 7.90.65.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 snap.licdn.com udp
BE 18.239.208.38:443 widget.trustpilot.com tcp
US 8.8.8.8:53 js.hs-scripts.com udp
GB 2.19.252.133:443 snap.licdn.com tcp
US 8.8.8.8:53 script.tapfiliate.com udp
US 104.16.137.209:443 js.hs-scripts.com tcp
BE 18.239.208.96:443 script.tapfiliate.com tcp
US 172.65.90.5:443 www.hushmail.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 38.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 133.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 209.137.16.104.in-addr.arpa udp
US 8.8.8.8:53 5.90.65.172.in-addr.arpa udp
US 8.8.8.8:53 96.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 87.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
GB 142.250.179.227:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 js.hs-analytics.net udp
US 8.8.8.8:53 js.hsleadflows.net udp
US 8.8.8.8:53 js.hubspot.com udp
US 8.8.8.8:53 js.usemessages.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 104.17.175.201:443 js.hs-analytics.net tcp
US 104.16.118.116:443 js.hubspot.com tcp
US 104.18.138.17:443 js.hsleadflows.net tcp
US 104.16.76.142:443 js.usemessages.com tcp
US 8.8.8.8:53 js.hsadspixel.net udp
US 104.17.223.152:443 js.hsadspixel.net tcp
US 8.8.8.8:53 js.hs-banner.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 104.18.40.240:443 js.hs-banner.com tcp
US 8.8.8.8:53 api.hubspot.com udp
US 8.8.8.8:53 cta-service-cms2.hubspot.com udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.179.227:443 www.google.co.uk udp
US 8.8.8.8:53 api.hubapi.com udp
US 104.18.242.108:443 api.hubapi.com tcp
US 8.8.8.8:53 track.hubspot.com udp
US 8.8.8.8:53 perf-na1.hsforms.com udp
US 8.8.8.8:53 forms.hubspot.com udp
US 104.19.175.188:443 perf-na1.hsforms.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 201.175.17.104.in-addr.arpa udp
US 8.8.8.8:53 116.118.16.104.in-addr.arpa udp
US 8.8.8.8:53 17.138.18.104.in-addr.arpa udp
US 8.8.8.8:53 142.76.16.104.in-addr.arpa udp
US 8.8.8.8:53 152.223.17.104.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 108.242.18.104.in-addr.arpa udp
US 8.8.8.8:53 188.175.19.104.in-addr.arpa udp
US 8.8.8.8:53 app.hubspot.com udp
US 8.8.8.8:53 static.hsappstatic.net udp
US 104.17.174.91:443 static.hsappstatic.net tcp
US 104.17.174.91:443 static.hsappstatic.net tcp
US 104.17.174.91:443 static.hsappstatic.net tcp
US 104.17.174.91:443 static.hsappstatic.net tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 exceptions.hubspot.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 91.174.17.104.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 metrics-fe-na1.hubspot.com udp
US 8.8.8.8:53 www.symantec.com udp
US 104.18.37.111:80 www.symantec.com tcp
US 104.18.37.111:443 www.symantec.com tcp
US 8.8.8.8:53 www.broadcom.com udp
US 104.18.37.111:443 www.broadcom.com tcp
US 8.8.8.8:53 openssl.org udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
DE 142.251.9.27:25 alt2.aspmx.l.google.com tcp
US 168.61.222.215:5400 tcp
US 168.61.222.215:5400 tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 smtp.google.com udp
GB 64.233.166.27:25 smtp.google.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 168.61.222.215:5400 tcp
US 8.8.8.8:53 izenpe.com udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 gmail.com udp
US 8.8.8.8:53 alt2.gmail-smtp-in.l.google.com udp
DE 142.251.9.27:25 alt2.gmail-smtp-in.l.google.com tcp
US 168.61.222.215:5400 tcp
CA 216.113.14.106:25 tcp
US 8.8.8.8:53 intercepted.com udp
US 8.8.8.8:53 intercepted.com udp
NL 86.105.245.69:25 intercepted.com tcp
US 168.61.222.215:5400 tcp
US 8.8.8.8:53 primary.com udp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
FI 142.250.150.27:25 alt3.aspmx.l.google.com tcp
US 168.61.222.215:5400 tcp
US 8.8.8.8:53 chrome.com udp
US 8.8.8.8:53 chrome.com udp
US 216.239.32.27:25 chrome.com tcp
US 168.61.222.215:5400 tcp
US 8.8.8.8:53 google.com udp
GB 64.233.166.27:25 smtp.google.com tcp
US 8.8.8.8:53 chromium.org udp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
US 168.61.222.215:5400 tcp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
US 168.61.222.215:5400 tcp
US 8.8.8.8:53 google.com udp
GB 64.233.166.27:25 smtp.google.com tcp
US 168.61.222.215:5400 tcp
US 8.8.8.8:53 android.com udp
US 8.8.8.8:53 aspmx.l.google.com udp
GB 74.125.133.26:25 aspmx.l.google.com tcp
US 168.61.222.215:5400 tcp
US 168.61.222.215:5400 tcp
US 168.61.222.215:5400 tcp
US 168.61.222.215:5400 tcp
US 168.61.222.215:5400 tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 168.61.222.215:5400 tcp
US 168.61.222.215:5400 tcp
US 168.61.222.215:5400 tcp
US 168.61.222.215:5400 tcp
US 168.61.222.215:5400 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d9a93ee5221bd6f61ae818935430ccac
SHA1 f35db7fca9a0204cefc2aef07558802de13f9424
SHA256 a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968
SHA512 b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

\??\pipe\LOCAL\crashpad_4944_JYUBRBJWTDWKYLTQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b9fc751d5fa08ca574eba851a781b900
SHA1 963c71087bd9360fa4aa1f12e84128cd26597af4
SHA256 360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb
SHA512 ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f2c6eb5f2a4c971d80d92e2718824a1
SHA1 f02f3f79c76348867c3be4c6fee669dd48539f10
SHA256 46f8fe94d49330d0e9dd62440323a76748540add56c7014017d1a4b65f3a62ea
SHA512 24a9ee1cc85cb9c9d9d988f5990f334032ddc032f2bfe3914f9002d7f972faa1c74d7d91a0d67ef033b36fc54503697d306aadf637bbb19cc8a580daf9688dcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f9055ea0f42cb1609ff65d5be99750dc
SHA1 6f3a884d348e9f58271ddb0cdf4ee0e29becadd4
SHA256 1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348
SHA512 b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 b3f384059d101e86ccf932b5a8789a39
SHA1 7f88ebec8ef231c1955dbf0db4862bf560acba17
SHA256 66e6f762ff3156e7d57a9c3c3140386163c6102b50acc8e122bf9af8a8ba1919
SHA512 74787b17213708d7539eac45c34f7d18b5617eb820fc4d62240a6c1f5e642f06e0ffcef58e33ff6c530429acf18f56331c6243c8e6dd0c308250c0e44e1f1f83

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 352c2e9d079ed83145230f070c61f4b1
SHA1 6390056fec40a35ba148170c6b651a5311b87485
SHA256 ef6a68d16a6a0932724a2238868f998ea4ac2ab5d4994bbf9387547e46ab61ff
SHA512 ab1408ac5d519134348795b918e9ef93ebb36f5174be53dd40dbce53870352f512876aa9617521b932f1e20dc1ba15d1d9619f39bbf012adceb6042516d1c2dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8518541e96f862e010c810807465443a
SHA1 aad8ef95cbae2592c5589af68fbafb3b637544bb
SHA256 17214a2bc0ebb693cb0f8f55755c870f027a6c0026cc36d01938d9a7432c933d
SHA512 662f8875e58443800a81b86c9353c7b93f78e55ef6794a859c419c2ed520092cfe415ff184ffa477ce75fda9c2a05b1633dcc11d52284dbc25d9e1b969f1a8e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eaa153260cb8861fa47f88f74694e16c
SHA1 e13609e44e77a73bf50aa987187f990e54aa6ecf
SHA256 23a3d1121e282e85e59e36d1289e4769775a631834aaff2e20328ed2db2c48b5
SHA512 741b4ab762bf7426933a589189b080768c39e7ed3fefc958995f8cb4e7ca46741a5b415b2fed8f3fde7415a27a20fd9879379d70d6003e794ff4d4cd749ba27c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 d3412a01d4c3df1df43f94ecd14a889a
SHA1 2900a987c87791c4b64d80e9ce8c8bd26b679c2f
SHA256 dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be
SHA512 7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81bdc442ec71e5c2be2c19d36fbaba5e
SHA1 ba7749752c0af136281b5d43cebe836dd7d01f65
SHA256 7a4ce5a9ed6f2876864ee91d010eb69bb7f1776e2fd7ce2e20b5b476c21c6466
SHA512 6ff64e6a4e1793fdf90edbb5a34b18b50ecafce0459c695649c72e941eb7455d58335e7f1141d06b0a1b13c54dc0c7527ce715dc73a185c9a47fc3c20d5c7c91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c4a5ff598c3e6bed58c4c657ced85ad
SHA1 294ebbaf3ac96ca5222c158ff9f7317031d991bb
SHA256 f8e2c28a09e3ff8fd7fdffd35613df288045f90fc35cc708e50779effc06372e
SHA512 d24d52c695f7b35d63957694de514fb3086df6e867fcce197225fee08f20e09a5859f4a557b090f226d40f738279c74aa9591e0a5506b792a4036043749d9ab6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1193ce3618be8666d5f6d8b5c3f6ee51
SHA1 245f683d46ca74732ba14a160ff6cc5282b14ae0
SHA256 1fab4a52982a092e62648c0663668f4bb8bf01f55d8e90260b8e1c510282dd45
SHA512 921e2c073098fd62a9735fe6f4791b97472d017f9a807ad2b20d6dbbb312f956cc497a2025640aadd2c3b2363373eb6f70e2d150b558940d2e5918205414ee81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a335.TMP

MD5 5c0d4bf6110ac732c02ac4620855cbda
SHA1 005556fbdbdabc9f6fabb0f862406dc4c68da25c
SHA256 07d5692e331b2b57232b016be06a468435c746dfea682d05f8e929df850805cb
SHA512 b5382723fcec0a042baf114cd7b1d379b0b19bda2952ea668e39e81e45843266cf5a09c473db0cfd2370a4781c5c14720194f1ef3095a8a9418b16162d4384ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57abff.TMP

MD5 69555d75ea2c0a13ab012b974360ef1d
SHA1 bab29e52342c27caa7dd730de01cf630e7d0a04e
SHA256 d00f7e4c9917d00b9d2a4f9499e156a0960db66ce8855a46c8edda6b01525f96
SHA512 a174a1a65d9496d6f25905873fd8387e75681ea0f9d8e1ecd2f0f973bf3ea896afcdd5e9bbacc452626dcb11474463a54a8aa9948c6be35c284709fa83df9449

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c5d46dba659247099f0e6b2f0756ac38
SHA1 f5945b0ab6352de7f19afd010ec32836deddd8e5
SHA256 a0ade09691c614b2d74e946e84222a9b046db1b1c32f69e64c497b94c84a4350
SHA512 1f5e74b955b5c845f65d3fe4eaf9a819218e7c21223c5cdf67ea418e173c8c75e46b2127f27c9f3304f2603355307621b6ac74497a41697d219517e2a4eecefa

C:\Users\Admin\Downloads\ConfirmSend.dll

MD5 7d15445438c715a1f0ffca8d34ef220b
SHA1 4aa41a13c16018ee23236bec60897cdaa69cece3
SHA256 9cf195272e8306b67b50a7c31a664cd90059c35ef524afed76ffb49d1050e549
SHA512 5dadde07b6d2a2c5f94f18f8552808ea6f5b916af81d519e9c70395493f59c121552de52b9c8eec3f0aa20781f65661db4c0a311aadf1dcea3c3ea66cd8ab61e

C:\Users\Admin\Downloads\JoinPush.lnk

MD5 99d766dad7883a1bd9e80114419adfa5
SHA1 237e31147204511c9c2cf7cd7cab01da97ac0851
SHA256 b6a672dd8cf9499b1d45eff13558ae7530cdc8d6f5e81700448bda1c5e775deb
SHA512 4005b11bef100706b98b37da685a84d9fea6527b9546ae6937daab36f8b850b70ebd7a04b3053a90453114ae8059b477acd1686722b4ed615a2bbe0467f7d322

C:\Users\Admin\Downloads\SuspendReceive.temp

MD5 809d681e9314172c284851e2bde64411
SHA1 b2e4a1ffc680280b52c84d96a5024c1d20b8d95a
SHA256 59cddab8f6e9fc6d8b27018732952b49c2658bf8445d5ca65131113251d4a8f0
SHA512 ca4e210246cc326a7c46730e3d4673d1860328c0ecc0f686ca997a238eac859267c617657225a61df0a803daab4b3963cdbd89b3299bc9642b5f156b442f0229

C:\Users\Admin\Downloads\AddEdit.emz

MD5 15a43ab68e372101d9b9f0d115d1c228
SHA1 684c1b3ef813f73c1a862529a75a820cdc261cbd
SHA256 9524b97d029d87575b42e74738d93d597219ce189ba110cdfe874ee4fe85ec6f
SHA512 bce4637a77534db6ee108b231d16f44165da3e3898650261bb138104557ceeb7dfbb96094af1d0347d22309d8ec9a7b4bf893eeb4ef1dc3d6a7b3cdc76eeb5ac

C:\Users\Admin\Downloads\TraceUnprotect.vsw

MD5 4231a46a57d2b28c7ef5de166cdf6c08
SHA1 3b152b4a6100b4b0ad951c2886e5a551594ba3c9
SHA256 6750b786d5c299bb4ebb1807818d6d1b8f303ff861d67d2d5296cb78976d7732
SHA512 5e7e6337e536cb23c41788835735d71b7cbe41872194ad7ff5bb0bc83f061d3e55e4497ddb96f6b376ce5384ee2fa7763460a7fdc974bdb64ca1693a5ab8d1fd

C:\Users\Admin\Downloads\CompleteUnprotect.cfg

MD5 d81f2edf9ac00bad7a0e000d686fb317
SHA1 1749e3884f694fc5d140289f564651b716f23132
SHA256 d134740507e2e934ab49b9fec9821f17aae26d3a32ee2f5c961db2182f9ede30
SHA512 3289127eefa792b0296622f475abe7d6bec90584217a98a6b70fd796f678c7275ad7bf6c9ad2dd6ec6902ce5e4d627e14d366638d76797c5ad58fdea9a7aa404

C:\Users\Admin\Downloads\HidePing.jpeg

MD5 6fca7bd575c40f0ebffa8eb448d2189a
SHA1 6902e2a6c3464ce8227b9a3e892b3f88d3c89ea1
SHA256 6dba44bc599ca8273b3fc001dd096c42e23ba3fd20c51faa51a0bf85924adab8
SHA512 f4f0bb16cf1cdfb792740565b799b31d8beedd51d5927921255339b91212842c1f995dd22d9f14f0de95d004fc559ba79edfec64fe2abec08c173ff9d56ace22

C:\Users\Admin\Downloads\DisableCheckpoint.MTS

MD5 71536f424efc614350e107dedf224f0c
SHA1 d04b69f4a2fa0b956211751f01a164863b928101
SHA256 40f046135bf28577cbc8b9567ed523c5a86b51a9e01198182681a76a3f1602d5
SHA512 bd3eda5b37a2d04f5ad3d8adeb29b83adeabcd90487ef37a4b87d9df49f1b5993075609d414277d1e214234c63c102220622b6b0e3b5a0e325f772cd737ee27e

C:\Users\Admin\Downloads\UpdateExport.jfif

MD5 17b72d38b368deae6e8a6b9eb648dd71
SHA1 2dce600ae20ea5c3ca3665ff312a8dedd7bdf71f
SHA256 b7d56f1dfc364f905b57ef6fff276e7e29adf4dd769c454a140184fc7d5b8b14
SHA512 27ed7ecd8126ace4543d8557680930c342a317aa150931c4cf247fc80874b3f4f95a2a134e3edb86425846a1a962debb7c111841b55843ed3ca08ebf04d3ffd9

C:\Users\Admin\Downloads\PushSplit.docx

MD5 e1ddec89a97899da02b6068e226a64db
SHA1 d7b87bde6234bef3557dda4f68e97b4a04df6ea6
SHA256 cbbb6c780243a5428b1642b93d02d8ea522229499926d77d24d36cecae588054
SHA512 078e15f7ca7f5370e75c22fe6fd7c96590122c4c09cbb6ffdde838dc777d8a5ea619597f221f755392a79cc91572015b2a3c2bd79679ede9faaf34187329f5c0

C:\Users\Admin\Downloads\SendNew.m3u

MD5 1f18ff184d53312d9fdc184de1c2931e
SHA1 7612d8adeb987170e0f2de29373d766408ce5b44
SHA256 df923c10e01ecd54bb0418eb5acd121ad3998e18e3cd3cf80ebf95232927155a
SHA512 00c54611e285e15f8473bb640e771e2e3c4dc564944992d137a107cd8569c90927df942f4498563160b2b003f7a224ccff3a85f2be76c9b61dbf472117a47fed

C:\Users\Admin\Downloads\AssertEnter.mpe

MD5 30767084dae915565f4ce9da76f8997c
SHA1 e6bd168796571f188bc22caeebeb3a1a2040d595
SHA256 c5d25506d780c4d9ba2a9d5f179545cd81883d3a99b56fad729d494b0fbb6a19
SHA512 6de7b90dcea3c3a95a71f47602f6c411fe600c02538e31663bd0aef226ae358cfcd9c33faeab4081ddf4752c638131b69a53f0759c1651c9e7151cc4af604837

C:\Users\Admin\Downloads\CheckpointEnter.jpeg

MD5 2f0655ab5647850a41edfc67f63fbbab
SHA1 a8b865fe69d23b5a0258a0b1066c29063f99b2b9
SHA256 9abfaeabe4b3cec943dc5218567e2c064fd49e385999411f05afd683865ce8b6
SHA512 af96ab2814a2942ba58030228294801ca63b44f9ec55e4756f2dff8b24c4fa40cfdd52ecf540f113f5481f017775cc7d653db5784309f52f9659985747ba1875

C:\Users\Admin\Downloads\DisableConvertTo.jtx

MD5 5b1b5ae4fbd084ece75e80cd78f4ee3c
SHA1 90ba05787d3103e8d3e660d7fe710e6c91765215
SHA256 963f78e6ebf64775f7cdbcfb3abcf38ba8f6db859f7679ee137b9b1011ea9891
SHA512 5bbea588584fe9db69cc780eb3d0afb645de23696d8067bbc48a5046b4801edfb99959eaa9a7e9c169325c56f5146b8c515bdb04a53e00d0ac22e07e132a12b4

C:\Users\Admin\Downloads\UnlockRedo.wm

MD5 f342ce53e4779f4f86e085c845ecfa4d
SHA1 55ab9d5516230b6e87d3665d085b78e306cffa39
SHA256 efa8f437547cad7b24498318f7fdd082430c60693e330d468eb41ddc2ac6defc
SHA512 60736bd43ab8b017b524c034ff07a023fb81d267ec0d40db758ae41df94539c4b714d0cdd100e3f267177f0b08671a358b8c4505ef49f650c13f023d1efb1133

C:\Users\Admin\Downloads\FormatConvert.temp

MD5 a029ebec21a713866e54f8d6bb040460
SHA1 43df4c73083925505ef4930ad9f3e1265b624c16
SHA256 aa07807206ccdce496a266417a72b6cc1090e12ad0502f37cf50e4c95deb6e76
SHA512 edf7381d6313565a12d288fba09653a601fd977d2985d973d16924cbf75b73396682d84cb3308a5a3973fc04910d15b137bcbc009e96203079610453caefa755

C:\Users\Admin\Downloads\SendConvertFrom.temp

MD5 5078908e5be05d89f15c0c3621fb0b15
SHA1 d3036bf3e2cae25f25b141113b1687f155d26fc6
SHA256 7f72c6d414fe940fdf6482d99ebd313ddab3effae2703a1eb6d2dd04e6a5fdad
SHA512 0531c998378e30ab4c33139a3818f41ee77c17f34801ec0ccf7f2bc184b7e933672affec335a476741ed57ea9f81e839f512a29f44adebe7a54c2e7d7a0c8f14

C:\Users\Admin\Downloads\SaveOptimize.wmx

MD5 fd15a4ffd32a5f50e3ff2be186251c26
SHA1 b146c573719e80ded65f262dc00888218036d4d9
SHA256 0a794b66d03e42534d01ea9c861a107261ec0c6548b363a21e23735ebe5c0e33
SHA512 a85d1cf362b2d06c1f55b4a9c652d2ef301d00a2c51921b645a6a8941abbc5cd919779476de581cd43a47e9ce965bd5ecdaefcc4aca1ecf558530b03f671e2e3

C:\Users\Admin\Downloads\CloseSearch.vsx

MD5 b2395ea672bf6c5e0bd67e75a15baac8
SHA1 237f023f90d76cbf633a2ae008c581a282df075a
SHA256 c548ec5eecc1553d89c84bb15c123c5655811f232e509ae549b5447255e0acc8
SHA512 6229c82cc60f09730181c0f4cd9ec12a5d8e93cd6824b84c204c7b5b6049cad7560ce1942d8398d2489ea0dc4b7ade306a2ba8d8d58cbd0b9d443063a91daafa

C:\Users\Admin\Downloads\ReceiveBackup.tiff

MD5 178a44489dcb5cabea13e5d4debddffd
SHA1 1d9046e4a318bebb52f9b883478277623388a29d
SHA256 20d95c8d696ebc25a345d9b5d851af91b07e70888d648cebb7c51aa66f01248f
SHA512 b914a9fdb52b365e3be236f091c1ac1c76cba37fc5fe0261039110e087028158ad5a11316ffbe56077142f47b388357f0a06d90c8570a132cf8254b990c6a503

C:\Users\Admin\Downloads\BlockSubmit.dotx

MD5 eef9dca59d4f87133fbfd1ba493847d0
SHA1 76254421b4d718a2c303a7a012723fc38b9fbc61
SHA256 f31af155d09eeedcb398907284d442d18e881fbc68b135d9bbff592e29f96c09
SHA512 c6fee4acbef7f96d17d8582fa8e2e08613a2ec87b6b36a482919046dd1bd6065d729e1c7ce22b49f3146afab89720e445ab39d11c74a41b28fa6e1a716c496b1

C:\Users\Admin\Downloads\StepUpdate.bat

MD5 10e2a5f0ceee1072a6c9d56fa0fcba21
SHA1 02775d3daa05a5d6c6a3355a19bc64c5040cab12
SHA256 deb09817d2c5287d1f796d848cb6e689b29a8dff7c5814bbab566c66899261f6
SHA512 15d6f4d476dbf5b4cfdc2b1d43a70a664469d78b782b66601bd1adf447f2ddb2f99938eb537d3acf30eefdf94f453929d15c68b77a8a9319925917e70d5cc148

C:\Users\Admin\Downloads\ApproveWrite.mpg

MD5 971e24bba5f3ab0b3936ed68d1b93d08
SHA1 5c803e4160fcda33638fd9e02ce7c04edd7a7d8f
SHA256 6256d18f901d3510765fff2937948c12fc7e3e5a5840aeda8953fb3ebfc7fdee
SHA512 58f04e4e44650e37b1cf4d8d2656eb0ab99093af3517d1eaf3f6a99340574e0fc95b86fec8e07951125b5f5254d84a8d93d10f827f43cfd3644a1b87916ccc62

C:\Users\Admin\Downloads\ConfirmWatch.crw

MD5 0d80208cdabb5d6023fac5247b3819bb
SHA1 47604c3f0e692dad02ac662dd073e60299de3061
SHA256 06555116e11cba803c03b5e714341bcaa9f84277ce32ec77a3fba69f90e2ea68
SHA512 41793d8488ab0c3c5d340efef3c819e1a36589d2bb375a6f2f2033e6e5c31d9d0902729113c45482a25cbfe2e3e434945a83216b8256d6e3fc9372f22f97bfe1

C:\Users\Admin\Downloads\ResumeOptimize.vsx

MD5 17fbdb240f050dcc7661b6125081d355
SHA1 9b4d3e2cabd2117e7dc8a653bd0df3a0f0295d1e
SHA256 a8459950bd019799be428c98bfa1bf4ced096b9e70bb0ec02c3d04bce83f7031
SHA512 f4dfcb5d38e79bdeefbc9ebcff58811040335b322afc5c85b8296cea96accf274b11fd03da58670ddf32f8aa17e53a7ca203aece55fef54ebae55c042bfa39fe

C:\Users\Admin\Downloads\LimitPublish.xsl

MD5 f373e7790b4acac450569d773e95ef7e
SHA1 130e7cbd9c69556dd83c58f61fb28247a05b2ab0
SHA256 0e987b09e202ddff5cb1ab6f57de692540d7f859d8fb77f973c226bb4f72946c
SHA512 b2f74c1cafa444fd683a640332f5fee42ed9f7e847f7f5e128fa769798c3efda07d3d8434686585c5ae52e721303040dd6872e2dcd4607e3a59244d11725d412

C:\Users\Admin\Downloads\FindUnblock.odt

MD5 c728d77cc432c96dcf77ff97bd5b9b6f
SHA1 e56b896f4a7022c17910bbd850844682b8a9e54f
SHA256 c57e88f49e6e37a6325e27e91d4e57dd43bb2941467464d267b677f1ebf5a823
SHA512 f41f1612d0aff96d77a500a712e60fa7a54a4b55e7da7c038dc705a4ef7c562d7ae0c3d7b157eabb70fdfb94fb32c7d6d2b1247270e60928f8b2981e7878f2e6

C:\Users\Admin\Downloads\LimitMove.wmv

MD5 b11529f5e32147742eb8b89d3c680a47
SHA1 bf970103291028e36d91c09d77c4671ecc8cbe72
SHA256 c403551d454f82425d22c8cbfb91048783014cdb33cd6e47d73ca591673536c5
SHA512 e0645f8abb7edf420055f171dbbda386e0323de6734aa4e74abad4130b8584c1dfad48d358b4fd3573828cde2a2db0fc377f9dd95e7afb22d67b3948f0f41f45

C:\Users\Admin\Downloads\CompareUnblock.mpeg

MD5 f81d8f6c553d4112a5a81b9e5bc7fc33
SHA1 d5ee6b4d4fe728bcca55a59faddf346be9fff9fe
SHA256 c326a1b3bb2ca92ae2dc7e3761798f37124ef51a4aa44e412e806882cd16927c
SHA512 0f7d83289e31f32e8ad7e758e5ee0248d56222dc09d0f9f5b1331fb8c2796ba5febbc0705581eb4d63713abcb65a02ebb2d2f0c4041e1a9f6df650183cfe7a83

C:\Users\Admin\Downloads\ResetPing.ram

MD5 931dc9c634b255139293200bbcca549a
SHA1 66890cfb0e16a918e435676d3868f7c9d66c6be8
SHA256 db9e2e0bf80a8e314f820d2f5cf7e3f8b4dedaccf45ef1276c3f74301c7774f9
SHA512 f067b458bf0c4d7d09d362d2f78523a507e52ef9b8248e550eea56577677e2ca434a2945c7be3e1ccb49c1a751667b095f0f8912e9c366e34b707ef62a90d2e4

C:\Users\Admin\Downloads\SetBlock.sql

MD5 40f62f4a5758f495f81dee8247954832
SHA1 db26a509aeea3a072cc923688cff3ca7501aa4ad
SHA256 92301b1601c54d82ad2309419767ca3fbd7fd1465fc3bbbec81ca792bbb76aa6
SHA512 84efd59107d62923b7a10d374fca6d7a5597d34cce7d2bb9e922f51c973ea722832c25b294a5a2c50081fd98670052062566b2e39f7454cacb1bd591d66e2647

C:\Users\Admin\Downloads\CompleteBackup.tiff

MD5 3958aa5737d2efd3934f4cf0263d4ba0
SHA1 9b64798c14b563b2a06f1e9d8cd8f90bd33f00b4
SHA256 858ddee092bd07f48a74bc8e3b9bcba97aa503a82743bc46c1c70db509d8b699
SHA512 84696d2d23595c748277160b4dff0dfebb81466a8af0c6c7edc2f7e32f9ea2a50816839e9201ba33f412d4fb67ee7e59ba248f2743d577ea74706aee1b2e3573

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5863f5.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b6f48b29-add0-4cf1-81a2-cfc5ef660b49.tmp

MD5 a6d346f58cbec0a6e4015327b25f1537
SHA1 750056e65a8b1c20b1a6051f5adcdf35821a6ac1
SHA256 1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56
SHA512 74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2061f7f8995a481e9d779a7d07d8e403
SHA1 0011710c44ec76fd5d75a1b91bcc4a3775f5da2d
SHA256 c29bba01ebdc26ae67e3427b0535fa84483b1378f2200e5f658c65c83e1d717a
SHA512 1411e940b141c3a31ce660f15f07b55614206ee4a7593aa49bcfb205260c17831b06c5fe26d9a5e7160c7c18a64cfd9b63c14097d67575db3cf247d63d41cbdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa191513248e7364ef27083b16258eb7
SHA1 00d107907913ab4929b7661acafd8daefaca4ec9
SHA256 0c7866095c62d1f1b2452784d917c575bfce84f94ef48c2d49babf5ab4b62013
SHA512 1a0ded880e9f3d53f14bede434349472072c29a7bf0409cca327565aaa2da54769b800f8bff5c91b1151896cdeeb47b9558deb5e5d1e7071c596ec9a3f047d65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a0600a89e430e86cae72f09145d451dd
SHA1 bd547e636639db73c09774af58a8ff5c25b3e605
SHA256 caf1e5f3957efca012618f13e5ad6ebce3b348070f9ef5ae3016ac24b25db279
SHA512 29d8f2ed970e8a2c220d872425faed4b4177fd7f5365cd4ab20442588f49bdd661949f053c8f9d06cdbf0dfac4a714fc6e7dd25eff77bce6e923a9f4360ce78a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 070799389fd916292a9e75a0156bf3e8
SHA1 b2728bc415651002e01d2f846d9e4c2ff7f32f14
SHA256 e6579b1e0902f5ed9d10d4ebc894f9792b5c2bffa9d6a7ecef41bd00668fefd5
SHA512 75709e527cbb6ba5d57c4ef51d4d8cb7a48d2355781c4c84d7ce4f7ff8f2f2848ce90b368b2029931316c1504aa72625624b3af5524190a58ee9f3094623a142

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7d5cc10ce2c3ddc5b4e043d56f21460a
SHA1 2bee1497c3a61001aa721c0f113f464e4085f05c
SHA256 0fefefdc5b0d3b78ebbf3d8b6018fe029f3aab85017fc3878c733db0faa56fd3
SHA512 6368b99962381c14e4b0e650aae74699d0a914acf8ae9cfde737b7c812d8de708ea3fc726b691575ec6826dca3e1a06753f2de99708184fb5b017a21f6d915e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f1d1858c8c5ec7d755729a1fcc709dd
SHA1 03372dc0d744e237975ea0773c309b3ba8b8ba1a
SHA256 10a53d6552a66d57fa16a997b82ed9762c5b53a4748d255fe344adfcafd7a3e2
SHA512 8fb73405e9cd2ab4c6e8121526c3b5ff0936292eee39003e19995d11db8d5afb676be42fb7bddae79c915f5b1eccc9e35b1f159c2a9f39e4f601f259e9746093

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5f9f3eb7e661d2337aa709bfb5a37b10
SHA1 1e71c022a18a7a5962d71419d41be88059eb6cbc
SHA256 139d240e3a4f5a129f2fa427edc77db7640b67cd84818bfab98c55bb1c73ba80
SHA512 7c03d2b5aba6e9dcd4b438ab93cf429a99529fb1fb4d122d6b3e9b2713ff9f7b79c24a0dc0a496726467fdf744ad63230c862f4c98e3706473fee1de7906fc29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2d73861268bcb45d896e7ccb0fd60442
SHA1 bbf6d6cfe7cf4a0920ee81e95cc1c9f3c19c2d76
SHA256 b00fa7c7f9aec3f8f670f6bc22829e416c993051099b5652d9464db2e6a2cb79
SHA512 00400a32d4bb931aaa63e0664d079438a75c411125ff459968fe80ee287b3b4c73339b04fbf18b9342b00edda2b49d157b5d9ad9b1fbdc43f16eeeb43edd02c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 831fe2af47b18da1a29e6bfc17796484
SHA1 a8ebf01e0b329d65012506994f8682a99f9287e7
SHA256 aedc80665242d69b0518ffb0b787617f90a24ffc67cf8587abd9326af4c5305e
SHA512 e0f08017a1555ea5d07d74bfc3576ae7de2065b68ba22b83573e25607effa078fb080c422730e656847f7bcea3bf5187ad59a5176db212dcbd3fc31689a458b9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e8d934d57cf673b256f5e879f28bdad1
SHA1 c5057ae13d0cd254e0e248abf4ae6dc13fa584c3
SHA256 a2ea4d695c24150d0c89bdab4431e6da645c904eb3bc7871c2f555024212a686
SHA512 1bdad654d1dc3109ee0f3e887f2301547e20bd640f285a16dc788c4cd2ffcea736c3c85be06835046c026a397d5c93300e151c69778f956d6aa28e6beb421127

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cca661ad2bd4863f4225e8e4b73bb32f
SHA1 39b520f7f4dce9ac8c6e0107baa118e4fd512b72
SHA256 86fc1573bc136a0989bdf16db949b1770c160f151fb0477bde36a20265dbe730
SHA512 16b69ba8b72afadbf3d6952e58613949ee304275a6b35e60b25b5c1cd7d0fc44da330509b2fa0641457fe1d7a89f9512090a57aea917a17bf9016df162c55d3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ff24f1d574f84ea525223469c8abd070
SHA1 5a3dbfa55e86b81c782047449835b9f71db9e370
SHA256 d4c8dea42a5f93827f1eaa97ca69d6a5abfca08bffc84b86008ced01f869502a
SHA512 e9eb4d854b4aa3f01eeecf620eb717fedefc810b0181e8d6779785bf05503e8e2f606f66bafdd4e9b3242acd7dec1df726d07b537d65eb6558306ec72203f6b0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 79e3d17cece46d64a3eda390981f1ef4
SHA1 cecb80d2bb84c4cde1147128cc1204175f7a71ec
SHA256 8a21900e609e66aea7e3c04aee28a6b5e6e201933dfa1ebd4ba738b71f32d21f
SHA512 6aa17ba04f15d7b726c432416eb96affd34a64c44a59a3c82665778a76298dafa2f03a9a1f99a7c6fe971f0f0cd835f80ad4083b6a20c81e60080f8f1cd9be72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ad6028a386cb576176edcc759d9a859e
SHA1 cc030e8fa9779eb43c68d1667016aee0ddd98d9e
SHA256 7c50775144327db3a09cc1b497f3ac5c1a7ab0e200b82385ecb441cf0c25f5b4
SHA512 5fe56c4ad9ca7b123bb498bb3d5003b02363977ae4da278c6c3c723a1cdc1635ab22c0500456761c0569115e2ad1b5680edbcf4f572899e43a68903e204bcbf2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b3ce6.TMP

MD5 018faef385ccc44a2770a549b4c1abe8
SHA1 ce3c55f23568003015755a036fc1c70dd8d41805
SHA256 27ecb8ed8cd4ac05123f1c49383ac769d405124db3861601f64fa99c83bfbcad
SHA512 0c878befcac0de02dbdcb08cc25eb89e5011b1c6d0ac866f4b7e36c5a59f6dfad708f9f0a519eedd402752421c589396ca6de88dad0cba12cc3ff28d0140d0d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ef4bfa69a3ddbe15533488843f0a5ea2
SHA1 9330077849401a6ac6123ea4bd24a7583529ce15
SHA256 1893da374854716432f689dba849f4e167c2b8de0dbd87ec93ecef05cd491fc6
SHA512 b6c8d5c548321a02466cfccf7cd1e85fa7c3e5a9928a53b01976ce5c351af89095211b8c358cbfa8891d8d7ebc18640406af103b84f687104ccfa9d5de34f071

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 64b2a9a47fa311c659e40cad9b6093b9
SHA1 3bd82269f9b5b3e9a890a961e6d42dcdf2b22253
SHA256 0967883b641c4d806a7b777c0cd609099c3aeaff4200fa9491e2a48bf74cd636
SHA512 d006274d3a4d60355df8bbc61b0bcd48adaf8f7ffe72d953388745511952fcd773e0d95483231625b3ca7972c746d27a173ae80ec2a72e9cf69009b26924ce46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e2b062d4c84a37afbb330d108cccf8e6
SHA1 6c669b78c2735665db64a1614b59794b93d1dd36
SHA256 5b3486d63828f7f6866f24273d2f9ab236120c6d852c04d35c248d97e9b55d69
SHA512 3447bc6d4d0e0207a74204c36866b83d53053d816d6baa7a93003c6438960912f3886796da91c49c4fcf6520624a6575ed070697d96792309fda0a8fdb86853d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bb77a2ea36f270f8b327a760b5bf7dd5
SHA1 f82d9ae7c2cd4b001773b7a64ae19abf395efe57
SHA256 b8afa45e88b185b7fead8fc071650b1b64c4a386c12893c2e3ef65109e04a385
SHA512 a4ca4841d34142abd9c68a26acf99c2a6483c0170a6e3bb7fe2443903db3f217609a52d915681b872cd84c921f314e4368a3cc543d37ac50161e21e0a606c52f

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Walker.com

MD5 93ceffafe7bb69ec3f9b4a90908ece46
SHA1 14c85fa8930f8bfbe1f9102a10f4b03d24a16d02
SHA256 b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07
SHA512 c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\VanToM-Rat.bat

MD5 3d4e3f149f3d0cdfe76bf8b235742c97
SHA1 0e0e34b5fd8c15547ca98027e49b1dcf37146d95
SHA256 b15c7cf9097195fb5426d4028fd2f6352325400beb1e32431395393910e0b10a
SHA512 8c9d2a506135431adcfd35446b69b20fe12f39c0694f1464c534a6bf01ebc5f815c948783508e06b14ff4cc33f44e220122bf2a42d2e97afa646b714a88addff

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\README.md

MD5 da53941085b635d68bba6cfd5ec25b41
SHA1 3a1fad738f5576ad8eeebaaad7f85aea1110136c
SHA256 f14b23fe8a5835b3451b2c099ae01afc77aa8a84067621cc80b31fcb5b827a32
SHA512 c3f2be04c0c805260372174d57db68e94039a6657c7b2ddd8c71cf07c7bbfbb6b4065beb037956b574f413a268461d7a551109c9cd2fc39113d54b13e6637556

memory/5772-801-0x0000000000EF0000-0x000000000149C000-memory.dmp

memory/5772-802-0x0000000006480000-0x0000000006A26000-memory.dmp

memory/5772-803-0x0000000005ED0000-0x0000000005F62000-memory.dmp

memory/1888-815-0x0000000000400000-0x00000000004DD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.ini

MD5 dbfea325d1e00a904309a682051778ad
SHA1 525562934d0866f2ba90b3c25ea005c8c5f1e9fb
SHA256 15a3a3303b4a77272ddb04454333a4c06aa2a113f210ba4a03314026e0821e6d
SHA512 cd853c67c2b1a44c3f592ff42d207b2251e8b9bc1eb22fc12cd710329069ef75abffccd169418c4f9bd008a40f2fbbfc6904519f27fd658f316309f94b8ff59c

memory/4764-827-0x0000000000400000-0x000000000084A000-memory.dmp

memory/560-832-0x0000000000400000-0x00000000004DD000-memory.dmp

memory/1136-835-0x0000000000400000-0x000000000084A000-memory.dmp

memory/2812-840-0x0000000000400000-0x00000000004DD000-memory.dmp

memory/3520-843-0x0000000000400000-0x000000000084A000-memory.dmp

memory/5056-850-0x0000000000400000-0x00000000004DD000-memory.dmp

memory/2164-853-0x0000000000400000-0x000000000084A000-memory.dmp

memory/4768-854-0x0000000000400000-0x000000000044F000-memory.dmp

memory/2820-860-0x0000000000400000-0x00000000004DD000-memory.dmp

memory/4772-869-0x0000000000400000-0x00000000004DD000-memory.dmp

memory/3232-866-0x0000000000400000-0x0000000000415000-memory.dmp

memory/4768-872-0x0000000000400000-0x000000000044F000-memory.dmp

memory/636-875-0x0000000000400000-0x000000000084A000-memory.dmp

memory/3232-877-0x0000000000400000-0x0000000000415000-memory.dmp

memory/5224-884-0x0000000000400000-0x00000000004DD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res

MD5 45d02203801ec5cae86ed0a68727b0fa
SHA1 1b22a6df3fc0ef23c6c5312c937db7c8c0df6703
SHA256 5e743f477333066c29c3742cc8f9f64a8cb9c54b71dbc8c69af5025d31f8c121
SHA512 8da0bf59066223aab96595c9fbf8532baa34f1f9c2c0dee674d310a82677b6c7d6a1cc0bbaa75262b986d2b805b049ec3a2bfb25a9ae30fe6d02e32660f15e83

memory/5252-887-0x0000000000400000-0x000000000084A000-memory.dmp

memory/6088-892-0x0000000000400000-0x00000000004DD000-memory.dmp

memory/6108-895-0x0000000000400000-0x000000000084A000-memory.dmp

memory/4740-900-0x0000000000400000-0x00000000004DD000-memory.dmp

memory/2844-903-0x0000000000400000-0x000000000084A000-memory.dmp

memory/4428-908-0x0000000000400000-0x00000000004DD000-memory.dmp

memory/1612-911-0x0000000000400000-0x000000000084A000-memory.dmp

memory/1692-916-0x0000000000400000-0x00000000004DD000-memory.dmp

memory/3224-917-0x0000000000400000-0x0000000000471000-memory.dmp

memory/5720-920-0x0000000000400000-0x000000000084A000-memory.dmp

memory/5184-933-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3224-947-0x0000000000400000-0x0000000000471000-memory.dmp

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\msg\m_french.wnry

MD5 4e57113a6bf6b88fdd32782a4a381274
SHA1 0fccbc91f0f94453d91670c6794f71348711061d
SHA256 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

memory/4980-982-0x00000000006E0000-0x0000000000736000-memory.dmp

memory/4980-987-0x0000000005360000-0x0000000005368000-memory.dmp

memory/5512-992-0x0000000010000000-0x0000000010010000-memory.dmp

memory/4980-997-0x0000000005EB0000-0x0000000005F4C000-memory.dmp

memory/4980-998-0x0000000005E10000-0x0000000005E38000-memory.dmp

memory/548-1008-0x0000000000400000-0x0000000000553000-memory.dmp

memory/548-1009-0x0000000000400000-0x0000000000553000-memory.dmp

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\@[email protected]

MD5 7e6b6da7c61fcb66f3f30166871def5b
SHA1 00f699cf9bbc0308f6e101283eca15a7c566d4f9
SHA256 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e
SHA512 e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

memory/5184-1152-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5844-1763-0x0000000000400000-0x0000000000407200-memory.dmp

memory/3224-1762-0x0000000000400000-0x0000000000471000-memory.dmp

memory/4880-1821-0x0000000000400000-0x000000000040E000-memory.dmp

memory/3132-1889-0x0000000000830000-0x000000000083E000-memory.dmp

memory/4880-2276-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2248-2282-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2248-2281-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2248-2284-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2248-2285-0x0000000000400000-0x000000000041B000-memory.dmp

memory/5184-2286-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3224-2295-0x0000000000400000-0x0000000000471000-memory.dmp

memory/5840-2296-0x0000000000400000-0x000000000046D000-memory.dmp

C:\Users\Admin\AppData\Roaming\US726-48XGT-XTXTX-HTXXT-AYYYY.KEY

MD5 bcf6b4905f02a1cb93b64888692615a3
SHA1 3ba43dbb3adbf7417a0746961e0b47d827e088d7
SHA256 886dba6992f4b7a8ac2fa15ae6f2c82ee2ced8b1a75da386eaf1cea9aa12558f
SHA512 1e116663343abd59ce424a5a70f42ac654dcefc3d7de203c572464ba692b1a59def575412e70b5aae55e9ed183e015c4c8a4405b8243633f9651da8a0ee6a3e7

memory/5184-2337-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3224-2354-0x0000000000400000-0x0000000000471000-memory.dmp

memory/5840-2355-0x0000000000400000-0x000000000046D000-memory.dmp

memory/5184-2357-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5844-2360-0x0000000000400000-0x0000000000407200-memory.dmp

memory/5840-2362-0x0000000000400000-0x000000000046D000-memory.dmp

memory/5840-2365-0x0000000000400000-0x000000000046D000-memory.dmp

memory/5840-2370-0x0000000000400000-0x000000000046D000-memory.dmp

memory/3224-2372-0x0000000000400000-0x0000000000471000-memory.dmp

memory/5840-2373-0x0000000000400000-0x000000000046D000-memory.dmp

memory/5184-2374-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5840-2377-0x0000000000400000-0x000000000046D000-memory.dmp